Uncategorised The Evolution of Java SSH Libraries June 4, 2023 by Lee Painter Introduction Secure Shell (SSH) is an essential protocol for secure communication over unsecured networks. Developed in the 1990s, and designed as a replacement for insecure remote shell protocols like telnet and rsh, providing encrypted channel communication and strong authentication. With two iterations, SSH-1 and SSH-2, SSH-2 is the most widely used version today due to […] Read more » Open-Source SSH
Uncategorised Here’s Our Release Notes for LogonBox 2.4.2 April 11, 2023 by Lee Painter This release includes fixes to some bugs, has several user interface improvements and introduces new cloud messaging options to help streamline the set-up of new appliances. Notable Bug Fixes One of the improvements of the 2.4 branch has been the tightening up of browser security headers to improve vulnerability management; however, this change introduced regressions […] Read more » Release Notes
Uncategorised No matching host key type found. Their offer: ssh-rsa December 6, 2022 by Lee Painter After upgrading your OpenSSH client or your OS distribution, you may encounter this error when connecting to your SSH servers. What does “no matching host key type found” mean? When establishing an SSH connection, the client uses the host key of the SSH server to verify the information the server has provided, which it does […] Read more »
LogonBox Directory Uncategorised The benefits of using a Cloud Directory over Active Directory June 15, 2022 by Lee Painter A cloud-based directory service is a great way to manage user identities in your organization. With a cloud directory, you can easily connect users with the resources they need and keep your IT environment secure. This article will discuss some of the benefits of using a cloud directory over an Active Directory, and we’ll show […] Read more »
LogonBox VPN Multi-factor Authentication Uncategorised Protecting Your VPN with MFA March 24, 2022 by Lee Painter Virtual private networks (VPNs) are a great way of providing remote access to internal office resources. By creating a private encrypted tunnel, remote users can access resources in the office network. However, organizations that rely on just a username and password to log into their VPN connections could be putting their company at risk if […] Read more »
Uncategorised A Java Application to demonstrate Log4Shell December 14, 2021 by Lee Painter I put together this simple application to demonstrate the Log4Shell vulnerability to my colleagues. To exploit the vulnerability, we need an exploit string and a Java Main class that logs that string using Log4J. First, we need to set up the application. The easiest way is through Maven to set up the Log4J dependency. I’m […] Read more » Development
Uncategorised Log4Shell and the Maverick Java SSH APIs December 13, 2021 by Lee Painter Log4Shell CVE-2021-44228 describes a remote code execution vulnerability in Log4J 2. We can confirm that our Maverick Java SSH APIs do not depend on Log4J 2, and we do not distribute the affected versions with our APIs as a third-party dependency. However, using these versions with our library through the SLF4J facade we use to […] Read more »
Uncategorised Managed Security in our Java SSH APIs February 5, 2020 by Lee Painter The latest Maverick Legacy 1.7.27 releases include a new concept called Managed Security. This update introduces several changes under the hood to ensure that usage of the APIs maintains the highest possible security whenever possible. We introduced a set of security levels to classify the algorithms we support. As a developer, you can now fix […] Read more » Java SSH
Uncategorised What impact will OpenSSH disabling SSH-RSA signatures have on Maverick Java SSH API February 5, 2020 by Lee Painter With the release of OpenSSH 8.2 last week, the project announced that they would disable ssh-rsa signatures in a future version. I thought it would be paramount to update our API users on what this means in practice and how it will impact your implementations. Why are SSH-RSA signatures being disabled? OpenSSH has decided to […] Read more »
Uncategorised Java SSH and the new OpenSSH Private Key Format October 4, 2019 by Lee Painter With the release of OpenSSH 7.8, the default private key format for private keys generated from ssh-keygen has changed from OpenSSL-compatible PEM files to a custom key format created by the OpenSSH developers. At the time of writing, most open-source Java SSH APIs will need the keys to convert back to the old format before […] Read more »
