opkssh is a tool that allows SSH access through OpenID Connect, enabling users to log in using their email identities instead of long-lived SSH keys. It generates SSH public keys with PK Tokens and integrates with various OpenID Providers, simplifying authentication for SSH users. Installation is straightforward via package managers or manual downloads, and the tool supports a range of operating systems including Linux, macOS, and Windows.

A new Linux malware called "Plague" has been discovered, allowing attackers persistent SSH access while evading traditional detection methods for over a year. It employs advanced obfuscation techniques and environment tampering to eliminate traces of malicious activity, making it particularly difficult to identify and analyze. Researchers emphasize its sophisticated nature and the ongoing threat it poses to Linux systems.

CVE-2024-28080 is an authentication bypass vulnerability in Gitblit that affects the SSH service, allowing exploitation for users with public keys assigned to their accounts. The issue arose from the interaction between Gitblit's authentication code and the Apache MINA SSH library, where incorrect handling of public key authentication led to unintended successful logins. Version 1.10, released on June 14, 2025, addresses this vulnerability along with two others.