Language Selection

English French German Italian Portuguese Spanish

BSD

OpenSSH 8.8

Filed under
Security
BSD
  • [openssh-unix-announce] Announce: OpenSSH 8.8 released

    A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default.

    Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side.

    This creates one area of potential incompatibility: scp(1) when using the SFTP protocol no longer requires this finicky and brittle quoting, and attempts to use it may cause transfers to fail. We consider the removal of the need for double-quoting shell characters in file names to be a benefit and do not intend to introduce bug- compatibility for legacy scp/rcp in scp(1) when using the SFTP protocol.

    Another area of potential incompatibility relates to the use of remote paths relative to other user's home directories, for example - "scp host:~user/file /tmp". The SFTP protocol has no native way to expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later support a protocol extension "expand-path at openssh.com" to support this.

  • OpenSSH 8.8

    sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a different user. Instead these commands would inherit the groups that sshd(8) was started with.

    Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privilege.

    Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5).

  • OpenSSH 8.8 release disabling rsa-sha digital signature support

    Published the release of OpenSSH 8.8, an open client and server implementation for the SSH 2.0 and SFTP protocols. The release is notable for disabling by default the ability to use digital signatures based on RSA keys with a SHA-1 hash (“ssh-rsa”).

    The end of support for “ssh-rsa” signatures is due to an increase in the effectiveness of collision attacks with a given prefix (the cost of collision guessing is estimated at about 50 thousand dollars). To test the use of ssh-rsa on your systems, you can try connecting via ssh with the “-oHostKeyAlgorithms = -ssh-rsa” option. Support for RSA signatures with SHA-256 and SHA-512 (rsa-sha2-256 / 512) hashes, which are supported since OpenSSH 7.2, is unchanged.

MidnightBSD 2.1

Filed under
BSD

I’m happy to announce the availability of MidnightBSD 2.1 for amd64 and i386. This is an incremental release focusing on bug fixes, improvements to the package manager and a new system compiler.

Read more

Videos/Shows: Command Line Heroes, New in Invidious (YouTube), BSDNow, and Ubuntu Podcast

Filed under
GNU
Linux
BSD
  • Command Line Heroes: Season 8: Robot as Servant

    The 1980s promised robotic servants were in reach. They’d clean up our houses. Bring us drinks. Usher in an era of leisure. We didn’t get robot butlers. But if we look around, we’ll find an army of robotic servants already automating away domestic drudgery.

  • No The Steam Deck Won't Play Every Game - Invidious

    Due to some early information floating around some outlets reported that the Steam Deck will play every single game out there but anyone who has played games on Linux knows that would be impossible, proton is frankly not at this state.

  • JC's Linux Notes - Invidious

    A screencast in which we take a look at notes about Linux I have saved over the last few years.

  • GNOME redesign, Manjaro Cinnamon goes Vivaldi, and Steam Deck hype deflation - Linux news - Invidious
  • BSDNow 420: OpenBSD makes life better

    Choosing The Right ZFS Pool Layout, changes in OpenBSD that make life better, GhostBSD 21.09.06 ISO's now available, Fair Internet bandwidth management with OpenBSD, NetBSD wifi router project update, NetBSD on the Apple M1, HardenedBSD August Status Report, FreeBSD Journal on Wireless and Desktop, and more.

  • Ubuntu Podcast from the UK LoCo: S14E28 – Tanks Rewarding Gender [Ed: Ubuntu Podcast will end soon. So they decided to push proprietary software like Windows and DRM like Steam.]

    This week we’ve been playing with Steam and the Windows Terminal. We look back at how Ubuntu and evolved over the years, bring you some command line love and go over all your feedback.

    It’s Season 14 Episode 28 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

GhostBSD 21.09.06 ISO's now available

Filed under
BSD

I am happy to announce the new ISO 21.09.06. This new ISO contains the switch from OpenRC to FreeBSD rc.d and numerous fixes and improvements.

Read more

Audiocasts/Shows: BSDNow, TLLTS, and Bad Voltage

Filed under
GNU
Linux
BSD

NetBSD wifi project status update

Filed under
BSD
  • wifi project status update

    After initial work on the wifi renewal branch went quite fast and smooth, things have slowed down a bit in the last few months.

    Most of the slow down was due to me not being available for this type of work for unexpectedly long times - a problem that should be fixed now.

  • NetBSD Continues Long Overdue Push To Modernize Their WiFi Drivers - Phoronix

    Started back in 2018 was an effort by the NetBSD project to update their operating system WiFi drivers by re-syncing more code from FreeBSD and making various improvements. Three years later the work has yet to be merged but after stalling for some time is back to being worked on by interested developers.

    The WiFi renewal effort by NetBSD has been working to support newer WiFi standards, provide better SMP support, and handling other wireless networking features. The WiFi renewal effort was restarted last year though developer Martin Husemann noted the progress has slowed down a bit in recent months.

OpenSSH 8.7 released

Filed under
BSD

OpenSSH 8.7 has been released. Changes include steps toward deprecating scp and using the SFTP protocol for file transfers instead, changes to remote-to-remote copies (they go through the local host by default now), a stricter configuration-file parser, and more.

Read more

NetBSD Explained: The Unix System That Can Run on Anything

Filed under
BSD

NetBSD is an open-source operating system. Like Linux, NetBSD aims for broad compatibility with Unix, offering similar utilities and behavior.

NetBSD is based on the Berkeley Software Distribution version of Unix, hence the "BSD" in the name. It's a branch off of the 386/BSD release that supported PCs in the early 1990s.

Where FreeBSD focuses on the PC platform and OpenBSD focuses on security, NetBSD focuses on portability to different platforms. While NetBSD might look like another Linux distribution, the entire system, including the kernel and user utilities, is developed together as a whole. This contrasts with the way Linux distributions cobble together components from multiple sources.

Read more

OPNsense 21.7

Filed under
Security
BSD
  • OPNsense 21.7 released

    For more than 6 and a half years, OPNsense is driving innovation through
    modularising and hardening the open source firewall, with simple and reliable
    firmware upgrades, multi-language support, fast adoption of upstream software
    updates as well as clear and stable 2-Clause BSD licensing.

    21.7, nicknamed "Noble Nightingale", is one of the largest iterations of
    code changes in our recent history. It will also be the last release on
    HardenedBSD 12.1. We are planning to start the work on FreeBSD 13 as soon
    as next week for the 22.1 series.

    The installer was replaced to offer native ZFS installations and prevent
    glitches in virtual machines using UEFI. Firmware updates were partially
    redesigned and the UI layout consolidated between static and MVC pages.
    The live log now contains the actual rule ID to avoid mismatches after
    adjusting your ruleset and the firewall aliases now also support wildcard
    netmasks. For a complete list of changes see below.

  • OPNsense 21.7 Released With New Installer Offering Better ZFS Support - Phoronix

    OPNsense as the FreeBSD/HardenedBSD-based firewall and routing platform long ago forked from pfSense is out with its newest major release.

    OPNsense 21.7 is "one of the largest iterations of code changes" in their recent history but is still based on HardenedBSD 12.1, the BSD effort around further security hardening of FreeBSD 12.1. OPNsense developers now following this release are beginning to transition to FreeBSD 13 for their OPNsense 22.1 release due out early next year.

  • OPNsense® 21.7 "Noble Nightingale" released

    With over 1000 commits in its core and plugin repository since the last major, this 14th major release is again packed with improvements, new and updated plugins as well as new drivers such as the new AMD XGBE driver.

    Amongst the improvements are the newly designed - API enabled - firewall states diagnostics, firewall live log template support and a full firmware update revamp.

BSD: FreeBSD and OpenBSD

Filed under
BSD
  • Migrating from Apache to Nginx on FreeBSD

    In this article I will tell you how I’ve migrated my servers running Apache+PHP to Nginx+PHP-fpm without diying the process.

  • Signify

    We look at OpenBSD’s Signify. You can use Signify as an alternative to GnuPG or Minisign for signing and verifying files.

    Signify uses Ed25519 for cryptographic signing and verification. OpenBSD developers use Signify extensively for signing. Actually, Ted Unangst developed the tool to sign and verify OpenBSD’s files. Besides, some other projects rely on Signify, like Wireguard, radare2, or LibreSSL.

    The current version of Signify is v30, released on September 24, 2020.

  • Introducing dhcpleased(8)

    Now enabled by default on OpenBSD -current is dhcpleased(8), a dynamic host configuration protocol daemon written by florian@ (Florian Obser), who spoke with us about his work: [...]

Syndicate content

More in Tux Machines

File Searching on deepin OS

This tutorial explains how user can search for files and folders on a deepin OS computer. deepin OS, formerly Hiweed, is a Chinese computer operating system first launched in 2004 and comes with its own user interface that is beautifully unique called DDE. This involves File Manager, the file manager of deepin OS, and in this article we use the OS version 20 and the program version 5.2. Let's start. On deepin OS, your file manager's name is File Manager. Read more

Distrowatch Top 5 Distributions review: MX Linux

I didn’t like the layout of the main panel being on the side, and I’m not a big fan of Xfce typically...but once I organized things a little more to my liking, I found MX Linux was a pleasure to use, responsive, fast, and had more tools than you can shake a stick at...So new users will likely not need to use the terminal for anything really, it’s all right there in nice custom-made GUI tools, however, power users may also find the simplicity of some of these tools quite handy too. Being based on Debian will also help to ensure that MX Linux stays rock solid stable, and there should rarely be crashes or broken packages. I would recommend MX Linux to anyone who cares more about stability than bleeding edge package updates, as well as people looking for a strong distribution that does not use Systemd. Read more

elementary OS 6 – A Beautiful OS for Open Source Lovers

elementary OS is an open-source Ubuntu-based distro and one of the most awesome GNU/Linux distros ever that has gained a lot of traction over the years elementary OS is usually mentioned only in light of macOS and sometimes Windows, given that it features a beautiful and consistent UI which makes it an ideal replacement; it deserves to stand out more because its active community of developers has not only successfully delivered a unique distro, all of its apps are custom built and they are lovely! It’s excellent for both Linux beginners and pros which is evident in how artistically comprehensive their online documentation is. The team succeeded in keeping to the 3 core rules of their design philosophy which are: “concision”, “avoid configuration” and “minimal documentation”. I recently gave elementary OS 6 “Odin” a test drive and here are my thoughts. Read more

today's howtos

  • iproute2 vs net-tools

    iproute2 package contains utilities for controlling and monitoring networking, IP address, and routing. It is a modern replacement for net-tools. Iproute2 is an open-source project mainly focussed on network components of the Linux kernel. The commonly used utilities inside iproute2 are ip, ss, and bridge. The below table shows the iproute2 and deprecated net-tools Linux commands.

  • How to Install & Configure Git on Linux Mint 20 - LinuxCapable

    Git is a mature, actively maintained open source project initially developed in 2005 by Linus Torvalds, the famous Linux operating system kernel creator. Git is designed for developers that need a pretty straightforward version control system. Most software is collaborative efforts and sometimes can have hundreds of people with commits working on software development projects. It is essential to track these commits customarily done in branches in most projects before being merged into the master for release. It is easy to review and track down any incorrect commits and revert, leading to a much easier development if anything goes wrong.

  • My experience installing Libero SoC in Ubuntu and Windows 10 - CNX Software

    A few weeks ago, I received Microchip PolarFire SoC FPGA Icicle Kit with FPGA fabric and hard RISC-V cores capable of handling Linux. I wrote “Getting Started with Yocto Linux BSP” tutorial for the board, and I had initially titled the current post “Getting Started with FPGA development using Libero SoC and Polarfire FPGA SoC”. I assumed I would write one or two paragraphs about the installation process, and then show how to work with Libero SoC Design Suite to create an FPGA bitstream. But instead, I spent countless hours trying to install the development tools. So I’ll report my experience to let readers avoid some of the pitfalls, and hopefully save time.

  • How To Install LAMP (Apache, MySQL, PHP) on Debian 11

    LAMP is one of the most widely used software stacks on servers because it allows us to get a working web server up and running quickly. So, in this post, you will learn how to use LAMP on Debian as well as a description of its main components.