#ssh — Public Fediverse posts

Por si alguien se ha instalado @forgejo y utiliza #Pangolin para acceder al servicio, si además quieres hacer un “git push” por #SSH en vez de #HTTPS, aquí hay un artículo que explica muy bien cómo crear un recurso #TCP: https://digitalquint.click/posts/accessing-forgejo-pangolin/. Pero es importante, que si en vuestro #Hosting tenéis un #Firewall (cortafuegos), abráis el puerto asignado al acceso SSH. (1/2)

nui-sftp, client SSH e SFTP open source con sincronizzazione cartelle, shell integrate e interfaccia desktop moderna #opensource #linux #ssh #sftp #cpp #desktopapp #sysadmin #filetransfer #software

https://www.linuxeasy.org/nui-sftp-ssh-singola-interfaccia-desktop-moderna/?utm_source=mastodon&utm_medium=jetpack_social

In questo video vediamo cos’è il port knocking e come può essere usato per proteggere l’accesso SSH a un server GNU/Linux quando non si dispone di un indirizzo IP fisso da autorizzare nel firewall.

https://youtu.be/ZbGDiJv5E44

#linux #sicurezza #ssh #unoLinux @linux @sicurezza

Ganz einfaches #Backup mit neuem #SSH-Agenten | #Libre #Workspace #Administration.

#LinuxGuidesAdmin

@LinuxGuidesAdmin

https://youtube.com/watch?v=9I4aF8btz7g

Headless setup not reachable by SSH #boot #server #ssh #headless

https://askubuntu.com/q/1566715/612

Headless setup not reachable by SSH #boot #server #ssh #headless

https://askubuntu.com/q/1566715/612

Headless setup not reachable by SSH #boot #server #ssh #headless

https://askubuntu.com/q/1566715/612

Headless setup not reachable by SSH #boot #server #ssh #headless

https://askubuntu.com/q/1566715/612

Headless setup not reachable by SSH #boot #server #ssh #headless

https://askubuntu.com/q/1566715/612

I Left Port 22 Open for 54 Days - An #SSH #Honeypot Study.

+269.300 connections made by +7.550 unique IP's.

https://arman-bd.hashnode.dev/i-left-port-22-open-on-the-internet-for-54-days-here-s-who-showed-up

#cybersecurity #security

Überall per SSH erreichbar mit TOR

https://friendica.ambag.es/display/e0590d38-326a-0309-882d-75d721244053

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

Two distinct threat campaigns, SHADOW-AETHER-040 and SHADOW-AETHER-064, have been identified targeting government entities and financial organizations across Latin America using agentic artificial intelligence to conduct cyber intrusions. SHADOW-AETHER-040, a Spanish-speaking group, compromised six government entities in Mexico between December 2025 and January 2026, while SHADOW-AETHER-064, operating in Portuguese, targeted Brazilian financial institutions starting in April 2026. Both campaigns established SOCKS5 tunnels via ProxyChains and SSH, enabling AI agents to execute commands directly within victim networks. The AI agents dynamically generated hacking tools and scripts on-demand, reducing detection by signature-based security solutions. Despite tactical similarities including shared toolsets like Chisel, Neo-reGeorg, CrackMapExec, and Impacket, the campaigns appear to be separate entities distinguished primarily by language. These operations represent emerging cases of AI agents executing complete...

Pulse ID: 6a02ea171e7005022d5c8a6f
Pulse Link: https://otx.alienvault.com/pulse/6a02ea171e7005022d5c8a6f
Pulse Author: AlienVault
Created: 2026-05-12 08:51:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Brazil #CyberSecurity #Government #InfoSec #LatinAmerica #Mexico #OTX #OpenThreatExchange #Proxy #RAT #SSH #bot #socks5 #AlienVault

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

Two distinct threat campaigns, SHADOW-AETHER-040 and SHADOW-AETHER-064, have been identified targeting government entities and financial organizations across Latin America using agentic artificial intelligence to conduct cyber intrusions. SHADOW-AETHER-040, a Spanish-speaking group, compromised six government entities in Mexico between December 2025 and January 2026, while SHADOW-AETHER-064, operating in Portuguese, targeted Brazilian financial institutions starting in April 2026. Both campaigns established SOCKS5 tunnels via ProxyChains and SSH, enabling AI agents to execute commands directly within victim networks. The AI agents dynamically generated hacking tools and scripts on-demand, reducing detection by signature-based security solutions. Despite tactical similarities including shared toolsets like Chisel, Neo-reGeorg, CrackMapExec, and Impacket, the campaigns appear to be separate entities distinguished primarily by language. These operations represent emerging cases of AI agents executing complete...

Pulse ID: 6a02ea171e7005022d5c8a6f
Pulse Link: https://otx.alienvault.com/pulse/6a02ea171e7005022d5c8a6f
Pulse Author: AlienVault
Created: 2026-05-12 08:51:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Brazil #CyberSecurity #Government #InfoSec #LatinAmerica #Mexico #OTX #OpenThreatExchange #Proxy #RAT #SSH #bot #socks5 #AlienVault

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

Two distinct threat campaigns, SHADOW-AETHER-040 and SHADOW-AETHER-064, have been identified targeting government entities and financial organizations across Latin America using agentic artificial intelligence to conduct cyber intrusions. SHADOW-AETHER-040, a Spanish-speaking group, compromised six government entities in Mexico between December 2025 and January 2026, while SHADOW-AETHER-064, operating in Portuguese, targeted Brazilian financial institutions starting in April 2026. Both campaigns established SOCKS5 tunnels via ProxyChains and SSH, enabling AI agents to execute commands directly within victim networks. The AI agents dynamically generated hacking tools and scripts on-demand, reducing detection by signature-based security solutions. Despite tactical similarities including shared toolsets like Chisel, Neo-reGeorg, CrackMapExec, and Impacket, the campaigns appear to be separate entities distinguished primarily by language. These operations represent emerging cases of AI agents executing complete...

Pulse ID: 6a02ea171e7005022d5c8a6f
Pulse Link: https://otx.alienvault.com/pulse/6a02ea171e7005022d5c8a6f
Pulse Author: AlienVault
Created: 2026-05-12 08:51:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Brazil #CyberSecurity #Government #InfoSec #LatinAmerica #Mexico #OTX #OpenThreatExchange #Proxy #RAT #SSH #bot #socks5 #AlienVault

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

Two distinct threat campaigns, SHADOW-AETHER-040 and SHADOW-AETHER-064, have been identified targeting government entities and financial organizations across Latin America using agentic artificial intelligence to conduct cyber intrusions. SHADOW-AETHER-040, a Spanish-speaking group, compromised six government entities in Mexico between December 2025 and January 2026, while SHADOW-AETHER-064, operating in Portuguese, targeted Brazilian financial institutions starting in April 2026. Both campaigns established SOCKS5 tunnels via ProxyChains and SSH, enabling AI agents to execute commands directly within victim networks. The AI agents dynamically generated hacking tools and scripts on-demand, reducing detection by signature-based security solutions. Despite tactical similarities including shared toolsets like Chisel, Neo-reGeorg, CrackMapExec, and Impacket, the campaigns appear to be separate entities distinguished primarily by language. These operations represent emerging cases of AI agents executing complete...

Pulse ID: 6a02ea171e7005022d5c8a6f
Pulse Link: https://otx.alienvault.com/pulse/6a02ea171e7005022d5c8a6f
Pulse Author: AlienVault
Created: 2026-05-12 08:51:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Brazil #CyberSecurity #Government #InfoSec #LatinAmerica #Mexico #OTX #OpenThreatExchange #Proxy #RAT #SSH #bot #socks5 #AlienVault

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

Two distinct threat campaigns, SHADOW-AETHER-040 and SHADOW-AETHER-064, have been identified targeting government entities and financial organizations across Latin America using agentic artificial intelligence to conduct cyber intrusions. SHADOW-AETHER-040, a Spanish-speaking group, compromised six government entities in Mexico between December 2025 and January 2026, while SHADOW-AETHER-064, operating in Portuguese, targeted Brazilian financial institutions starting in April 2026. Both campaigns established SOCKS5 tunnels via ProxyChains and SSH, enabling AI agents to execute commands directly within victim networks. The AI agents dynamically generated hacking tools and scripts on-demand, reducing detection by signature-based security solutions. Despite tactical similarities including shared toolsets like Chisel, Neo-reGeorg, CrackMapExec, and Impacket, the campaigns appear to be separate entities distinguished primarily by language. These operations represent emerging cases of AI agents executing complete...

Pulse ID: 6a02ea171e7005022d5c8a6f
Pulse Link: https://otx.alienvault.com/pulse/6a02ea171e7005022d5c8a6f
Pulse Author: AlienVault
Created: 2026-05-12 08:51:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Brazil #CyberSecurity #Government #InfoSec #LatinAmerica #Mexico #OTX #OpenThreatExchange #Proxy #RAT #SSH #bot #socks5 #AlienVault

#Development #Findings
I left port 22 open for 54 days · What an open SSH honeypot revealed https://ilo.im/16cte0

_____
#Study #SSH #Honeypot #Passwords #Vulnerability #Security #Server #DevOps #WebDev #Backend

Update. Alan Colin-Arce has written an excellent slide deck on multilingual publishing in the humanities and social sciences.
https://sisu.ut.ee/wp-content/uploads/sites/903/Humanities-and-SS-Commons.pdf

#Multilingualism #MultilingualResearch #ScholComm #SSH

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

Pulse ID: 6a019c5f0a3344d92c4302a3
Pulse Link: https://otx.alienvault.com/pulse/6a019c5f0a3344d92c4302a3
Pulse Author: AlienVault
Created: 2026-05-11 09:07:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #BankingTrojan #CyberSecurity #Endpoint #France #InfoSec #Italy #Malware #OTX #OpenThreatExchange #Phishing #Proxy #RAT #RCE #SMS #SSH #Trojan #bot #socks5 #AlienVault

TLSS или portable pki service в кармане

Сегодня я бы хотел рассказать о небольшом проекте, который тянется немного, немало, около двух лет. Я назвал его TLSS, или TLS Service — карманный pki сервис.

https://habr.com/ru/articles/1033704/

#tls #pki #ssl #сертификаты #ssh

My simple and quite effective way to stop SSH bot network attacks on my VPS:
1. PubkeyAuthentication only (no passwords)
2. MaxAuthTries 1 or 2
3. Move sshd off port 22

That last one alone drops auth attempts on my servers to essentially zero.

#ssh #selfhosting #linux #infosec #vps

Stop MitM on the first SSH connection, on any VPS or cloud provider

https://www.joachimschipper.nl/Stop%20MITM%20on%20the%20first%20SSH%20connection,%20on%20any%20VPS%20or%20cloud%20provider.html

#HackerNews #SSH #MitM #Security #VPS #CloudProvider #Cybersecurity

@RuntimeArguments @jammcq @YesJustWolf

You touched on the -R flag briefly. I've used it, but I don't recall it for the purpose you mentioned.

I need to check out using certificates.

I didn't know about password managers being ssh key agents. Another thing to check out, as I use a few 😀

I also didn't know about ssh-import-id-gh, which doesn't appear to be part of any package in the Fedora repos.

A better episode than I expected given my long use of #SSH.

2/2

@RuntimeArguments @jammcq @YesJustWolf

I've been a #UNIX user since 1984, and spent my working life developing flavors of Unix and now #Linux. I listened to this episode over the past couple of days. I'm a long time user of #SSH One point of confusion and a few points that I learned.

When talking about the origins of #OpenSSH you talked about #OpenBSD but didn't explain how it related to OpenSSH . Was OpenBSD involved in the creation of OpenSSH ? It could have used explanation.

1/2

#ssh

I used to have a MacOS menubar app to do this but have been doing it manually for the last several years. I've been needing something like this for a while.

https://alebeck.github.io/boring/

A simple command line SSH tunnel manager that just works. TOML config, automatic reconnection and keep-alives.

#cli #ssh

Honest limit on the alsa-utils finding:

The Claude Code voice client is closed-source. Installing alsa-utils restored voice mode, so the recording path probably ends at arecord or a sibling binary.

Probable, not verified. The strict claim stays: alsa-utils was the missing piece.

#Linux #HonestBuilding #SSH #SelfHosting #OpenSource

Trade-off: the remote process gets your live mic for the SSH session.

Anything on that machine under the same user can read from the same audio source while the tunnel is up. Normal for any forwarded device — worth naming explicitly.

#Privacy #SSH #Linux #SelfHosting #OpenSource

5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer

Five malicious NuGet packages published under account bmrxntfj impersonate Chinese .NET libraries to deploy an infostealer targeting browser credentials, cryptocurrency wallets, SSH keys, and local files. The packages typosquat legitimate Chinese UI and infrastructure libraries, grafting .NET Reactor-protected payloads onto decompiled legitimate code. The campaign uses version rotation to evade hash-based detection, with 219 of 224 total versions unlisted but fetchable. The stealer targets 12 browsers, 8 desktop crypto wallets, and 5 browser wallet extensions, exfiltrating data to a newly-registered C2 domain. With approximately 65,000 downloads across all versions, the campaign puts tens of thousands of developer workstations and CI/CD build servers at risk. The payload executes through .NET module initializers, hooks the CLR JIT compiler, and supports cross-platform infection including Linux and macOS infrastructure.

Pulse ID: 69fcc64069bf35be793669dd
Pulse Link: https://otx.alienvault.com/pulse/69fcc64069bf35be793669dd
Pulse Author: AlienVault
Created: 2026-05-07 17:05:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Chinese #CyberSecurity #InfoSec #InfoStealer #Linux #Mac #MacOS #NET #NuGet #OTX #OpenThreatExchange #RAT #SSH #bot #cryptocurrency #AlienVault

CI deploy logged: Warning: remote port forwarding failed for listen port 4713. Deploy still worked. rsync complete. Site live.

CI runs without the user's audio runtime. The forward had nothing to land on.

Fix: ssh -o ClearAllForwardings=yes in the script.

#SSH #CI #Linux #SelfHosting #OpenSource

Csináltam egy merészet.

Van egy Lenovo Yoga 11e tablet PC-m. De, Linux alatt egyszerűen sosem működött a tablet funkció.

Hat éve van nálam, de együtt tudtam ezzel élni, mert igazából nekem egy valóban kis laptop kellett utazásokhoz, ha ügyet kellett oldanom alapon.

Sosem használtam ki tabletként. Még Windows alatt sem. (Igaz, Windowst csak és kizárólag az ősöreg, de LifeTime Garmin Nuvi GPS-em frissítéséhez használok egyedül, mert nincs kedvem kerülő utat keresni rá.)

De, úgy voltam vele, hogy ha már van mindenféle CLI-s AI agent, akkor teszek egy próbát azzal is.

Oda adtam a Claude AI CLI agentjének sudo joggal együtt, hogy... oldja meg, ha tudja.

Dolgozik bőszen. És, igazából nem csak azért nem félek, hogy elront valamit, mert nincs semmi szenzitív azon a gépen és pikk-pakk újra telepítem és kész.
De, azért sem, mert egyszerűen egy netes keresést nem tud megcsinálni anélkül, hogy minden oldalra külön rá ne kérdezne, hogy engem-e.

...és ugyanez minden lépésnél itt is. Egyszerűen nem tudok normálisan gépelni, mert a másik monitoron az ssh-ban folyamatosna nyomkodnom kell az entert a jóváhagyások miatt.

Kíváncsi leszek, mi lesz a vége!

#Linux #LenovoYoga #ThinkPadYoga #TabletPC #OpenSource #FOSS #LinuxDesktop #LinuxHardware #HardwareSupport #Touchscreen #TabletMode #CLI #Terminal #SSH #AIAgent #ClaudeAI #Sudo #SysadminLife #Tinkering #TechExperiment #OldHardware #TravelLaptop #GarminNuvi #Debugging #RightToRepair #CuriousToSeeWhatHappens
#magyar #hungarian

Csináltam egy merészet.

Van egy Lenovo Yoga 11e tablet PC-m. De, Linux alatt egyszerűen sosem működött a tablet funkció.

Hat éve van nálam, de együtt tudtam ezzel élni, mert igazából nekem egy valóban kis laptop kellett utazásokhoz, ha ügyet kellett oldanom alapon.

Sosem használtam ki tabletként. Még Windows alatt sem. (Igaz, Windowst csak és kizárólag az ősöreg, de LifeTime Garmin Nuvi GPS-em frissítéséhez használok egyedül, mert nincs kedvem kerülő utat keresni rá.)

De, úgy voltam vele, hogy ha már van mindenféle CLI-s AI agent, akkor teszek egy próbát azzal is.

Oda adtam a Claude AI CLI agentjének sudo joggal együtt, hogy... oldja meg, ha tudja.

Dolgozik bőszen. És, igazából nem csak azért nem félek, hogy elront valamit, mert nincs semmi szenzitív azon a gépen és pikk-pakk újra telepítem és kész.
De, azért sem, mert egyszerűen egy netes keresést nem tud megcsinálni anélkül, hogy minden oldalra külön rá ne kérdezne, hogy engem-e.

...és ugyanez minden lépésnél itt is. Egyszerűen nem tudok normálisan gépelni, mert a másik monitoron az ssh-ban folyamatosna nyomkodnom kell az entert a jóváhagyások miatt.

Kíváncsi leszek, mi lesz a vége!

#Linux #LenovoYoga #ThinkPadYoga #TabletPC #OpenSource #FOSS #LinuxDesktop #LinuxHardware #HardwareSupport #Touchscreen #TabletMode #CLI #Terminal #SSH #AIAgent #ClaudeAI #Sudo #SysadminLife #Tinkering #TechExperiment #OldHardware #TravelLaptop #GarminNuvi #Debugging #RightToRepair #CuriousToSeeWhatHappens
#magyar #hungarian

Csináltam egy merészet.

Van egy Lenovo Yoga 11e tablet PC-m. De, Linux alatt egyszerűen sosem működött a tablet funkció.

Hat éve van nálam, de együtt tudtam ezzel élni, mert igazából nekem egy valóban kis laptop kellett utazásokhoz, ha ügyet kellett oldanom alapon.

Sosem használtam ki tabletként. Még Windows alatt sem. (Igaz, Windowst csak és kizárólag az ősöreg, de LifeTime Garmin Nuvi GPS-em frissítéséhez használok egyedül, mert nincs kedvem kerülő utat keresni rá.)

De, úgy voltam vele, hogy ha már van mindenféle CLI-s AI agent, akkor teszek egy próbát azzal is.

Oda adtam a Claude AI CLI agentjének sudo joggal együtt, hogy... oldja meg, ha tudja.

Dolgozik bőszen. És, igazából nem csak azért nem félek, hogy elront valamit, mert nincs semmi szenzitív azon a gépen és pikk-pakk újra telepítem és kész.
De, azért sem, mert egyszerűen egy netes keresést nem tud megcsinálni anélkül, hogy minden oldalra külön rá ne kérdezne, hogy engem-e.

...és ugyanez minden lépésnél itt is. Egyszerűen nem tudok normálisan gépelni, mert a másik monitoron az ssh-ban folyamatosna nyomkodnom kell az entert a jóváhagyások miatt.

Kíváncsi leszek, mi lesz a vége!

#Linux #LenovoYoga #ThinkPadYoga #TabletPC #OpenSource #FOSS #LinuxDesktop #LinuxHardware #HardwareSupport #Touchscreen #TabletMode #CLI #Terminal #SSH #AIAgent #ClaudeAI #Sudo #SysadminLife #Tinkering #TechExperiment #OldHardware #TravelLaptop #GarminNuvi #Debugging #RightToRepair #CuriousToSeeWhatHappens
#magyar #hungarian

Updated post!

I like to install `keychain` to manage my SSH keys. When logging in for the first time after boot, it prompts me for the passphrase to unlock my key, then will maintain a single `ssh-agent` process across multiple login sessions.

Added a note about setting up keychain to launch at login for the fish shell.

https://www.dwarmstrong.org/freebsd-ssh-keys/

#SSH #FishShell #FreeBSD #RunBSD

Updated post!

I like to install `keychain` to manage my SSH keys. When logging in for the first time after boot, it prompts me for the passphrase to unlock my key, then will maintain a single `ssh-agent` process across multiple login sessions.

Added a note about setting up keychain to launch at login for the fish shell.

https://www.dwarmstrong.org/freebsd-ssh-keys/

#SSH #FishShell #FreeBSD #RunBSD

Updated post!

I like to install `keychain` to manage my SSH keys. When logging in for the first time after boot, it prompts me for the passphrase to unlock my key, then will maintain a single `ssh-agent` process across multiple login sessions.

Added a note about setting up keychain to launch at login for the fish shell.

https://www.dwarmstrong.org/freebsd-ssh-keys/

#SSH #FishShell #FreeBSD #RunBSD

Updated post!

I like to install `keychain` to manage my SSH keys. When logging in for the first time after boot, it prompts me for the passphrase to unlock my key, then will maintain a single `ssh-agent` process across multiple login sessions.

Added a note about setting up keychain to launch at login for the fish shell.

https://www.dwarmstrong.org/freebsd-ssh-keys/

#SSH #FishShell #FreeBSD #RunBSD

Updated post!

I like to install `keychain` to manage my SSH keys. When logging in for the first time after boot, it prompts me for the passphrase to unlock my key, then will maintain a single `ssh-agent` process across multiple login sessions.

Added a note about setting up keychain to launch at login for the fish shell.

https://www.dwarmstrong.org/freebsd-ssh-keys/

#SSH #FishShell #FreeBSD #RunBSD

This is the LCD menu on the USBridge KVM 2.0.
• Disks — mount/unmount virtual disks and ISO images directly from the device.
• Snapshots — view the snapshot history
• Event Log — log history.
• Settings — token, network configuration, display, firmware version.
• Monitor — video output for quick host diagnostics.

There’s one thing I still need to fix—graphics rendering on the KVM screen. Anti-aliasing is practically nonexistent right now. It works, but it looks ugly. I just haven’t had time to work on it yet.

#homelab #KVM #sysadmin #AI #automation #ssh #openhardware

Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader

In March 2026, threat actors weaponized the OpenClaw AI agent framework by publishing a deceptive "DeepSeek-Claw" skill. This skill embedded malicious installation instructions designed to trick AI agents and developers into executing hidden payloads. On Windows systems, a PowerShell command downloads an MSI package containing a legitimate signed GoToMeeting executable that sideloads a malicious DLL. This loader patches ETW and AMSI for evasion, then decrypts and executes Remcos RAT using TEA encryption, enabling remote access and data theft including keylogging and cookie stealing. An alternate execution path for macOS and Linux delivers GhostLoader through obfuscated Node.js scripts, harvesting credentials via fake sudo prompts and exfiltrating SSH keys, cryptocurrency wallets, and cloud API tokens. This campaign represents an emerging threat vector exploiting autonomous AI workflows and developer trust in open-source frameworks.

Pulse ID: 69fa3aacdd4e111bac9bad11
Pulse Link: https://otx.alienvault.com/pulse/69fa3aacdd4e111bac9bad11
Pulse Author: AlienVault
Created: 2026-05-05 18:45:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #DataTheft #Encryption #InfoSec #Linux #Mac #MacOS #Nodejs #OTX #OpenThreatExchange #PowerShell #RAT #RCE #Remcos #RemcosRAT #Rust #SSH #Windows #bot #cryptocurrency #developers #AlienVault