570: RegreSSHion Strikes

We dig into the RegreSSHion bug, debate it's real threat and explore clever tools to build a tasty fried onion around your system.Sponsored By:Core Contributor Membership: Take $1 a month of your membership for a lifetime!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:💥 Gets Sats Quick and Easy with Strike📻 LINUX Unplugged on Fountain.FMSpokane Meetup - No-Li Brewhouse · JB Events on GathioPlasma/Krunner Docs — Brent's tip: 'https://search.nixos.org/options?query=\{@}' (the '\{@}' is the magic sauce)autossh — Automatically restart SSH sessions and tunnelsautossh on GitHubSpokane Meetup — No-Li Brewhouse, Sat, Jul 13, 2024, 4:00 PMRegreSSHion — Remote Code Execution Vulnerability In OpenSSH ServerregreSSHion — Remote Unauthenticated Code Execution Vulnerability in OpenSSH server.NixOS Security advisory: OpenSSH CVE-2024-6387 “regreSSHion” – update your servers ASAPNasty regreSSHion bug affects around 700K Linux systemsQualys CVE-2024-6387 Write-upLetmein: Authenticating port knocker - Written in Rust — Letmein is a simple port knocker with a simple and secure authentication mechanism. It can be used to harden against pre-authentication attacks on services like SSH, VPN, IMAP and many more.fwknop: Single Packet Authorization > Port Knocking — fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filterMembership Summer Discount — Take $1 a month of your membership for a lifetime!Jeff links: How to run non-nix executables?pick: stu — TUI (Terminal/Text UI) application for AWS S3