How to mitigate against SSH Vulnerability CVE-2023-48795 with Maverick Legacy Client

There are several options available to mitigate the risk of exposure to CVE-2023-48795 for Maverick Legacy Client-enabled applications In code Use the code below before making any call to SshConnector.connect. Using System Properties You do not need to make any code changes if you have a sensitive deployment. By adding the JVM arguments below, you […]

Continue Reading…

Important Java SSH Security Update: New SSH Vulnerability Discovered – CVE-2023-48795

Today, we bring to your attention a critical security announcement that demands immediate attention from system administrators, security professionals, and all Secure Shell (SSH) technology users. A team of security researchers from Ruhr University Bochum has uncovered significant vulnerabilities in SSH, which seriously threaten channel integrity. You can find comprehensive details of these findings at […]

Continue Reading…

Addressing the Passive SSH Key Compromise: Security Update for Maverick Servers

Introduction In the dynamic landscape of cybersecurity, vigilance is critical. A recent study has highlighted a vulnerability known as “Passive SSH Key Compromise,” which poses risks to SSH connections through certain RSA key signature generation flaws. At Jadaptive, we prioritize your security and have conducted a comprehensive analysis of our products in light of this […]

Continue Reading…

The Evolution of Java SSH Libraries

Introduction Secure Shell (SSH) is an essential protocol for secure communication over unsecured networks. Developed in the 1990s, and designed as a replacement for insecure remote shell protocols like telnet and rsh, providing encrypted channel communication and strong authentication. With two iterations, SSH-1 and SSH-2, SSH-2 is the most widely used version today due to […]

Continue Reading…

Convert OpenSSH Private Key to OpenSSL Private Key in Java

In 2019, I answered a question on StackOverflow on converting an OpenSSH Private Key to an RSA Private Key. Recently, I had an inquiry about this, so I thought it would be helpful to document for others the exact steps required to perform the conversion in Java using the Maverick Synergy Java SSH API. https://stackoverflow.com/questions/56900615/how-to-convert-openssh-private-key-to-rsa-private-key-in-java […]

Continue Reading…