Today, we bring to your attention a critical security announcement that demands immediate attention from system administrators, security professionals, and all Secure Shell (SSH) technology users. A team of security researchers from Ruhr University Bochum has uncovered significant vulnerabilities in SSH, which seriously threaten channel integrity. You can find comprehensive details of these findings at […]
Introduction In the dynamic landscape of cybersecurity, vigilance is key. A recent study has highlighted a vulnerability known as “Passive SSH Key Compromise,” which poses risks to SSH connections through certain RSA key signature generation flaws. At Jadaptive, we prioritize your security and have conducted a comprehensive analysis of our products in light of this […]
After upgrading your OpenSSH client or your OS distribution, you may encounter this error when connecting to your SSH servers. What does “no matching host key type found” mean? When establishing an SSH connection, the client uses the host key of the SSH server to verify the information the server has provided, which it does […]
In 2019, I answered a question on StackOverflow on converting an OpenSSH Private Key to an RSA Private Key. Recently I had an inquiry about this, so I thought it would be helpful to document for others the exact steps required to perform the conversion in Java using the Maverick Synergy Java SSH API. https://stackoverflow.com/questions/56900615/how-to-convert-openssh-private-key-to-rsa-private-key-in-java […]
The major flaw found in Log4J, a Java logging API, has had a lot of focus this week, and security experts and IT teams have been scrambling to ensure their web servers are not vulnerable. Amid all this craziness, we should not forget that Enterprise Java Software is not limited to the world of HTTP […]
I put together this simple application to demonstrate the Log4Shell vulnerability to my colleagues. To exploit the vulnerability, we need an exploit string and a Java Main class that logs that string using Log4J. First, we need to set up the application. The easiest way to do this is through Maven to set up the […]
Log4Shell CVE-2021-44228 describes a remote code execution vulnerability in Log4J 2. We can confirm that our Maverick Java SSH APIs do not depend on Log4J 2, and we do not distribute the affected versions with our APIs as a third-party dependency. However, it is still possible to use these versions with our library through the […]
Almost all SSH users are familiar with public key authentication and use SSH private keys to authenticate themselves when logging into a remote machine. The SSH key mechanism is relatively simple; the user generates a private key and shares his public key with the administrators of devices he wants to access. To allow access, the […]
With the release of OpenSSH 8.2 last week, the project announced that they would be disabling ssh-rsa signatures in a future version. I thought that it would be paramount to update our API users as to what this means in practice and how it will impact your implementations. Why are SSH-RSA signatures being disabled? OpenSSH […]
The latest Maverick Legacy 1.7.27 releases include a new concept we have called Managed Security. This update introduces several changes under-the-hood to ensure that usage of the APIs maintains the highest possible security whenever possible. We introduced a set of security levels to classify the algorithms we support. As a developer, you can now fix […]
Jadaptive is part of the Jadaptive Group of companies, which includes:
