Pro tip: set `UseDNS no` in your sshd_config to disable reverse DNS lookups for every single ssh connection to your host.

It provides no filtering or validation purpose, afaik, and seems to only generate excess DNS traffic.

This lesson brought to you by the 66k DNS lookups in the past 24hrs from a single public facing forgejo jail.

#FreeBSD #SSH #DNS

Oh no, please don't tell me again that Linux is now insecure on the net?!

«Linux's Latest Vulnerability Allows Reading Root-Owned Files By Unprivileged Users»

⛓️‍💥 phoronix.com/news/Linux-ssh-ke…
⛓️‍💥 github.com/0xdeadbeefnetwork/s…

#sshkeysignpwn #pwn #ssh #linux #0day #keysigning #sshkeys #itsecurity #itsec #itsecurity #zeroday

GitHub - 0xdeadbeefnetwork/ssh-keysign-pwn: Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels.

Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels. - 0xdeadbeefnetwork/ssh-keysign-pwn

^GitHub