Tootfinder

Finding SSH Strict Key Exchange Violations by State Learning
Fabian B\"aumer, Marcel Maehren, Marcus Brinkmann, J\"org Schwenk
https://arxiv.org/abs/2509.10895 https:/…

Finding SSH Strict Key Exchange Violations by State Learning
SSH is an important protocol for secure remote shell access to servers on the Internet. At USENIX 2024, Bäumer et al. presented the Terrapin attack on SSH, which relies on the attacker injecting optional messages during the key exchange. To mitigate this attack, SSH vendors adopted an extension developed by OpenSSH called strict key exchange ("strict KEX"). With strict KEX, optional messages are forbidden during the handshake, preventing the attack. In practice, this should simplify the state …

-Continuum limit of bipartite lattices - The SSH model
Fotios K. Diakonos, P. Schmelcher
https://arxiv.org/abs/2509.11900 https://arxiv.org/pdf/2509.11900

Continuum limit of bipartite lattices - The SSH model
We present a continuous non-local model that faithfully replicates the rich topological and spectral features of the Su-Schrieffer-Heeger (SSH) model. Remarkably, our model shares the SSH models bulk energy spectrum, eigenstates, and Zak phase, hallmarks of its topological character, while introducing a tunable length-scale a quantifying non-locality. This parameter allows for a controlled interpolation between non-local and local regimes. Furthermore, for a specific value of a the exact spectr…

🔬 Seeing "post-quantum key exchange" warnings in your SSH sessions?
Here's what it actually means and whether you should worry about it.
Modern #SSH connections use #encryption that could theoretically be broken by future

I cry when I see people using PuTTY. I shout when I see them using something in browser to do ssh sessions.

Ich weiß, dass ich vor sehr, sehr vielen Jahren sowas wie sshfs um Remote-Ordner via SSH "lokal" zu nutzen unter Windows probiert habe und es war eher mau. Aber jetzt ist das ja so schön. Unter Linux - wahrscheinlich aber auch unter Windows inzwischen.
Richtig angegangen, könnte man Kolleg:innen ggf. eine Menge Bla-Bla zu SSH, FTP, WinSCP etc. ersparen. Lässt sich sicher schön mit SSH-Keys via KeePassXC komibinieren.

next #firewalld oddity; you can't use 'firewall-cmd' when firewalld is stopped (like configuring a rootfs not yet booted), but it has got 'firewall-offline-cmd' that lets you do it - except the options are sometimes different; e.g.
firewall-cmd --zone=external --remove-service ssh --permanent
becomes
firewall-offline-cmd --zone=external --remove-service-fro…

📊 Risk assessment: For most use cases (server admin, development, non-sensitive data), the practical risk is low. Your Docker logs and configs likely won't be
valuable in 15 years. However, healthcare, finance, and government sectors should act now.
⚙️ Quick fix: Suppress the warning by adding LogLevel ERROR to ~/.ssh/config for specific hosts. Better solution: Enable post-quantum key exchange on your SSH

So I think I'll need to read up on it a bit. I understand that "Passkeys" try to do something similar as SSH pubkeys.
But do you know a good technical explainer of what's going on and how it works?
(Yes, I could search myself but I am looking for recommendations of articles you have read that you found helpful and clear.)
EDIT: https://

Passkeys.io – A Real-World Passkey Demo & Info Page
Try a Realistic Passkey Demo Login and User Profile. Browse the Passkey Directory and Find Websites With Passkey Support. Learn About Device Compatibility and Technical Details.

It's been a fun project but finally time to shutdown lanecloud.
https://blog.lane-fu.com/posts/2025/11/rip-lanecloud/

"This PR introduces a new utility, detect-fash, which scans a system for the presence of software and configurations known to be associated with fascist ideologies. This may help identify undesirable and/or malicious activity that may interfere with the intended operations of other systemd utilities."
It seems to detect the presence of Omarchy Linux, Ladybird browser, hyprland, and DHH's ssh public key.

server by updating KexAlgorithms in /etc/ssh/sshd_config and restart the service.
read more here: https://gist.github.com/michabbb/5eb580d60ede01dc7d1e5abc72d7eb40

What's your record for the most levels of nested/chained remoting/virtualization?
I think my current record is:
* RDP from Linux endpoint to locally hosted Windows VM
* Proprietary remoting protocol with Windows-only client connecting to Windows VM on customer infrastructure
* SSH from that VM to Linux bare metal box in customer lab
* SSH from *that* box to actual DUT
There might have been one more hop of SSH somewhere in the chain I can't remember now…

»XPipe 19 — SSH-Manager unterstützt nun auch alte Unix-Systeme:
Der Open-Source-SSH-Manager XPipe verbindet sich in Version 19 erstmals auch mit veralteten Unix-Varianten und beherrscht reines SFTP.«
Erst jetzt entdeckt und dies muss ich mir doch mal ansehen. Ich nutze keine veralteten Unix Systeme aber schön zu lesen, dass dies über SFTP auch unterstützt wird.
💻

XPipe 19: SSH-Manager unterstützt nun auch alte Unix-Systeme
Der Open-Source-SSH-Manager XPipe verbindet sich in Version 19 erstmals auch mit veralteten Unix-Varianten und beherrscht reines SFTP.

Unclear to me why no one ever mentions Strongbox in #PasswordManager reviews. It is a perfectly fine PM for macOS/iOS/iPadOS that has a rich set of sync options, most of which don't involve any 2nd/3rd party storage. It stores its databases in KeePass2.x (kdbx v4) format, so it is data-compatible with the many variations of KeePass.
(I use it with SSH/SCP sync, so as long as I’m at…

from my link log —
On the security of SSH client signatures.
https://arxiv.org/abs/2509.09331
saved 2025-09-15 https://dotat.at/:/GW6BK.html

On the Security of SSH Client Signatures
Administrators and developers use SSH client keys and signatures for authentication, for example, to access internet backbone servers or to commit new code on platforms like GitHub. However, unlike servers, SSH clients cannot be measured through internet scans. We close this gap in two steps. First, we collect SSH client public keys. Such keys are regularly published by their owners on open development platforms like GitHub and GitLab. We systematize previous non-academic work by subjecting the…

Have made these kinds of commands with Puppet Resource layer - but just “require ‘puppet’” can take a second let alone all the other startup costs.
Seeing the same pattern but very fast is a whole different experience. Long way to go but feeling pretty good.
(First slow run is of course yum update)
https://

how to make block-level remote backups dramatically faster (i get ~3x or more speedup) on Linux:
ssh root@host "zstd </dev/sda -T0" | unzstd | pv >/dev/mapper/backup-host-root

New blog post: Journeys in Hosting 1/x - Precomputed SSH Host Keys
#Hosting

RE: https://cosocial.ca/@timbray/115639842170295353
OMG it turns out this is due to the Mac APFS filesystem’s default case-mapping behavior, so things like SSH and LS work (bleccch).
(h/t @stoey.bsky.social over on bsky)

I've been dragging a `~/.ssh` directory around with me since at least 2008.
I can probably safely purge these, now, though—right? (-;
```
❯ cat ~/.ssh/known_hosts | grep php.net | awk {'print $1'}
y2.php.net,69.147.83.197
y1.php.net,69.147.83.196
```
#php

#TIL that #GitHub doesn't let me see the public SSH key I've added to it 🤦.
Yeah, Microsoft security experts at their best, I guess.

Dziś odkryłem, że #GitHub nie pozwala mi podejrzeć publicznego klucza SSH przypisanego do konta 🤦.
Cóż, zapewni eksperci od bezpieczeństwa z Microsoftu w akcji.

I use a few apps for the CLI because, over the years, I've come to prefer efficiency and speed over fancy features. Newsboat, Castero, ffmpeg, yt-dlp, wget, git, toot, ssh, etc.
However, there are a few that never seem to stick around on my CLI. Neither mutt, ranger, ncmcpp, nor similar apps have managed to establish themselves on my computers... And I don't think they will at this point.
#cli

I wonder how long until we learn that a popular 3rd (or 1st!) party closed-source (or OSS binary distribution) remote desktop or ssh client/terminal has been keylogging or uploading screenshots to its maker or external attacker to achieve some extortion or fraud or hacking aim

Emergent spacetime supersymmetry at 2D fractionalized quantum criticality
Zhengzhi Wu, Zhou-Quan Wan, Shao-Kai Jian, Hong Yao
https://arxiv.org/abs/2510.07383 https://

Emergent spacetime supersymmetry at 2D fractionalized quantum criticality
While experimental evidence for spacetime supersymmetry (SUSY) in particle physics remains elusive, condensed matter systems offer a promising arena for its emergence at quantum critical points (QCPs). Although there have been a variety of proposals for emergent SUSY at symmetry-breaking QCPs, the emergence of SUSY at fractionalized QCPs remains largely unexplored. Here, we demonstrate emergent space-time SUSY at a fractionalized QCP in the Kitaev honeycomb model with Su-Schrieffer-Heeger (SSH)…

Far-field radiation of bulk, edge and corner eigenmodes from a finite 2D Su-Schrieffer-Heeger plasmonic lattice
\'Alvaro Buend\'ia, Jos\'e Luis Pura, Vincenzo Giannini, Jos\'e Antonio S\'anchez Gil
https://arxiv.org/abs/2510.08063

Far-field radiation of bulk, edge and corner eigenmodes from a finite 2D Su-Schrieffer-Heeger plasmonic lattice
Subwavelength arrays of plasmonic nanoparticles allow us to control the behaviour of light at the nanoscale. Here, we develop an eigenmode analysis, employing a coupled electromagnetic dipole formalism, which permits us to isolate the contribution to the far-field radiation of each array mode. Specifically, we calculate the far-field radiation patterns by bulk, edge and corner out-of-plane eigenmodes in a finite 2D Su-Schrieffer-Heeger (SSH) array of plasmonic nanoparticles with out-of-plane di…

Getting up, ✅ Wifi up, ❌ Internet not available through WifFi
*sigh
✅ Internet connected
✅ pihole computer available via SSH
⁉️ pihole has a load of 8, very unresponsive
reconfigure Router to not use pihole
hard reboot pihole
🌼go for a walk
💚 all up again
reconfigure Router to use pihole again
NOW it's a #goodMorning

I don't think it's possible to ssh into this container...
<remembers Tailscale>
YES... HA HA
HA... YES

VelLMes: A high-interaction AI-based deception framework
Muris Sladi\'c (Czech Technical University in Prague), Veronica Valeros (Czech Technical University in Prague), Carlos Catania (CONICET, UNCuyo), Sebastian Garcia (Czech Technical University in Prague)
https://arxiv.org/abs/2510.06975

VelLMes: A high-interaction AI-based deception framework
There are very few SotA deception systems based on Large Language Models. The existing ones are limited only to simulating one type of service, mainly SSH shells. These systems - but also the deception technologies not based on LLMs - lack an extensive evaluation that includes human attackers. Generative AI has recently become a valuable asset for cybersecurity researchers and practitioners, and the field of cyber-deception is no exception. Researchers have demonstrated how LLMs can be leverage…

It doesn't matter that my editor highlights "IdentityFile" and not "IdentifyFile"; I will still typo my .ssh/config, and not notice until I actually try to log into a machine.

New project post: AnotterKiosk
AnotterKiosk is another full-page web-browser OS for Pi's and other PCs, displays a webpage in full screen 24/7.
It has support for multi-touch input, a watchdog/heartbeat feature, local webserver, fully read-only root FS (won't kill SD cards, ever!), manual EDID overrides, configurable caching, reverse SSH tunnel support...
Can be used for signs, conference info screens, dashboards, home automation, etc.

Getting gpg-agent-ssh to work properly on #Arch #Linux is/was quite a pain. These things just worked on #Ubuntu derivatives out of the box, here one really needs to understand what is going on.
But it was an int…

I carry both an iphone and a pixel these days. I think one of the best things about Android is the ability to set your own launcher. I've falled in love with Kvaesitso https://github.com/MM2-0/Kvaesitso - an open source launcher with good configurability and an awesome search. However in general it still feels like android is lagging behind iOS on the app side. I'm specially missing Shellfish (https://secureshellfish.app/) when i'm on the pixel. I even have juicessh pro and it's not nearly as good. I'm actually surprised the ssh client situation is so bad given the higher perceived nerd ratio for Android.

Your console.log is useless: A Guide to Production-Grade #Observability in #Nodejs

»You already have a git server:
If you have a git repository on a server with ssh access, you can just clone it.«
Actually, this is only logical and correspondingly simple, but you should also use this. Now I came across this with the help of a link to this guide.
🧑‍💻 https://maurycyz.com/misc/easy_git/

I'm in Australia right now. I can boot my home PC via Wake On LAN to access my files if I have to. I placed a webcam in front of it so that I can verify that it actually does so.
It's weird seeing my computer 16.500 km away from me. It feels like my own little Mars mission. Especially with how SSH feels at 300-400 ms latency.
And yes, that's a drinking glass I forgot on my desk.
#HomeLab

For shits and giggles I decided to ssh upgrade my FreeBSD 15 to KDE 6.4.5, by using the latest ports. Let me say the process (git pulling the latest ports, portmastering et al) does certainly work. Five and a half hours later I'm happy to be not on the premises to hear my 2018 NUC take off. Rust, llvm, you get it.
Shits and giggles indeed 🤣
#freebsd

Stuck in an unresponsive SSH shell? Sick of having to close terminal and reopen?
Hit:
Enter
~ (shift `)
.
It'll break the connection.

Apropos to my recent blog post on SSH server host key reuse at LightNode (brand of Kaupo), this prefix was found to have many reused keys.
https://social.bgp.tools/@transfers/statuses/01K5WRXSBHYPYBEBZE65TDMHZ2

Post by IP/ASN Transfers, @transfers@bgp.tools
"Beijing Kaopu Cloud technology co. LTD" transferred 103.152.14.0/23 to "Kaopu Cloud HK Limited" (Estimated Market Value: $13.82 K)

Ich habe einen #vServer, der über #Plesk gemanaged wird.
Leider komme ich nur noch per #ssh dran, weil die #Zertifikate

Topological Phase Diagram of Generalized SSH Models with Interactions
Yuxiao Hang, Stephan Haas
https://arxiv.org/abs/2509.12373 https://arxiv.org/pdf/2509…

Topological Phase Diagram of Generalized SSH Models with Interactions
We investigate interacting Su-Schrieffer-Heeger (SSH) chains with two- and three-site unit cells using density matrix renormalization group (DMRG) simulations. By selecting appropriate filling fractions and sweeping across interaction strength \( J_z \) and dimerization \( δ\), we map out their phase diagrams and identify transition lines via entanglement entropy and magnetization measurements. In the two-site model, we observe the emergence of an interaction-induced antiferromagnetic intermed…

Unsupervised Detection of Topological Phase Transitions with a Quantum Reservoir
Li Xin, Da Zhang, Zhang-Qi Yin
https://arxiv.org/abs/2509.25825 https://ar…

Unsupervised Detection of Topological Phase Transitions with a Quantum Reservoir
In quantum many-body systems, characterizing topological phase transitions typically requires complex many-body topological invariants, which are costly to compute and measure. Inspired by quantum reservoir computing, we propose an unsupervised quantum phase detection method based on a many-body localized evolution, enabling efficient identification of phase transitions in the extended SSH model. The evolved quantum states produce feature distributions under local measurements, which, after sim…

🚀 Connection multiplexing for faster subsequent SSH connections
🔐 Comprehensive auth options: public key, password, agent forwarding
🛡️ Security-first: no credentials stored, uses native OpenSSH binary
💾 Non-destructive config writes with automatic backups (up to 10 rolling)
⌨️ Keyboard-driven UI with intuitive keybindings
📦 Install via #Homebrew, binary download or …

Fast and length-independnt transport time supported by topological edge states in finite-size Su-Schieffer-Heeger chains
Yu-Han Chang, Nadia Daniela Rivera Torres, Santiago Figueroa Manrique, Raul A. Robles Robles, Vanna Chrismas Silalahi, Cen-Shawn Wu, Gang Wang, Giulia Marcucci, Laura Pilozzi, Claudio Conti, Ray-Kuang Lee, Watson Kuo
https://arxiv.org/abs/2511.19237 https://arxiv.org/pdf/2511.19237 https://arxiv.org/html/2511.19237
arXiv:2511.19237v1 Announce Type: new
Abstract: In order to transport information with topological protection, we explore experimentally the fast transport time using edge states in one-dimensional Su-Schrieffer-Heeger (SSH) chains. The transport time is investigated in both one- and two-dimensional models with topological non-trivial band structures. The fast transport is inherited with the wavefunction localization, giving a stronger effective coupling strength between the mode and the measurement leads. Also the transport time in one-dimension is independent of the system size. To verify the asertion, we implement a chain of split-ring resonators and their complementary ones with controllable hopping strengths. By performing the measurements on the group delay of non-trivially topological edge states with pulse excitations, the transport time between two edge states is directly observed with the chain length up to $20$. Along the route to harness topology to protect optical information, our experimental demonstrations provide a crucial guideline for utilizing photonic topological devices.
toXiv_bot_toot

The Su-Schrieffer-Heeger model on a one-dimensional lattice: Analytical wave functions of topological edge states
Weibo Xu
https://arxiv.org/abs/2509.16708 https://

The Su-Schrieffer-Heeger model on a one-dimensional lattice: Analytical wave functions of topological edge states
The one-dimensional Su-Schrieffer-Heeger (SSH) model is a prototype model in the field of topological condensed matter physics, and the existence and characteristics of its topological edge states are crucial for revealing the topological essence of low-dimensional systems. This paper focuses on the analytical wave functions of topological edge states in the SSH model, systematically sorting out the fundamentals of model construction. Based on the tight-binding approximation, it derives the mat…

🌐 #Tailscale VPN integration with pre-auth key support & custom server options
💾 Automated #rsync backups over SSH with cron scheduling & ntfy/Discord notifications
🔧 Kernel hardening via sysctl, swap file setup & Lynis/debsecan security audits
📋 Idempotent, produ…

Constructing qubit edge states by inverse-designing the electromagnetic environment
A. Miguel-Torcal, T. F. Allard, P. A. Huidobro, F. J. Garc\'ia-Vidal, A. I. Fern\'andez-Dom\'inguez
https://arxiv.org/abs/2509.22534

Constructing qubit edge states by inverse-designing the electromagnetic environment
Building on advances in topological photonics and computational optimization, we inversedesign a periodic dielectric structure surrounding a chain of interacting qubits, emulating an extended, dimerized Su-Schrieffer-Heeger (SSH) excitonic model. Our approach enables precise control over photon-mediated interactions, allowing us to explore the emergence of topological edge states in the qubit chain. By systematically tuning structural parameters to address both coherent evolution and dissipativ…

#TIL that #Gitolite can't handle repositories with different default branch names. As in, if you push a "main" branch into a "master" server, you get no HEAD 🤦. And you can only change that via SSH-ing to the server and modifying the underlying repository.
Apparently, you could also install a hook to automatically fix HEAD for you: #Gentoo #git

Tho... via Limine it doesn't seem to use UKI according to bootctl? How tf does it work then???
I imagine this is less safe than Lanzaboote then, since Lanzaboote makes measured UKIs, is it not possible to use UKI with Limine?
(terminal window is ssh to my NAS with lanzaboote, vscodium is my PC with Limine)
#Limine #NixOS #SecureBoot #Lanzaboote

J'ai un chenit avec mes clefs SSH, je vais bientôt appeler un serrurier.
#AdminDePacotille

Topology and Spectral Entanglement in Cavity-Mediated Photon Scattering
Eric R. Bittner, Andrei Piryatinski
https://arxiv.org/abs/2509.15465 https://arxiv.…

Topology and Spectral Entanglement in Cavity-Mediated Photon Scattering
We develop a diagrammatic theory of cavity-mediated photon-photon interactions in a topological insulator using the SSH model. The fourth-order vertex $Γ^{(4)}(ω_1,ω_2)$ governs spectral entanglement and Kerr nonlinearity, leading to a nonlinear topological phase diagram. We also compute the electronic self-energy from vacuum photon exchange and identify symmetry-imposed limits on band renormalization. These results link band geometry to the emergence of light-matter correlations.

🖥️ #lazyssh – Terminal-based #SSH Manager inspired by #lazydocker & #k9s