Possibly not blogworthy, but: One puzzling side effect of running greytrapping (as chronicled in https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html) is seeing the uptick in password guessing using even the obviously generated gibberish local parts, and the sheer volume of tries (see https://nxdomain.no/~peter/should_i_stop_caring_and_let_ip_reputation_sort_them_out.html and links therein). #greytrapping #passwordguessing #passwordgroping #spamd #ssh #pop3gropers
heise online
boosted
SSH-Server Dropbear erlaubt Rechteausweitung
Der schlanke SSH-Server Dropbear stopft mit einer aktualisierten Version unter anderem eine Rechteausweitungslücke.
SSH-Server Dropbear erlaubt Rechteausweitung
Der schlanke SSH-Server Dropbear stopft mit einer aktualisierten Version unter anderem eine Rechteausweitungslücke.
peter hessler @openbsd
boosted
If you are using #OpenBSD and #wifi and #ssh in combination, try this patch: https://marc.info/?l=openbsd-tech&m=176478017209845&w=2
If you are using #OpenBSD and #wifi and #ssh in combination, try this patch: https://marc.info/?l=openbsd-tech&m=176478017209845&w=2
Native Secure Enclave backed SSH keys on macOS
https://gist.github.com/arianvp/5f59f1783e3eaf1a2d4cd8e952bb4acf
#HackerNews #Native #Secure #Enclave #SSH #macOS #SecureKeys #CyberSecurity #TechNews
Jan :rust: :ferris:
boosted
How does GitRoot handle security without a database or an API?
It's a system based entirely on your repo's configuration and how git works.
When you create a repo, your public SSH key is saved in the file: `.gitroot/users.yml`. You are automatically added to the `owner` group in that file. This group is marked to manage your default branch (main by default).
So, what does this mean in practice?
If you push to main: GitRoot checks your SSH key, sees you're the owner, and accepts the push. If someone else tries to push to main: their SSH key doesn't match the owner group. GitRoot rejects the push.
But here's the cool part: anyone can create a new branch (feature-fix for example) and push their changes to that branch.
This creates a perfect workflow: you, as the owner, remain the sole manager of the main branch and are the only one who can review and merge changes from other contributors. Contributors don't need to fork for contributions.
It's your repository, and you have the freedom to configure these rules however you want, right in that YAML file.
Learn more about user management: https://gitroot.dev/doc/#users
More tips:
- disable anonymous pushes: https://gitroot.dev/doc/how-tos/no_anonymous_user.html
- let all contributors write to all branches: https://gitroot.dev/doc/how-tos/contributors_can_write_all.html
#git #forge #configuration #ssh #security #devops
How does GitRoot handle security without a database or an API?
It's a system based entirely on your repo's configuration and how git works.
When you create a repo, your public SSH key is saved in the file: `.gitroot/users.yml`. You are automatically added to the `owner` group in that file. This group is marked to manage your default branch (main by default).
So, what does this mean in practice?
If you push to main: GitRoot checks your SSH key, sees you're the owner, and accepts the push. If someone else tries to push to main: their SSH key doesn't match the owner group. GitRoot rejects the push.
But here's the cool part: anyone can create a new branch (feature-fix for example) and push their changes to that branch.
This creates a perfect workflow: you, as the owner, remain the sole manager of the main branch and are the only one who can review and merge changes from other contributors. Contributors don't need to fork for contributions.
It's your repository, and you have the freedom to configure these rules however you want, right in that YAML file.
Learn more about user management: https://gitroot.dev/doc/#users
More tips:
- disable anonymous pushes: https://gitroot.dev/doc/how-tos/no_anonymous_user.html
- let all contributors write to all branches: https://gitroot.dev/doc/how-tos/contributors_can_write_all.html
#git #forge #configuration #ssh #security #devops
Zef Hemel
boosted
Termix 1.8.0 is out, a solid self-hosted SSH management tool that finally lets you drop Termius.
Works on web, Windows, macOS, Linux, iOS, and Android, all synced with your own Docker instance.
SSH access, tunneling, file manager, server stats, and user auth, everything you need to manage servers cleanly, no subscriptions or lock-ins.
🔗 GitHub: https://github.com/Termix-SSH/Termix
#SelfHosted #DevOps #SysAdmin #SSH #OpenSource #Linux #Termix
Termix 1.8.0 is out, a solid self-hosted SSH management tool that finally lets you drop Termius.
Works on web, Windows, macOS, Linux, iOS, and Android, all synced with your own Docker instance.
SSH access, tunneling, file manager, server stats, and user auth, everything you need to manage servers cleanly, no subscriptions or lock-ins.
🔗 GitHub: https://github.com/Termix-SSH/Termix
#SelfHosted #DevOps #SysAdmin #SSH #OpenSource #Linux #Termix
Magnus Manske
boosted
Just published version 0.5.0 clingwrap, my Rust library for making easier things I commonly need in my command line programs. This version adds a little helper to running a command on a remote host over SSH.q
Just published version 0.5.0 clingwrap, my Rust library for making easier things I commonly need in my command line programs. This version adds a little helper to running a command on a remote host over SSH.q
Stefano Marinelli
boosted
Stefano Marinelli
boosted
🧠 Nixers Newsletter #311 is out!
Boot processes, reproducible builds, user-mode Linux, FreeBSD sandboxes, and even /dev/null as a database 😄
Plus:
• Fedora KDE pkg mgmt
• Debian vs systemd
• raconn — a smart tool for parallel SSH connections to multiple hostnames/IPs in one ProxyCommand. (https://blog.izissise.net/posts/raconn/)
• UBIOS (China’s UEFI-alt)
Read it 👉 https://newsletter.nixers.net/entries.php#311
“There are no life hacks, only trade-offs.” — James Clear
#Unix #Linux #FreeBSD #FOSS #SysAdmin #ReproducibleBuilds #SSH #Nixers
🧠 Nixers Newsletter #311 is out!
Boot processes, reproducible builds, user-mode Linux, FreeBSD sandboxes, and even /dev/null as a database 😄
Plus:
• Fedora KDE pkg mgmt
• Debian vs systemd
• raconn — a smart tool for parallel SSH connections to multiple hostnames/IPs in one ProxyCommand. (https://blog.izissise.net/posts/raconn/)
• UBIOS (China’s UEFI-alt)
Read it 👉 https://newsletter.nixers.net/entries.php#311
“There are no life hacks, only trade-offs.” — James Clear
#Unix #Linux #FreeBSD #FOSS #SysAdmin #ReproducibleBuilds #SSH #Nixers
Stefano Marinelli
boosted
Access *BSD Hyper-V guests from your host via ssh:
1) Enable and start the ssh-agent service on your host by running the following in Powershell, as Administrator:
Set-Service -Name "ssh-agent" -StartupType Automatic
Start-Service -Name "ssh-agent"
2) Generate ssh keys on your host, as your regular user:
ssh-keygen
3) Add the following to .ssh/config on your host, as your regular user:
Host *
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519
Host beastie
HostName 172.22.168.238
Adjust HostName to guest IP (run 'ifconfig' on guest)
4) Connect via ssh from your host to your *BSD guest with:
ssh beastie
Access *BSD Hyper-V guests from your host via ssh:
1) Enable and start the ssh-agent service on your host by running the following in Powershell, as Administrator:
Set-Service -Name "ssh-agent" -StartupType Automatic
Start-Service -Name "ssh-agent"
2) Generate ssh keys on your host, as your regular user:
ssh-keygen
3) Add the following to .ssh/config on your host, as your regular user:
Host *
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519
Host beastie
HostName 172.22.168.238
Adjust HostName to guest IP (run 'ifconfig' on guest)
4) Connect via ssh from your host to your *BSD guest with:
ssh beastie
der.hans
boosted
🎤 Upcoming at SeaGL 2025:
📍 03:00 PM on November 07
🗣️ "SSH Certificates: All the Trust, None of the Fuss"
👥 Speaker(s): Bri Hatch
📍 Room: Room 145
🏷️ Track: Security and Privacy
📝 SSH certificates improve both security and usability. No more TOFU (trust on first use) when you log...
#SeaGL2025 #security #ssh #FLOSS #opensource #linux
🔗 https://pretalx.seagl.org/2025/talk/LFQS3C/
