Anyone know why NixOS might not generate sshd_config in /etc/ssh?

Gibt es einen empfohlenen Weg, wie man auf #forgejo einen (fetch-) Mirror über SSH einrichtet? Ich habe eine remote, die Ausschließlich Authentifizierung via ssh Public Key akzeptiert, aber ich kann nur via Git/HTTPS mirroren. Oder übersehe ich da irgendwas?

My desk at work. So far, it's the most optimal setup. The main #workstation is a triple monitor setup, with the middle and right monitors are 4K. The left monitor is standard hi-def. My laptop can function as a fourth display. Portrait mode in 4K is simply incredible for #terminal and #ssh work. All mounted on a standing desk.

I use the dual monitor system on the left as a secondary on-prem machine and remote jump box. The monitors are just standard hi-def, but still plenty of real estate.

Portrait mode is underrated.

@stefano

Just found the following comment in backup script of mine which made me chuckle but kind of still makes sense:

This is a little odd: I cannot purge the backups on *** (at least I did not manage to find a way) due to the dockerized nature of the OS... Therefore, I do a push purge and a pull sync via fuse, [...]

SSH Group ( #SSH ) has released " HTM: Mining Profit Share Agreement-Mt Fisher Stockpiled Ore " on Wed 21 May at 08:34 AEST #Mining #Gold #Australia #media #Strategy
https://grafa.com/asset/ssh-group-ltd-4448-ssh.asx?utm_source=asxmktsensitive&utm_medium=mastodon&utm_campaign=ssh.asx

#ssh

1) a public key is better described as a "lock". Read this somewhere today, and thinking of your public key as a lock that other people can build into stuff is so much more intuitive.

2) public keys should have no extension (e.g. id_rsa) and private keys should (e.g. id_rsa.private). This would make the first autocomplete right 99.9% of the time.

I have wanted to use my Yubikeys for a secure SSH login for some time now. But like @jgoerzen, I have come across many incorrect, poorly explained and inadequately explained instructions. It looks like John has now written the ultimate guide for #SSH with #FIDO2/U2F hardware keys that beats all other guides I know of.

https://www.complete.org/easily-using-ssh-with-fido2-u2f-hardware-security-keys/

My kingdom for the days that it was possible to delay watching something without it immediately being spoiled #doctorwho #thunderbolts #ssh #spoilers #bagofcunts

I recently bought a couple of YubiKey security keys. These support FIDO2/U2F, integrate well with #SSH

In researching how to do this, I found a lot of pages online with poor instructions. In many cases, they suggested insecure practices.

It turns out this whole process is quite easy. But I wanted to understand how it worked.

So, I figured it out, set it up myself, and then ut up a new, comprehensive page on my website: https://www.complete.org/easily-using-ssh-with-fido2-u2f-hardware-security-keys/ .

Blog post at https://changelog.complete.org/archives/10815-how-to-use-ssh-with-fido2-u2f-security-keys

Today's random number is 17

Why, you ask? It's 17 years since the #Random Number #Bug in #Debian.

In this bug the seed for the #OpenSSL PRNG was very predictable, resulting as example in a very small number of #ssh keys. Plenty of keys had to be re-generated.

Psychologists may be able to explain what happened here:

May 13 14:04:14 skapet sshd-session[88955]: Failed password for invalid user FAKESSH from 213.178.90.84 port 41918 ssh2

(meh, https://nxdomain.no/~peter/hailmary_lessons_learned.html and links therein *might* be relevant) #passwordgropers #ssh #passwordguessing #cybercrime #security

Man, #ssh never ceases to amaze me.

Just learned (after 15years on #linux) that you can execute a command on a remote host using the ' ' convention.

E.g.; ssh root@host 'date' will 1) start a connection, 2) execute date on the remote host 3) return the output of date 4) and finally close the connection.

Even better you can pipe things to the command. So echo "dog" | ssh root@1.x.x.x 'wall' will send the word "dog" to all logged in users.

I should have assumed something like this exists

As #NetworkManager's #SSH VPN/tunnel plugin has now been ported to GTK4 and works directly from the #GNOME Control Center panel, I thought I'd finally try it out.

Once you figure out that you must only fill the gateway field, leave all IPs fields alone, tweak stuff in the Advanced dialog to have a working SOCKS proxy with "no tunnel", then it "works"… as long as you use the standard SSH port.

With SSH server ports other than 22, it fails on #Fedora… due to #SELinux

https://bugzilla.redhat.com/show_bug.cgi?id=1808435#c10

#Ansible has become an obsession lately.

Everything that can be automated, will be automated. Even some post-install stuff can be done for fully functional deployments out-of-the-box.

I've spent over 60+ hours on my #playbook this week. There's always stuff to do, improve or set up.

Dropped a new Blogpost https://tinfoil-hat.net/posts/proxmox-server-vps-single-ip/

Please tell me what you think about it :-)

Is there a command I can use on a server to get its SSH key fingerprint (the host key fingerprint)? That is, a command I can run on the server itself.

An unimportant remnant of the past has been removed from open SSH;
DSA.

Read about it in this article the next article linked will show you that it has been removed finally

#SSH #openSSH #DSA #programming #coding #OpenSource #openBSD #BSD #secureShell #Infosec

https://undeadly.org/cgi?action=article;sid=20240111105900

DSA signature support removed from OpenSSH https://www.undeadly.org/cgi?action=article;sid=20250507010932 #openbsd #openssh #ssh #dsa #dsaremoval #deadkeys #signature #deadciphers #security #networking #cryptography #crypto