Hardened security and passwordless login with ed25519 SSH keys

preview_player
Показать описание
ed25519 SSH keys are finally here and Druvis will show you how to make use of them.

Note: Private key import functionality is still in development and the custom OpenSSH key format (used by ssh-keygen) might not get implemented for the ed25519 key type.

0:00 Intro
0:48 Host key explained
02:00 ed25519 host key
02:19 strong-crypto explained
03:09 ed25519 user key
04:16 Outro
  1. MikroTik
  2. mikrotik
  3. routerboard
  4. routeros
  5. latvia
Рекомендации по теме
Hardened security and 0:04:37

Hardened security and passwordless login with ed25519 SSH keys

Configure SSH Password 0:05:48

Configure SSH Password less Login Authentication using SSH keygen on Linux

Harden your Linux 0:06:33

Harden your Linux server using SSH keys

Don't use passwords 0:20:59

Don't use passwords anymore! Teleport with YubiKey passwordless login

Passwordless login IBM 0:04:54

Passwordless login IBM Cloud Virtual Server (VSI)

5 Easy Ways 0:03:42

5 Easy Ways to Secure Your SSH Server

Synology NAS Ransomware 0:13:08

Synology NAS Ransomware Protection w/ VLANs and Passkeys!

''It Me': Under 0:39:57

''It Me': Under the Hood of Web Authentication' by Yan Zhu, Garrett Robinson

The Future of 0:56:43

The Future of Passwords #cybersecurity #password

Mastering Linux Security 0:08:40

Mastering Linux Security and Hardening: GNU Privacy Guard|packtpub.com

Hardening password security 0:47:27

Hardening password security across hybrid Active Directory in 2020

The State of 0:23:20

The State of Passwordless Authentication

How to NOT 0:11:08

How to NOT Harden SSH

Stop Phishing Attacks 0:06:01

Stop Phishing Attacks in Two Simple Steps

SSH Authentication with 0:00:16

SSH Authentication with QR Code PAM

10 Basic Ways 0:07:34

10 Basic Ways to Secure Ubuntu from Hackers

Linux server hardening 0:00:08

Linux server hardening III

Modern Security w/ 0:18:55

Modern Security w/ End-to-End Zero Trust Strategy

What's new in 0:22:50

What's new in Windows identity and credential protection

Street Cred Passwords 0:50:19

Street Cred Passwords to Passwordless | Wolfgang Goerlich | WWHF San Diego 2022

Strengthening Your Okta 1:00:31

Strengthening Your Okta Security: A Hands-On Security Walkthrough Session

The four pillars 0:06:38

The four pillars of Windows network security

Ask the Experts: 0:30:53

Ask the Experts: Deploying secure passwordless solutions | ATE109

Hardened OpenSSH Server 0:01:16

Hardened OpenSSH Server Using Multi-Factor Authentication (WWPass PassKey)

Комментарии
Автор

25519 uses a fixed key size so the `-b` argument to `ssh-keygen` will be ignored, FYI.

AlexanderNecheff
Автор

More and more you raise the status of the video. Well done!

markdudov
Автор

When will Ed25519-sk keys be able to be used?
Combined with Yubikey, this provides even greater security

YoSi
Автор

I'd love to see a better error reporting for failed (key) imports. It took me a while to see why import of my public key (and CA intermediate certificates) failed without an error message.
My file was \r\n (windows) encoded instead of \n (linux)

Andre-jjxs
Автор

When winbox will support passwordless auth?

pavelsmarhels
Автор

amazing, been using these exclusively for 10 years, never knew people were so insanely slow they didn't actually have it available already.

gg-gnre
Автор

What about more care about url filtering, dns filtering, DPI

samerkabalan
Автор

Well i think the real question is, how do you do this on +-2000 routers and add remove users public keys on staff rotation/key compromised etc. These videos are awesome, but doing things for 1 user and 1 router is not the same as managing a fleet or routers and a staff base

ryandekock
Автор

When will the support for ed25519 be available for generating certificates and IKEv2?

njmpkow
Автор

"If you're paranoid, you check it ..." Anyone ever did that?

feicodeboer
Автор

hello, is there any resource on hoe to sign a message using ed25519 keys in cpp?

hefrcku
Автор

We need support for 25519 for certificates and IKEv2

user_-lg
Автор

Mr Druvis - great video overall, but you left out a very important step.

How do you verify host key fingerprint from RouterOS?
When connecting via an external SSH client, it says:
"The authenticity of host ... can't be established. The fingerprint is ..."

No, it is not just the paranoid that should be checking this.
We should be recommending good security practises.

tim_the_grim
Автор

Are any plans in the future for a native linux Winbox app?

JoseMedina-irzi
Автор

Before I do all that, can you tell me how I get back in when I've screwed up and locked myself out? Not saying that I'm going to do that but I'm the sort of person who saws a branch of a tree while standing on it. 😂

Graham_Rule
Автор

when exporting host key, only private part is exported as PEM format, when using ed25519 host key type at /ip/ssh configuration. Is this intentional? How can I import public key then in another router, for allowing a main router to act as a password-less client for a different router? (as explained in your first video regarding ssh keys)

javierhorrillo