LUP 570: RegreSSHion Strikes

• Air Date: 2024-07-07
• Duration: 47 mins 6 secs

About this episode

We dig into the RegreSSHion bug, debate it's real threat and explore clever tools to build a tasty fried onion around your system.

Your hosts

• Chris Fisher
• Wes Payne
• Brent Gervais

Sponsored by

• Core Contributor Membership: Take $1 a month of your membership for a lifetime!
• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.

Episode links

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• Spokane Meetup - No-Li Brewhouse · JB Events on Gathio
• Plasma/Krunner Docs — Brent's tip: 'https://search.nixos.org/options?query=\{@}' (the '\{@}' is the magic sauce)
• autossh — Automatically restart SSH sessions and tunnels
• autossh on GitHub
• Spokane Meetup — No-Li Brewhouse, Sat, Jul 13, 2024, 4:00 PM
• RegreSSHion — Remote Code Execution Vulnerability In OpenSSH Server
• regreSSHion — Remote Unauthenticated Code Execution Vulnerability in OpenSSH server.
• NixOS Security advisory: OpenSSH CVE-2024-6387 “regreSSHion” – update your servers ASAP
• Nasty regreSSHion bug affects around 700K Linux systems
• Qualys CVE-2024-6387 Write-up
• Letmein: Authenticating port knocker - Written in Rust — Letmein is a simple port knocker with a simple and secure authentication mechanism. It can be used to harden against pre-authentication attacks on services like SSH, VPN, IMAP and many more.
• fwknop: Single Packet Authorization > Port Knocking — fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter
• Membership Summer Discount — Take $1 a month of your membership for a lifetime!
• Jeff links: How to run non-nix executables?
• pick: stu — TUI (Terminal/Text UI) application for AWS S3

Tags

32-bit, ars, atomic clock, autossh, cve, dan goodin, denial-of-service, exploit, fail2ban, firewall, firewall knock operator, fried onion, fwknop, jb time, jupiter broadcasting, kaspersky, kdeconnect, krunner, letmein, linux podcast, linux unplugged, malicious payloads, nixos, openssh, port knocking, qualys, rce, regresshion, regression, security advisory, server hardening, spa, spokane meetup, stan kaminsky, stu, tailscale, tui, vulnerability