#ssh
How to expand ubuntu server root storage? #server #partitioning #ssh
Can reverse tunneling be done from Windows? My edge server lets me connect to home and doesn't give any port errors but, on the home computer, it never completes connections through the tunnel. It just loads forever and then gives up. Frick. #ssh #techsupport
There it is. My #Nokia #N900 #eBay purchase has been blessed with #postmarketOS. This is going to be my new #MobileLinux #SSH #Terminal device.
After faffing around for the last couple of days, I finally managed to get Android #Termux to connect to one of my Linux PCs using #tailscale. Needed to create a id_rsa file with a #SSH key. Using #ChatGPT to point me in the right direction. Will never really need it. Just wanted to see if I could do it 😁
Issue with Insatll SSH key now entire OS is crashed #server #permissions #ssh #restore
With the constant rise of online threats, it becomes more crucial to ensure that your server is secure. Review these basic measures, and make your server safer. The steps in this guide are primarily geared towards Ubuntu and Debian, but the fundamental principles are the same.
@spinach not official slogan tho...
But the idea of OS/1337 is to take the concept of #Floppinux and make an actual #Linux distro one can daily-drive.
Granted #OS1337 on a 1440kB 3,5" FDD is more of a "#SSH #Terminal" than anything...
https://github.com/OS-1337/OS1337
Raspi-NAS absichern
Um meine Daten zu schützen, habe ich die DynDNS-Funktion an meiner Fritzbox deaktiviert und verzichte beim Raspi auf einen Webzugang. Sind meine Daten sicher?
#ctTippsundTricks #DynDNS #NAS #RaspberryPi #Security #SSH #news
Just released: AWS Y SSH Cheat Sheet by jaotalvaro
Download it free at http://www.cheatography.com/jaotalvaro/cheat-sheets/aws-y-ssh/?utm_source=mastodon
Here's their description of it: Información de cómo acceder a un servidor creado en AWS por medio de conexión SSH
Mal eine blöde #SSH-Frage, vielleicht weiß ja zufällig jemand eine einfache Lösung:
Ich sitze hinter einer restriktiven Firewall, die nach außen hin nur die Ports 443 und 80 geöffnet hat. Sprich: http(s) geht, ssh aber nicht.
Klar kann ich theoretisch auch eine SSH-Verbindung über die Ports 80 und 443 laufen lassen.
Der Server (Debian, ebenfalls meiner, offen zugänglich) hat aber auf diesen Ports schon einen nginx laufen, sprich: die Ports sind schon belegt.
Kennt jemand eine Möglichkeit, z.B. eine spezielle Subdomain oder einen (geheimen?) Pfad so einzurichten, dass ich am Ende meinem Server wieder bei Port 22 rauskomme?
Ziel ist es dann einen geschützten Eingang zu einem Reverse-SSH-Tunnel zum abgeschirmten Server zu installieren.
OpenVPN: I cant ping from remote to local, but local to remote works #networking #ssh #vpn #openvpn #ping
Synology: aggiornamento di Tailscale fuori dal Centro Pacchetti
https://gioxx.org/2023/09/25/synology-aggiornamento-di-tailscale-fuori-dal-centro-pacchetti/
#TechCoding #ARM #GitHub #Intel #Linux #OpenSource #OpenSourceSoftware #RicercaESviluppo #Software #SSH #Synology #SynologyDS216j #SynologyDS220 #Tailscale #TestHwSw #VPN
Synology: aggiornamento di Tailscale fuori dal Centro Pacchetti
https://gioxx.org/2023/09/25/synology-aggiornamento-di-tailscale-fuori-dal-centro-pacchetti/
#TechCoding #ARM #GitHub #Intel #Linux #OpenSource #OpenSourceSoftware #RicercaESviluppo #Software #SSH #Synology #SynologyDS216j #SynologyDS220 #Tailscale #TestHwSw #VPN
@beka_valentine For example a #PC running #OS1337 and using #Dropbear to #SSH into is a terminal...
if you've tried `ssh-copy-id` with a 1password managed ssh key, you can't because ssh-copy-id won't copy it without the private key also there, I think it's a like a "save the stupid user" thing. run your command first with `-f -n` for a quick dry run, then remove the `-n` it works, you just have to force it.
```
ssh-copy-id -f -i .ssh/1password.booger.id_ed25519.pub root@10.0.0.9
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/1password.booger.id_ed25519.pub"
```
@polpo @jcs In my mind, it’s futile to connect most #retro computers directly to the internet, barely a chance for up-to-date TCP stacks esp. considering #QUIC and the occasionally fast moving cipher changes. Perhaps all they would need is a pseudo-serial port that transparently corresponds to a data stream on todays internet, be it telnet, TLS, #SSH or QUIC. Possibly providing free getty functionality for ssh access, and reviving #zmodem for reliable file transfer.
A testing database I had on a VPS got hit with ransomware :blobfoxannoyed: It was testing and had nothing on it, so nothing was lost. But I don't get how it got pwned.
I hadn't bothered to change the default password on the database since it was an empty testing database, so yeah that makes it easy. But I had it behind #UFW firewall, access only allowed through #Tailscale. Password logins are disabled in #SSH and only key logins enabled, also only allowed through Tailscale.
How to secure #debian #linux #SSH with #2FA (G. Authenticator/FreeOTP)
1.Install PAM module
$ apt install libpam-google-authenticator
2. Generate QR Code and add token to your TOTP App
$ google-authenticator
3. Set these configuration in your /etc/ssh/sshd_config:
UsePAM yes
ChallengeResponseAuthentication yes
4. Edit /etc/pam.d/sshd and add below common-auth:
auth required pam_google_authenticator.so
5. Restart sshd
~ ❯ ssh root@server.home
Verification code:
root@server.home ~ #
Sizable #ssh #bruteforce via key happening now..of note, not on the standard ssh port. Source IP's here:
https://gist.github.com/silence-is-best/45ef5084eb1fc19325e215169f15a1dd
It's funny that sometimes #cryptography toots appear in my #tofu feed. There's a thing called Trust On First Use, which basically means that you trust a (public) key whenever it's used for the first time. For example, in #Matrix, you can begin chatting with a person right away after the chat is created (and keys exchanged in the background), even if you haven't verified the keys; your Matrix client will only warn you when the key is changed (which could be a sign of the account being compromised). #SSH has a similar feature (I think it's the program that made T.O.F.U. popular).
@Hoppel was hälst du von #OS1337?
https://os1337.com
https://github.com/OS-1337/OS1337
https://github.com/OS-1337
Ziel des Projektes ist eine minimalistische #Embedded - #Linux - Distribution zu bauen welche als #SSH-#Terminal bzw. #TUI-#Desktop genutzt werden kann.
https://en.wikipedia.org/wiki/Text-based_user_interface
https://en.wikipedia.org/wiki/Command-line_interface
Fail2ban with lots of IPs in log #networking #server #ssh #fail2ban
If the #iPhone15Pro action button allows #Shortcuts, does that mean, I can create a shortcut with a series of #SSH commands to destroy all of my server infrastructure by accidentally pushing it inside my pocket?
Count me in.
From the makers of pocket-called™️ comes out:
#PockedDowned
#PocketFormatted
#PocketAbandoningBusiness
#PocketCarreerCatapult
last but not least
#SSH is a standard tool, but it can be tricky to explain setup to people across different operating systems. Our updated SSH reference is designed to help people on all the standard platforms. If you ever needed a place to point people, this might work: https://scicomp.aalto.fi/scicomp/ssh/
Please help checking and send corrections for all the various operating systems, surely there is more to do still.
#HPC #RSEng #linux #OpenSSH
for #linux server admin i do not like #fail2ban, it's reactive security for #ssh
a better proactive approach for public-facing #debian systems is to safelist a trusted IP (or at least a subnet from one or more ISPs)
$ sudo ufw allow from 11.22.33.44
or
$ sudo ufw allow from 11.22.33.0/24
setup a cheap long-term VPS somewhere and setup pi-vpn, or use @tailscale for a trusted source IP for a personal linux admin bastion
Make Use Of: The 5 Best SSH Clients for Mac https://www.makeuseof.com/best-ssh-clients-mac/ #Tech #MakeUseOf #TechNews #IT via @morganeogerbc #RemoteAccess #Terminal #MacApps #Mac #SSH
「悪意のある # npm パッケージの新たな波が #Kubernetes 構成と #SSH キーを脅かす 」: The Hacker News
「
2023 年 9 月 20 日 THN Kubernetes / サプライ チェーン攻撃
サイバーセキュリティ
サイバーセキュリティ研究者は、Kubernetes 構成と SSH キーを侵害されたマシンからリモート サーバーに漏洩するように設計された悪意のあるパッケージの新しいバッチを npm パッケージ レジストリで発見しました。
Sonatype は、これまでに 14 の異なる npm パッケージを発見したと述べています」
https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html
These packages attempt to masquerade as legitimate JavaScript libraries and components, such as ESLint plugins and TypeScript SDK tools.
#TIL (better TItested)
#ssh #sshfs option ‹-o reconnect› lets a sshfs-mount 'virtually' survive a system suspend.
That is, the underlying connection will break after a short while and open files will be closed. But the remote filesystem stays mounted and gets reconnected upon the next access to it with a little delay.
very nice …
Learn how to synchronize your data on a local or remote computer with rsync https://www.fosslife.org/synchronize-your-data-rsync #shell #Linux #tools #data #rsync #SystemAdministration #SSH #Samba
An Excruciatingly Detailed Guide To #SSH (But Only The Things I Actually Find Useful) https://grahamhelton.com/blog/ssh-cheatsheet/
Was müssen die Besucher der #itsa2023 in diesem Jahr unbedingt auf dem #Cybersecurity-Radar haben und vor allem warum?
Statement von Dietmar Wyhs, #SSH
#itsa #HomeofITSecurity #ITSecurity #RemoteAccess #OTSecurity #SSH Communications Security# #passwordless #keyless #Quantumcomputing #Kryptografie #Verschlüsselung #Security #Cybersecurity #Sicherheitsmesse #Nürnberg #Cybersicherheit #ITSicherheit
how to set a static ip address for a server #networking #server #ssh #samba #vpn
SSH to Ubuntu virtual machine under Azure, permission denied (publickey) #networking #server #permissions #ssh #azure
Am I missing out by using SSH tunnelling to expose an application on my laptop to the Internet, for development purposes? #SSH #Networking #WebDevelopment #WebDev
#ssh tunneling is the greatest #invention of the modern era.
Install and configure SSH on Debian 12 Bookworm
https://edafe.de/2023/09/install-and-configure-ssh-on-debian-12-bookworm/
"The following configuration makes root logins on the remote machine impossible. Only users belonging to the group ssh-users may establish a connection. Access to the remote machine is tied to the local user’s private key."
How to connect via SSH to different Qemu instances #ssh #qemu #portforwarding
Flight: #TOM7LY
Registration: G-TUMD
ICAO code: #407642
Callsign: #TOMJET
Operator: Tui Airways Limited
Type: BOEING 737MAX 8
Country: 🇬🇧
From: #SSH to #MAN
Speed: 812 kmh
Altitude: 11582 m
Distance: 2.9 km
Angle ∆: 76.0°
Direction ->: WNW
Track:
http://globe.adsbexchange.com/?icao=407642&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
http://globe.adsb.fi/?icao=407642&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
History:
https://www.radarbox.com/data/mode-s/407642
https://www.flightradar24.com/data/aircraft/G-TUMD
Photos:
https://jetphotos.com/photo/keyword/G-TUMD
Seen: 13x
http://bit.ly/gift-for-radar-mechelen
Flight: #JAF5LC
Registration: OO-JAX
ICAO code: #44A838
Callsign: #BEAUTY
Operator: Tui Airlines Belgium
Type: BOEING 737-8K5
Country: 🇧🇪
From: #SSH to #BRU
Speed: 310 kmh
Altitude: 709 m
Distance: 4.7 km
Angle ∆: 8.6°
Direction ->: SSW
Track:
http://globe.adsbexchange.com/?icao=44A838&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
http://globe.adsb.fi/?icao=44A838&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
History:
https://www.radarbox.com/data/mode-s/44A838
https://www.flightradar24.com/data/aircraft/OO-JAX
Photos:
https://jetphotos.com/photo/keyword/OO-JAX
Seen: 52x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
My Remote Operation Setup
https://k8vsy.radio/2023/09/my-remote-operation-setup.html
#AmateurRadio #HamRadio #hamr #SSH #remote #vnc #sshtunnels #security #linux #ubuntu
not bad for a start #tailscale #termux #acl #ssh or may be i can do it without tailscale
#ssh-agent is a little program that exposes a standard API to your SSH clients that lets your SSH client create keys and sign stuff without actually having direct access to key material. Your SSH client typically talks to your agent over a Unix domain socket. The path to the domain socket is read from the SSH_AUTH_SOCK environment variable. OpenSSH comes with a default ssh-agent that holds key material in memory. The advantage is that key material never has to touch disk.
You can replace the default ssh-agent with a different one that manages key material some other way (e.g., by using the secure enclave on a Mac, or by using a #yubikey
https://github.com/smallstep/certificates/discussions/400#discussioncomment-106743
On my #android #androiddesktop I have several connectivity options with different issues: #ssh #vnc #remotedesktop #genymobile scrcpy
I am leaning heavy into #termux for command line options and have gcc, rust, go, python, and java already installed.
TIme for some X11. While non-termux options exist, I didn't really look hard at them at this time since my first pass at this is definitely termux-centric.
So here is the #xfce desktop via termux to provide more GUI options in the coming days.
@benzogaga33 et tu crois qu'un tunnel #ssh ça compte comme un vpn a leurs yeux? 😁^^
Editando las primeras clases del curso de Networking TCP/IP de JuncoTIC.com!!
Contenido adicional en los cursos de Admin GNU/Linux para LPIC-1, iptables y SSH, así que, alumnos de esos cursos, estén atentos que pronto recibirán mensajería anunciando nuevo contenido educativo 😀
#lpic #gnu #linux #lpi #iptables #ssh #curso #online #juncotic
This is another reason you should not use #SSH keys anywhere.
Git. Alternative Entra ID (any IDP) service account via OIDC or SAML. AWS IAM anywhere..
Linux/Unix server login - use code, redeploy never login to a server. Emergency use tools like AWS systems manager. Also works in your datacenters
https://grahamhelton.com/blog/ssh_agent/
Manage everything via code: https://rakkhi.substack.com/p/why-you-should-manage-your-cyber
So, I know this might be a bit odd and I already tried searching but didn't find anything really useful.
I need to be able to authenticate users using multiple 2FA providers (users in group1 should use provider1, users in group2 should use provider2, etc.) on the same #linux #ssh server.
Any clue, hint, pointer, ideas?
Thanks
I recently started experimenting with #gensio, which can do some really cool things with #serial ports, TCP ports, etc. It can make a serial line a framed, reliable communications medium. It can act like netcat, socat, and so forth. You can use it to run #ssh or #NNCP over a serial line, or provide an encryption layer itself. I wrote up some ideas here: https://www.complete.org/using-gensio-and-ser2net/
Last night I had my first experience with #x2go, a remote desktop solution (a very optimized X server) that simply leaves #RDP and #VNC in the dust and I did not know yet! 🤯
It was a brief suggestion, cited as FreeNX, in a video by Vagner Fonseca on another subject.
I shall post more about it soon. I can already say that it should receive much more attention and development in order to be better supported. It's incredible!
#FreeSoftware #FOSS #Xorg #RemoteDesktopSoftware #SSH #Xfce #LXDE
@schizanon@mas.to @enhance_dev@fosstodon.org I'm no developer but #ChromeOS is my main control center for my #homelab. It's pretty nice to have a sandboxed #Linux container and easy #ssh access for my servers. 😁
master connection needs to be open for another connection to be able to use the master connection.
The socket file is only available while the master connection is open. If you close the master connection then the socket file is removed. Any open "slave" connection will be closed if the master connection is closed.
#ssh
https://stackoverflow.com/questions/43595294/ssh-control-socket-does-not-exist-operation-timed-out
@cricalix thx.
Tho I guess #SSH-Client (#Dropbear) over #Ethernet will be all there is possible with #Linux Kernel 6.5...
Tho that'll still be more than #Floppinux did...but that's just me being pendantic.
OFC versions that can use #MiniCD or even #MiniDVD capacities would allow for much more and ideally it could be ported to everything in order to be a sleek toolkit if not to #MakeTerminalsGreatAgain!
@mdhughes I'm working on #Floppinux - Like #Linux distro that aims to be actually useable [as #SSH-Client / #Terminal] and fits into a 1440kB 3,5" FDD called OS/1337.
Few things infuriate me as much as brand new devices being sold with completely outdated components in their firmware.
Trying since far too long now to get my #Brother ADS-4300N scanner to talk to my #SSH server for pushing scanned documents to my #PaperlessNGX via SFTP.
One could ignore that it doesn't support #ed25519 for PubKey auth, but it can't even negotiate a connection since the provided MACs are apparently that outdated that a recent #OpenSSH doesn't even allow to enable them anymore.
How To Prevent #SSH Brute Force Attacks Using #Fail2ban In #Linux 🐧
https://ostechnix.com/prevent-ssh-brute-force-attacks-fail2ban-linux/
LSM provides hooks only for access control
Systems like #grsecurity and RSBAC 1 need >just access
control. in Implementations like #AppArmor , LIDS 2 , #POSIX capabilitites ,Smack 3 ,TOMOYO 4 ,#SELinux, Stacking multiple security modules is problematic , LSM hooks expose kernel internal data structures as parameters, #Ethos is running inside the Xen Virtual Machine Monitor #VMM
#Xen Dom0 OS is typically Linux. #Virtualization allows to run Ethos alongside Linux. 4
when Dom0 receives a packet destined to an Ethos host, its routing/ARP tables allow it to deliver packet correctly.
(1) request was received on interface n’s partition,
(2) target address belongs to a host that exists on an interface
other than n.
(3) ensure Dom0 has ARP table entries for each Ethos host.
#Ethos immediately sends a packet to shadowdæmon upon booting, and shadowdæmon uses this
packet to update Dom0’s static ARP table
when Dom0 receives a packet destined to an Ethos host, its routing/ARP tables allow it to deliver the packet correctly.
e fileInformation system call is interesting in that Ethos supports file metadata typically
not present on Linux. Here shadowdæmon makes use of Linux’s getxattr/setxattr system calls
to store Ethos metadata along with the files it describes. Shadowdæmon is also responsible for
providing Ethos with random data using a Random RPC.
. Shadowdæmon is also responsible for providing Ethos with random data using a Random RPC
Ethos offers distributed types in the Etypes subsystem:
A notation, ETN, for specifying types, a machine-readable type description (“type graph”), A single wire format (ETE), Tools (userspace and kernelspace) to transform ETN into code that will encode, decode, and recognize types,Extensions to read and write system calls to check input and output,Programs specify what input types they allow,Validity of input (and outputs) enforced by OS
#Kerberos was motivated by the transition from single, time-sharing systems to distributed
networks of workstations
a Kerberos installation is made up of two services: an authentication service and a Ticket Granting Service(TGS).
X.509 added a graph-based trust model to its traditional hierarchical model [94], but
its design imposes a high performance overhead. SDSI [95] also provides a strong trust model,
but likewise does not perform well at Internet scale. Another alternative is the web of trust
used by #PGP
#SSH attempts to isolate private keys by protecting them
#Multics provides a hierarchical filesystem that is governed by access control lists. Processes
serve as subjects and can access objects in the storage system. Each subject has associated
with it a value called a principal identifier, which corresponds to the user on whose behalf the
process runs. Each object in the storage system has associated with it three modes, read, write,
and execute. For each mode, there exists a list of principal identifiers that may access the object
using the mode.
likewise #Unix authorization traditionally has been discretionary.
#Factotum acts as an authentication proxy.
Consider a POP email server that must implement the APOP authentication protocol. On
Plan 9, such an email server would receive requests from the network and process them. In the
case of authentication requests, the email server forwards the request to factotum. Factotum
then provides the email server with the response it should pass to the client. Never in this process are keys shared with the email server.
#HiStar’s flow controls contain effect of a compromised app , serving as a countermeasure to one of the facets of application based subversion. Even if an app is compromised, it cannot bypass the flow controls that HiStar imposes on it. bu An app that operates within its information-flow constraints could easily be programmed or misconfigured so that protections are missing.
on traditional Unix systems, still remain with HiStar’s Unix layer
There are still a few things that I miss now that I removed #NextCloud for a fully #SSH / #SFTP solution. Especially when working with a #Windows workstation. But that would probably also be the case with #macos.
Keystroke timing obfuscation added to ssh(1) https://undeadly.org/cgi?action=article;sid=20230829051257 #OpenBSD #OpenSSH #ssh #ObscureKeystrokeTiming #security #trickery
"Keystroke timing obfuscation" has been added to ssh(1) client in #OpenBSD -current.
This uses the recently added "ping@openssh.com" vendor extension described in the PROTOCOL file.
https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL?annotate=HEAD
djm@ modified src/usr.bin/ssh/*: Add keystroke timing obfuscation to the client.
This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword.
feedback/ok markus@
🆕 blog! “Mosh supports .ssh/config”
I've recently started using Mosh. It's a clever bit of software that keeps your SSH sessions running, even if your client goes offline or changes IP address. But I find the syntax used to launch it a bit verbose and easy to forget. A typical command is something like: mosh --ssh="ssh -p 1234" myname@example.com Within […]
👀 Read more: https://shkspr.mobi/blog/2023/08/mosh-supports-ssh-config/
⸻
#HowTo #linux #mosh #ssh
I've recently started using Mosh. It's a clever bit of software that keeps your SSH sessions running, even if your client goes offline or changes IP address.
But I find the syntax used to launch it a bit verbose and easy to forget. A typical command is something like:
mosh --ssh="ssh -p 1234" myname@example.com
Within the FAQ is a fleeting mention of how to configure Mosh. It says:
Q: How do I use a different SSH port (not 22)?
As of Mosh 1.2, you can pass arguments to ssh like so:
mosh remotehost --ssh="ssh -p 2222"
Or configure a host alias in~/.ssh/configwith a Port directive. Mosh will respect that too.
What it doesn't say is that Mosh will use all the directives in ~/.ssh/config. So you can have something like:
Host home HostName example.com User myname Port 1234Then you can run mosh home to connect. If you don't want to use passwords, you can add IdentityFile ~/.ssh/example.key or similar.
Perhaps you already knew that - but I didn't.
Being a bit overzealus and did a 1.0.0 release candidate for `ssh-tpm-agent` :)
Now with RSA key support, import support, an `ssh-tpm-add` utility and proxy support for other agents.
https://github.com/Foxboron/ssh-tpm-agent/releases/tag/v1.0.0-rc1
This is extremely frustrating.
I host a piece of software on my server for my father. He connects to it via #SSH (using #PuTTY ). He just got a new computer, and wanted me to set it up so that he could connect, just like I did with his previous computer. No problem right?
I show up, generate the key, and authorize it on the server, but for whatever reason PuTTY refuses to acknowledge the existence of this key. I know it's not even trying, because it doesn't even ask for the passphrase to decrypt it.
Has something changed in the latest version of PuTTY that I just don't know about? Do I need to do something the enable public key authentication beyond simply specifying the path to the key?
SSH aliases are so awesome! I learned about this very recently. I have something like the following in my .ssh/config file for every server I SSH into:
Host servername
HostName <domain_or_ip_address>
User <my_username>
IdentityFile <path_to_my_private_key>
, and it lets me just go like, ssh servername, enter my passphrase, and be logged in. #Linux #ssh
Did an initial v0.1.0 release of `ssh-tpm-agent`.
https://github.com/Foxboron/ssh-tpm-agent/releases/tag/v0.1.0
Should be in some state suitable for testing by users for feedback.
The project was also renamed from `tpm-ssh-agent` to `ssh-tpm-agent`. Someone thought it would make more sense :)
I forget who it was who suggested an #SSH socks proxy, but thanks! It worked like a charm when I needed to access some sites from my computer in the USA, while I was in Japan.
I used the directions from this page: https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/
@Lili Bis #SSH gilt ja auch noch der Platinum Bereich ☝️ ... Bei Velaros ist das ja einfacher, da sind zumindest die Sticker, in den Baguette musste ich einmal selbst dem Zub einen Auzug aus deren Fahrzeugregister zeigen, bis die mir geglaubt haben, dass es in der 1. Klasse in den 2N2 3UA eben doch Platinum / TGV MAX Plaetze gibt.
* wenn du dann sowohl Platinum, als auch TGV PRO MAX zeigst gucken die uebrigens meistens etwas komisch und schuetteln nur den Kopf ...
Not surprisingly, logs can be really helpful 🙂 I could not get password-less ssh to work to one of my hosts. I looked at /var/log/auth.log and the message was very specific - "Authentication refused: bad ownership or modes for directory /home/dennis" Yep. /home/dennis had drifted from 750 which #ssh wants. Easy fix.
#linux
TIL: You can download your GitHub SSH public keys from this URL:
https://github.com/username.keys
...which is quite handy when you want to register your keys on a new machine with internet access ;)
Why do nerds always do this; overcomplicate everything?
Generating public/private key pairs isn't simple, but it's pretty common by now. I do it every time I set up #git on a new computer. I do it when I use #PGP. I do it when I #ssh
Nerds were like; "I know let's encode the private key in a series of words so people can memorize them" and now you've got two private keys!
#Bitcoin was already kinda complicated, and now #wallets are 100x more complicated!!!
@climagic well, #WireGuard in it's premise is basically "What if we take #SSH-#Tunneling and make it a dedicaded #VPN protocol?" and that is a good thing...
@Houl only supporting #SSH-#Tunneling as well as #OpenVPN over #Tor ...
Before executing important commands and scripts over #SSH, use #screen in case of disconnect. If your connection drops or you close the terminal, you can SSH back in and enter `screen -r` to recover from where you left off. Being reunited with that hanging command prompt will be a relief! #tuesdaytip #gnu #linux #cli #admin
Sharing open, pbcopy and pbpaste over #SSH
Got to a good place with my ongoing #Paramiko (#Fabric #Python #SSH etc) work* ✨ great way to end the week!
Also weedwhacked the absolute shit out of a lawnfull of dandelions this afternoon.
It is time for some well-earned 🥃 (#Akashi white label #whisky) and 🥋📽️ (#Hapkido starting Angela Mao, aka "Lady #KungFu”).
* For those interested in Protocol Bullshit and/or Software Architecture Bullshit, see https://github.com/paramiko/paramiko/issues/23#issuecomment-1516536336 and subsequent comment(s).
@Migueldeicaza Here is a new Issue requesting #hardware #SecurityKeys (e.g. #yubikey) for #SSH #authentication in the #LaTerminal #ios #app by #Xibbon.
Give it a vote if you think this is useful!
@jaredwhite @cappiello @vanilla @bridgetown Oh, I know. I'd prefer to stick with back-end development (.NET, C#, ASP.NET, SQL Server) because I'm familiar with it and I only got into coding because it pays better than cleaning toilets, but I keep landing in projects that want full-stack so I must perforce adapt.
On my personal website, though, my stack is #make, #bash, #sed, #awk., #pandoc, #htmlXmlUtils, and #ImageMagick. Deployment is #rsync over #ssh. :)
#ICYMI #GitHub using GitHub to expose its own secrets
https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
Mike Hanley (https://github.com/mph4), Chief Security Officer + SVP Engineering:
> At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com
> This week, we discovered that GitHub.com’s RSA SSH private key was briefly exposed in a public GitHub repository.
@SwiftOnSecurity one can easily read out said info from the systems without admin privilegues and gather extensive intelligence hidden before actually attacking the corporate IT and locking out admins first...
Also if they're using #Windows then their #ITsec is already unfixably fucked!
Why they don't use a proper auth with #SSH [-Keys] is beyond me except the fact that #Windows doesn't have any (good) #OpenSSH #Server included nor can it be actually used to admin a system effectively!
#ssh tip
if you have multiple keys, you can change the comment in the key with the #OpenSSH command "ssh-keygen -c -f .ssh/file". That way, when you look at what keys are loaded or are in use, the programs can tell you who is what.
Super helpful for keeping track of event keys or organization keys.
$ ssh-add -l
3072 SHA256:[hash] phessler@hostname (RSA)
256 SHA256:[hash] phessler@hostname (ED25519)
3072 SHA256:[hash] phesslerr@event-year (RSA)
As usual, Matthew wrote a bloody good post ..take a peek at the GitHub fiasco ...
https://mjg59.dreamwidth.org/65874.html
Thanks, man! @mjg59