7 hours ago

How to expand ubuntu server root storage? #server #partitioning #ssh

Brad Ganley
12 hours ago

Can reverse tunneling be done from Windows? My edge server lets me connect to home and doesn't give any port errors but, on the home computer, it never completes connections through the tunnel. It just loads forever and then gives up. Frick. #ssh #techsupport

There it is. My #Nokia #N900 #eBay purchase has been blessed with #postmarketOS. This is going to be my new #MobileLinux #SSH #Terminal device.

#Linux #LinuxMobile

Photo of a Nokia N900 smartphone with the keyboard extended.
Minty95 :archlinux:
1 day ago

After faffing around for the last couple of days, I finally managed to get Android #Termux to connect to one of my Linux PCs using #tailscale. Needed to create a id_rsa file with a #SSH key. Using #ChatGPT to point me in the right direction. Will never really need it. Just wanted to see if I could do it 😁

1 day ago

Holy shit, my #windows server just woke up from sleep when I typed something into my #ssh session! Nice!

1 day ago

Issue with Insatll SSH key now entire OS is crashed #server #permissions #ssh #restore

1 day ago

With the constant rise of online threats, it becomes more crucial to ensure that your server is secure. Review these basic measures, and make your server safer. The steps in this guide are primarily geared towards Ubuntu and Debian, but the fundamental principles are the same.

#linux #server #security #hardeing #ssh #firewall

@spinach not official slogan tho...

But the idea of OS/1337 is to take the concept of #Floppinux and make an actual #Linux distro one can daily-drive.

Granted #OS1337 on a 1440kB 3,5" FDD is more of a "#SSH #Terminal" than anything...

c't Magazin
2 days ago

Raspi-NAS absichern

Um meine Daten zu schützen, habe ich die DynDNS-Funktion an meiner Fritzbox deaktiviert und verzichte beim Raspi auf einen Webzugang. Sind meine Daten sicher?

#ctTippsundTricks #DynDNS #NAS #RaspberryPi #Security #SSH #news

2 days ago

Just released: AWS Y SSH Cheat Sheet by jaotalvaro

Download it free at

Here's their description of it: Información de cómo acceder a un servidor creado en AWS por medio de conexión SSH

@cheatsheets #CheatSheet #CheatSheets #ssh #aws

A printable reference titled AWS Y SSH Cheat Sheet
Christian Meyer
2 days ago

Mal eine blöde #SSH-Frage, vielleicht weiß ja zufällig jemand eine einfache Lösung:

Ich sitze hinter einer restriktiven Firewall, die nach außen hin nur die Ports 443 und 80 geöffnet hat. Sprich: http(s) geht, ssh aber nicht.

Klar kann ich theoretisch auch eine SSH-Verbindung über die Ports 80 und 443 laufen lassen.

Der Server (Debian, ebenfalls meiner, offen zugänglich) hat aber auf diesen Ports schon einen nginx laufen, sprich: die Ports sind schon belegt.

Kennt jemand eine Möglichkeit, z.B. eine spezielle Subdomain oder einen (geheimen?) Pfad so einzurichten, dass ich am Ende meinem Server wieder bei Port 22 rauskomme?

Ziel ist es dann einen geschützten Eingang zu einem Reverse-SSH-Tunnel zum abgeschirmten Server zu installieren.

2 days ago

OpenVPN: I cant ping from remote to local, but local to remote works #networking #ssh #vpn #openvpn #ping

2 days ago

How do I make ssh ask for the password every time? #ssh #2204 #openssh

2 days ago

Execute Sudo and ssh sequentially through shell script #ssh #sudo

@beka_valentine For example a #PC running #OS1337 and using #Dropbear to #SSH into is a terminal...

3 days ago

if you've tried `ssh-copy-id` with a 1password managed ssh key, you can't because ssh-copy-id won't copy it without the private key also there, I think it's a like a "save the stupid user" thing. run your command first with `-f -n` for a quick dry run, then remove the `-n` it works, you just have to force it.

ssh-copy-id -f -i .ssh/ root@
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/"


3 days ago

Rsync Local to Remote - Stating both source and destination are remote #server #ssh #rsync

John Bokma
3 days ago

Go project in 2023, Infecting SSH Public Keys, and the popover API

#go #ssh #security #html #emacs

👉 Please retweet if you ❤ Plurrrr. Thanks! 👍

4 days ago

@polpo @jcs In my mind, it’s futile to connect most #retro computers directly to the internet, barely a chance for up-to-date TCP stacks esp. considering #QUIC and the occasionally fast moving cipher changes. Perhaps all they would need is a pseudo-serial port that transparently corresponds to a data stream on todays internet, be it telnet, TLS, #SSH or QUIC. Possibly providing free getty functionality for ssh access, and reviving #zmodem for reliable file transfer.

Kaan Barmore-Genç
4 days ago

A testing database I had on a VPS got hit with ransomware :blobfoxannoyed: It was testing and had nothing on it, so nothing was lost. But I don't get how it got pwned.

I hadn't bothered to change the default password on the database since it was an empty testing database, so yeah that makes it easy. But I had it behind #UFW firewall, access only allowed through #Tailscale. Password logins are disabled in #SSH and only key logins enabled, also only allowed through Tailscale.

Larvitz :verified: :redhat:
4 days ago

How to secure #debian #linux #SSH with #2FA (G. Authenticator/FreeOTP)

1.Install PAM module
$ apt install libpam-google-authenticator

2. Generate QR Code and add token to your TOTP App
$ google-authenticator

3. Set these configuration in your /etc/ssh/sshd_config:
UsePAM yes
ChallengeResponseAuthentication yes

4. Edit /etc/pam.d/sshd and add below common-auth:
auth required

5. Restart sshd

~ ❯ ssh root@server.home
Verification code:
root@server.home ~ #

4 days ago

Sizable #ssh #bruteforce via key happening now..of note, not on the standard ssh port. Source IP's here:

It's funny that sometimes #cryptography toots appear in my #tofu feed. There's a thing called Trust On First Use, which basically means that you trust a (public) key whenever it's used for the first time. For example, in #Matrix, you can begin chatting with a person right away after the chat is created (and keys exchanged in the background), even if you haven't verified the keys; your Matrix client will only warn you when the key is changed (which could be a sign of the account being compromised). #SSH has a similar feature (I think it's the program that made T.O.F.U. popular).

Kristian Purrucker
5 days ago

Da ich immer mal wieder von Kollegen gefragt werde, wie man #ssh als #socks #proxy verwendet, habe ich es in meinem Blog noch mal genau erklärt und gemalt.

5 days ago

If the #iPhone15Pro action button allows #Shortcuts, does that mean, I can create a shortcut with a series of #SSH commands to destroy all of my server infrastructure by accidentally pushing it inside my pocket?

Count me in.

From the makers of pocket-called™️ comes out:


last but not least


Aalto Scientific Computing
5 days ago

#SSH is a standard tool, but it can be tricky to explain setup to people across different operating systems. Our updated SSH reference is designed to help people on all the standard platforms. If you ever needed a place to point people, this might work:

Please help checking and send corrections for all the various operating systems, surely there is more to do still.
#HPC #RSEng #linux #OpenSSH

Screenshot of attached link, text is:


Check the tabs below for your operating system and methods to see which method you want to use.

Tabs: Windows with PowerShell, Windows with WSL, Windows with PuTTY, Windows with MobaXterm, Linux, Mac.

Tab Linux is selected:
SSH is built-in to almost any distribution. If it’s not there, try installing the openssh-client package.

Start the Terminal application to follow the rest of the instructions. Then, follow the “Command Line” instructions on most of this page.


This guide uses Aalto University’s HPC cluster as an example, but should be applicable to other remote servers at Aalto as well and many other outsiders as well.
Screenshot of table of contest:

- Setup Basic use: connect to a server
- SSH keys: better than just passwords
- ProxyJump
- Multiplexing
- Config file: don't type so many options
- References
6 days ago

for #linux server admin i do not like #fail2ban, it's reactive security for #ssh

a better proactive approach for public-facing #debian systems is to safelist a trusted IP (or at least a subnet from one or more ISPs)

$ sudo ufw allow from


$ sudo ufw allow from

setup a cheap long-term VPS somewhere and setup pi-vpn, or use @tailscale for a trusted source IP for a personal linux admin bastion

6 days ago

「悪意のある # npm パッケージの新たな波が #Kubernetes 構成と #SSH キーを脅かす 」: The Hacker News

 2023 年 9 月 20 日  THN Kubernetes / サプライ チェーン攻撃

サイバーセキュリティ研究者は、Kubernetes 構成と SSH キーを侵害されたマシンからリモート サーバーに漏洩するように設計された悪意のあるパッケージの新しいバッチを npm パッケージ レジストリで発見しました。

Sonatype は、これまでに 14 の異なる npm パッケージを発見したと述べています」

#prattohome #TheHackerNews

6 days ago

These packages attempt to masquerade as legitimate JavaScript libraries and components, such as ESLint plugins and TypeScript SDK tools.

#Cybersecurity #SSH #npm #Cyberthreat

1 week ago

#TIL (better TItested)
#ssh #sshfs option ‹-o reconnect› lets a sshfs-mount 'virtually' survive a system suspend.

That is, the underlying connection will break after a short while and open files will be closed. But the remote filesystem stays mounted and gets reconnected upon the next access to it with a little delay.

very nice …

1 week ago

Learn how to synchronize your data on a local or remote computer with rsync #shell #Linux #tools #data #rsync #SystemAdministration #SSH #Samba

school of large sardines swimming
Jason Yip
1 week ago

An Excruciatingly Detailed Guide To #SSH (But Only The Things I Actually Find Useful)

1 week ago

Was müssen die Besucher der #itsa2023 in diesem Jahr unbedingt auf dem #Cybersecurity-Radar haben und vor allem warum?

Statement von Dietmar Wyhs, #SSH

#itsa #HomeofITSecurity #ITSecurity #RemoteAccess #OTSecurity #SSH Communications Security# #passwordless #keyless #Quantumcomputing #Kryptografie #Verschlüsselung #Security #Cybersecurity #Sicherheitsmesse #Nürnberg #Cybersicherheit #ITSicherheit

@gameplayervent That is also a reason to choose it.

Personally I do intent to use #cURL as only dependency for #spm as #PackageManager for #OS1337 editions beyond the #CORE variant that only has #Linux #Kernel, #Toybox and #bdclient [#Dropbear #SSH #Client]...

1 week ago

how to set a static ip address for a server #networking #server #ssh #samba #vpn

1 week ago

SSH to Ubuntu virtual machine under Azure, permission denied (publickey) #networking #server #permissions #ssh #azure

Sal Rahman
1 week ago

Am I missing out by using SSH tunnelling to expose an application on my laptop to the Internet, for development purposes? #SSH #Networking #WebDevelopment #WebDev

#ssh tunneling is the greatest #invention of the modern era.

1 week ago

Install and configure SSH on Debian 12 Bookworm

"The following configuration makes root logins on the remote machine impossible. Only users belonging to the group ssh-users may establish a connection. Access to the remote machine is tied to the local user’s private key."

#linux #debian #debian12 #ubuntu #ssh #openssh #howto

1 week ago

How to connect via SSH to different Qemu instances #ssh #qemu #portforwarding

not bad for a start #tailscale #termux #acl #ssh or may be i can do it without tailscale

#ssh-agent is a little program that exposes a standard API to your SSH clients that lets your SSH client create keys and sign stuff without actually having direct access to key material. Your SSH client typically talks to your agent over a Unix domain socket. The path to the domain socket is read from the SSH_AUTH_SOCK environment variable. OpenSSH comes with a default ssh-agent that holds key material in memory. The advantage is that key material never has to touch disk.
You can replace the default ssh-agent with a different one that manages key material some other way (e.g., by using the secure enclave on a Mac, or by using a #yubikey

Riku Voipio
2 weeks ago

Dear lazyweb: SSH CA users, how do you deal with lack of intermediate CA support?


2 weeks ago

On my #android #androiddesktop I have several connectivity options with different issues: #ssh #vnc #remotedesktop #genymobile scrcpy

I am leaning heavy into #termux for command line options and have gcc, rust, go, python, and java already installed.

TIme for some X11. While non-termux options exist, I didn't really look hard at them at this time since my first pass at this is definitely termux-centric.

So here is the #xfce desktop via termux to provide more GUI options in the coming days.

Screenshot of XFCE4 running on Android via Termux
2 weeks ago

@benzogaga33 et tu crois qu'un tunnel #ssh ça compte comme un vpn a leurs yeux? 😁^^

Editando las primeras clases del curso de Networking TCP/IP de!!

Contenido adicional en los cursos de Admin GNU/Linux para LPIC-1, iptables y SSH, así que, alumnos de esos cursos, estén atentos que pronto recibirán mensajería anunciando nuevo contenido educativo 😀

#lpic #gnu #linux #lpi #iptables #ssh #curso #online #juncotic

2 weeks ago

This is another reason you should not use #SSH keys anywhere.

Git. Alternative Entra ID (any IDP) service account via OIDC or SAML. AWS IAM anywhere..
Linux/Unix server login - use code, redeploy never login to a server. Emergency use tools like AWS systems manager. Also works in your datacenters

Manage everything via code:

So, I know this might be a bit odd and I already tried searching but didn't find anything really useful.
I need to be able to authenticate users using multiple 2FA providers (users in group1 should use provider1, users in group2 should use provider2, etc.) on the same #linux #ssh server.
Any clue, hint, pointer, ideas?


John Goerzen
2 weeks ago

I recently started experimenting with #gensio, which can do some really cool things with #serial ports, TCP ports, etc. It can make a serial line a framed, reliable communications medium. It can act like netcat, socat, and so forth. You can use it to run #ssh or #NNCP over a serial line, or provide an encryption layer itself. I wrote up some ideas here:

2 weeks ago

Last night I had my first experience with #x2go, a remote desktop solution (a very optimized X server) that simply leaves #RDP and #VNC in the dust and I did not know yet! 🤯

It was a brief suggestion, cited as FreeNX, in a video by Vagner Fonseca on another subject.

I shall post more about it soon. I can already say that it should receive much more attention and development in order to be better supported. It's incredible!

#FreeSoftware #FOSS #Xorg #RemoteDesktopSoftware #SSH #Xfce #LXDE

2 weeks ago I'm no developer but #ChromeOS is my main control center for my #homelab. It's pretty nice to have a sandboxed #Linux container and easy #ssh access for my servers. 😁

master connection needs to be open for another connection to be able to use the master connection.

The socket file is only available while the master connection is open. If you close the master connection then the socket file is removed. Any open "slave" connection will be closed if the master connection is closed.

Life is Tetris
2 weeks ago

@strypey ID should be separate from services. In the age of Git hosting services making an #SSH certificate required to interact with them via Git, it should be worth a try getting academics to use #GPG keys like some computer practitioners do.

@cricalix thx.

Tho I guess #SSH-Client (#Dropbear) over #Ethernet will be all there is possible with #Linux Kernel 6.5...

Tho that'll still be more than #Floppinux did...but that's just me being pendantic.

OFC versions that can use #MiniCD or even #MiniDVD capacities would allow for much more and ideally it could be ported to everything in order to be a sleek toolkit if not to #MakeTerminalsGreatAgain!

@cyclops @neurovagrant #ExFAT is also #patented and may not be supported either.

A lot of #fileManagers on #Android support connecting to an #SMB / #CIFS / #Samba share from a #NAS or #SFTP / #SSH to a server...

@mdhughes I'm working on #Floppinux - Like #Linux distro that aims to be actually useable [as #SSH-Client / #Terminal] and fits into a 1440kB 3,5" FDD called OS/1337.

Elias Probst
2 weeks ago

Few things infuriate me as much as brand new devices being sold with completely outdated components in their firmware.
Trying since far too long now to get my #Brother ADS-4300N scanner to talk to my #SSH server for pushing scanned documents to my #PaperlessNGX via SFTP.

One could ignore that it doesn't support #ed25519 for PubKey auth, but it can't even negotiate a connection since the provided MACs are apparently that outdated that a recent #OpenSSH doesn't even allow to enable them anymore.

Peter N. M. Hansteen
3 weeks ago

Why oh why did I not discover the -C option for #scp earlier? It's a real timesaver. #ssh #openssh

LSM provides hooks only for access control
Systems like #grsecurity and RSBAC 1 need >just access
control. in Implementations like #AppArmor , LIDS 2 , #POSIX capabilitites ,Smack 3 ,TOMOYO 4 ,#SELinux, Stacking multiple security modules is problematic , LSM hooks expose kernel internal data structures as parameters, #Ethos is running inside the Xen Virtual Machine Monitor #VMM
#Xen Dom0 OS is typically Linux. #Virtualization allows to run Ethos alongside Linux. 4

when Dom0 receives a packet destined to an Ethos host, its routing/ARP tables allow it to deliver packet correctly.

(1) request was received on interface n’s partition,

(2) target address belongs to a host that exists on an interface
other than n.
(3) ensure Dom0 has ARP table entries for each Ethos host.

#Ethos immediately sends a packet to shadowdæmon upon booting, and shadowdæmon uses this
packet to update Dom0’s static ARP table
when Dom0 receives a packet destined to an Ethos host, its routing/ARP tables allow it to deliver the packet correctly.
e fileInformation system call is interesting in that Ethos supports file metadata typically
not present on Linux. Here shadowdæmon makes use of Linux’s getxattr/setxattr system calls
to store Ethos metadata along with the files it describes. Shadowdæmon is also responsible for
providing Ethos with random data using a Random RPC.
. Shadowdæmon is also responsible for providing Ethos with random data using a Random RPC
Ethos offers distributed types in the Etypes subsystem:
A notation, ETN, for specifying types, a machine-readable type description (“type graph”), A single wire format (ETE), Tools (userspace and kernelspace) to transform ETN into code that will encode, decode, and recognize types,Extensions to read and write system calls to check input and output,Programs specify what input types they allow,Validity of input (and outputs) enforced by OS
#Kerberos was motivated by the transition from single, time-sharing systems to distributed
networks of workstations
a Kerberos installation is made up of two services: an authentication service and a Ticket Granting Service(TGS).
X.509 added a graph-based trust model to its traditional hierarchical model [94], but
its design imposes a high performance overhead. SDSI [95] also provides a strong trust model,
but likewise does not perform well at Internet scale. Another alternative is the web of trust
used by #PGP
#SSH attempts to isolate private keys by protecting them
#Multics provides a hierarchical filesystem that is governed by access control lists. Processes
serve as subjects and can access objects in the storage system. Each subject has associated
with it a value called a principal identifier, which corresponds to the user on whose behalf the
process runs. Each object in the storage system has associated with it three modes, read, write,
and execute. For each mode, there exists a list of principal identifiers that may access the object
using the mode.
likewise #Unix authorization traditionally has been discretionary.
#Factotum acts as an authentication proxy.
Consider a POP email server that must implement the APOP authentication protocol. On
Plan 9, such an email server would receive requests from the network and process them. In the
case of authentication requests, the email server forwards the request to factotum. Factotum
then provides the email server with the response it should pass to the client. Never in this process are keys shared with the email server.
#HiStar’s flow controls contain effect of a compromised app , serving as a countermeasure to one of the facets of application based subversion. Even if an app is compromised, it cannot bypass the flow controls that HiStar imposes on it. bu An app that operates within its information-flow constraints could easily be programmed or misconfigured so that protections are missing.
on traditional Unix systems, still remain with HiStar’s Unix layer

Joel Carnat ♑ 🐘
3 weeks ago

There are still a few things that I miss now that I removed #NextCloud for a fully #SSH / #SFTP solution. Especially when working with a #Windows workstation. But that would probably also be the case with #macos.

IIRC it was 2014,
fwiw , I am available for #tmux pairing on pltRedex 1 , #nix & misc emacs #lisp dsl
( a #racket dsl), #uuagc , keyboard pkgs
atm handle - sameers #pubnix on 2 or on local #ssh (thanks to #tailscale \ #wireguard -pfa)

"Keystroke timing obfuscation" has been added to ssh(1) client in #OpenBSD -current.

This uses the recently added "" vendor extension described in the PROTOCOL file.

djm@ modified src/usr.bin/ssh/*: Add keystroke timing obfuscation to the client.

This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword.

feedback/ok markus@

#OpenSSH #ssh

Terence Eden
1 month ago

🆕 blog! “Mosh supports .ssh/config”

I've recently started using Mosh. It's a clever bit of software that keeps your SSH sessions running, even if your client goes offline or changes IP address. But I find the syntax used to launch it a bit verbose and easy to forget. A typical command is something like: mosh --ssh="ssh -p 1234" Within […]

👀 Read more:

#HowTo #linux #mosh #ssh

Unix is user-friendly — it's just choosy about who its friends are.
1 month ago

I've recently started using Mosh. It's a clever bit of software that keeps your SSH sessions running, even if your client goes offline or changes IP address.

But I find the syntax used to launch it a bit verbose and easy to forget. A typical command is something like:

mosh --ssh="ssh -p 1234"

Within the FAQ is a fleeting mention of how to configure Mosh. It says:

Q: How do I use a different SSH port (not 22)?
As of Mosh 1.2, you can pass arguments to ssh like so:
mosh remotehost --ssh="ssh -p 2222"
Or configure a host alias in ~/.ssh/config with a Port directive. Mosh will respect that too.

What it doesn't say is that Mosh will use all the directives in ~/.ssh/config. So you can have something like:

Host home     HostName     User myname     Port 1234

Then you can run mosh home to connect. If you don't want to use passwords, you can add IdentityFile ~/.ssh/example.key or similar.

Perhaps you already knew that - but I didn't.

#HowTo #linux #mosh #ssh

Unix is user-friendly — it's just choosy about who its friends are.
Morten Linderud
1 month ago

Anyone know why rsa-sha2-256/512 insists on using the sha1 instead of sha256 for the signing operation itself?

#openssh #ssh

Morten Linderud
2 months ago

Being a bit overzealus and did a 1.0.0 release candidate for `ssh-tpm-agent` :)

Now with RSA key support, import support, an `ssh-tpm-add` utility and proxy support for other agents.

#SSH #TPM #Security #Linux

Jonathan Lamothe
2 months ago

This is extremely frustrating.

I host a piece of software on my server for my father. He connects to it via #SSH (using #PuTTY ). He just got a new computer, and wanted me to set it up so that he could connect, just like I did with his previous computer. No problem right?

I show up, generate the key, and authorize it on the server, but for whatever reason PuTTY refuses to acknowledge the existence of this key. I know it's not even trying, because it doesn't even ask for the passphrase to decrypt it.

Has something changed in the latest version of PuTTY that I just don't know about? Do I need to do something the enable public key authentication beyond simply specifying the path to the key?


2 months ago

Secret escape codes

<Enter> ~ .

↑ Quit #SSH when it's hung.


↑ Enter #neovim's normal mode again from within embedded terminal.

#nvim #linux #tips #thingsIAlwaysForget

2 months ago

SSH aliases are so awesome! I learned about this very recently. I have something like the following in my .ssh/config file for every server I SSH into:
Host servername
HostName <domain_or_ip_address>
User <my_username>
IdentityFile <path_to_my_private_key>
, and it lets me just go like, ssh servername, enter my passphrase, and be logged in. #Linux #ssh

Morten Linderud
2 months ago

Did an initial v0.1.0 release of `ssh-tpm-agent`.

Should be in some state suitable for testing by users for feedback.

The project was also renamed from `tpm-ssh-agent` to `ssh-tpm-agent`. Someone thought it would make more sense :)

#TPM #ssh #Security #Linux

スパックマン クリス
2 months ago

I forget who it was who suggested an #SSH socks proxy, but thanks! It worked like a charm when I needed to access some sites from my computer in the USA, while I was in Japan.

I used the directions from this page:

@Lili Bis #SSH gilt ja auch noch der Platinum Bereich ☝️ ... Bei Velaros ist das ja einfacher, da sind zumindest die Sticker, in den Baguette musste ich einmal selbst dem Zub einen Auzug aus deren Fahrzeugregister zeigen, bis die mir geglaubt haben, dass es in der 1. Klasse in den 2N2 3UA eben doch Platinum / TGV MAX Plaetze gibt.

* wenn du dann sowohl Platinum, als auch TGV PRO MAX zeigst gucken die uebrigens meistens etwas komisch und schuetteln nur den Kopf ...

@lewd Der ganze Zug ist gefühlt von #SSH nach #XFPO ausreserviert 😅

Keinen Sitz gefunden der nicht reserviert ist. Aber ich muss zum Glück ja in #SSH raus, sodass ich nicht aufgescheucht werde

Dave Mackey
3 months ago

🥴 #UniFi devices that have been properly adopted have decided they no longer want to be. 😂 Occasionally they decide to reconnect to the controller but whether they are connected or not I can't #SSH into them. Sure SSH is there, it just doesn't like the password (I've checked a bazillion times). 💩

Dennis Faucher :donor: :mastodon:
3 months ago

Not surprisingly, logs can be really helpful 🙂 I could not get password-less ssh to work to one of my hosts. I looked at /var/log/auth.log and the message was very specific - "Authentication refused: bad ownership or modes for directory /home/dennis" Yep. /home/dennis had drifted from 750 which #ssh wants. Easy fix.

TIL: You can download your GitHub SSH public keys from this URL:

...which is quite handy when you want to register your keys on a new machine with internet access ;)

#GitHub #ssh #sysadmin #linux

Why do nerds always do this; overcomplicate everything?

Generating public/private key pairs isn't simple, but it's pretty common by now. I do it every time I set up #git on a new computer. I do it when I use #PGP. I do it when I #ssh

Nerds were like; "I know let's encode the private key in a series of words so people can memorize them" and now you've got two private keys!

#Bitcoin was already kinda complicated, and now #wallets are 100x more complicated!!!

#crypto #cryptocurrency #btc

@climagic well, #WireGuard in it's premise is basically "What if we take #SSH-#Tunneling and make it a dedicaded #VPN protocol?" and that is a good thing...

@Houl only supporting #SSH-#Tunneling as well as #OpenVPN over #Tor ...

Sam Howell
5 months ago

Before executing important commands and scripts over #SSH, use #screen in case of disconnect. If your connection drops or you close the terminal, you can SSH back in and enter `screen -r` to recover from where you left off. Being reunited with that hanging command prompt will be a relief! #tuesdaytip #gnu #linux #cli #admin

carlos becker
5 months ago
Jeff Forcier
5 months ago

Got to a good place with my ongoing #Paramiko (#Fabric #Python #SSH etc) work* ✨ great way to end the week!

Also weedwhacked the absolute shit out of a lawnfull of dandelions this afternoon.

It is time for some well-earned 🥃 (#Akashi white label #whisky) and 🥋📽️ (#Hapkido starting Angela Mao, aka "Lady #KungFu”).

* For those interested in Protocol Bullshit and/or Software Architecture Bullshit, see and subsequent comment(s).

Daniel Fisher (lennybacon)
5 months ago

@Migueldeicaza Here is a new Issue requesting #hardware #SecurityKeys (e.g. #yubikey) for #SSH #authentication in the #LaTerminal #ios #app by #Xibbon.

Give it a vote if you think this is useful!

Matthew Graybosch
5 months ago

@jaredwhite @cappiello @vanilla @bridgetown Oh, I know. I'd prefer to stick with back-end development (.NET, C#, ASP.NET, SQL Server) because I'm familiar with it and I only got into coding because it pays better than cleaning toilets, but I keep landing in projects that want full-stack so I must perforce adapt.

On my personal website, though, my stack is #make, #bash, #sed, #awk., #pandoc, #htmlXmlUtils, and #ImageMagick. Deployment is #rsync over #ssh. :)

Ricky de Laveaga
6 months ago

#ICYMI #GitHub using GitHub to expose its own secrets

Mike Hanley (, Chief Security Officer + SVP Engineering:

> At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for

> This week, we discovered that’s RSA SSH private key was briefly exposed in a public GitHub repository.

#RSA #SSH #git

@SwiftOnSecurity one can easily read out said info from the systems without admin privilegues and gather extensive intelligence hidden before actually attacking the corporate IT and locking out admins first...

Also if they're using #Windows then their #ITsec is already unfixably fucked!

Why they don't use a proper auth with #SSH [-Keys] is beyond me except the fact that #Windows doesn't have any (good) #OpenSSH #Server included nor can it be actually used to admin a system effectively!

#ssh tip

if you have multiple keys, you can change the comment in the key with the #OpenSSH command "ssh-keygen -c -f .ssh/file". That way, when you look at what keys are loaded or are in use, the programs can tell you who is what.

Super helpful for keeping track of event keys or organization keys.

$ ssh-add -l
3072 SHA256:[hash] phessler@hostname (RSA)
256 SHA256:[hash] phessler@hostname (ED25519)
3072 SHA256:[hash] phesslerr@event-year (RSA)

6 months ago

As usual, Matthew wrote a bloody good post ..take a peek at the GitHub fiasco ...

Thanks, man! @mjg59

#linux #linuxadmin #sysadmin #opensource #ssh