Introduction Secure Shell (SSH) is an essential protocol for secure communication over unsecured networks. Developed in the 1990s, and designed as a replacement for insecure remote shell protocols like telnet and rsh, providing encrypted channel communication and strong authentication. With two iterations, SSH-1 and SSH-2, SSH-2 is the most widely used version today due to […]
No matching host key type found. Their offer: ssh-rsa
After upgrading your OpenSSH client or your OS distribution, you may encounter this error when connecting to your SSH servers. What does “no matching host key type found” mean? When establishing an SSH connection, the client uses the host key of the SSH server to verify the information the server has provided, which it does […]
Convert OpenSSH Private Key to OpenSSL Private Key in Java
In 2019, I answered a question on StackOverflow on converting an OpenSSH Private Key to an RSA Private Key. Recently, I had an inquiry about this, so I thought it would be helpful to document for others the exact steps required to perform the conversion in Java using the Maverick Synergy Java SSH API. https://stackoverflow.com/questions/56900615/how-to-convert-openssh-private-key-to-rsa-private-key-in-java […]
A Java Application to demonstrate Log4Shell
I put together this simple application to demonstrate the Log4Shell vulnerability to my colleagues. To exploit the vulnerability, we need an exploit string and a Java Main class that logs that string using Log4J. First, we need to set up the application. The easiest way is through Maven to set up the Log4J dependency. I’m […]
Log4J and Log4Shell in Java SSH Clients and Servers
The major flaw found in Log4J, a Java logging API, has had a lot of focus this week, and security experts and IT teams have been scrambling to ensure their web servers are not vulnerable. Amid all this craziness, we should not forget that Enterprise Java Software is not limited to the world of HTTP […]