Native Secure Enclave backed SSH keys on macOS
https://gist.github.com/arianvp/5f59f1783e3eaf1a2d4cd8e952bb4acf
#HackerNews #Native #Secure #Enclave #SSH #macOS #SecureKeys #CyberSecurity #TechNews
Jan :rust: :ferris:
boosted
How does GitRoot handle security without a database or an API?
It's a system based entirely on your repo's configuration and how git works.
When you create a repo, your public SSH key is saved in the file: `.gitroot/users.yml`. You are automatically added to the `owner` group in that file. This group is marked to manage your default branch (main by default).
So, what does this mean in practice?
If you push to main: GitRoot checks your SSH key, sees you're the owner, and accepts the push. If someone else tries to push to main: their SSH key doesn't match the owner group. GitRoot rejects the push.
But here's the cool part: anyone can create a new branch (feature-fix for example) and push their changes to that branch.
This creates a perfect workflow: you, as the owner, remain the sole manager of the main branch and are the only one who can review and merge changes from other contributors. Contributors don't need to fork for contributions.
It's your repository, and you have the freedom to configure these rules however you want, right in that YAML file.
Learn more about user management: https://gitroot.dev/doc/#users
More tips:
- disable anonymous pushes: https://gitroot.dev/doc/how-tos/no_anonymous_user.html
- let all contributors write to all branches: https://gitroot.dev/doc/how-tos/contributors_can_write_all.html
#git #forge #configuration #ssh #security #devops
How does GitRoot handle security without a database or an API?
It's a system based entirely on your repo's configuration and how git works.
When you create a repo, your public SSH key is saved in the file: `.gitroot/users.yml`. You are automatically added to the `owner` group in that file. This group is marked to manage your default branch (main by default).
So, what does this mean in practice?
If you push to main: GitRoot checks your SSH key, sees you're the owner, and accepts the push. If someone else tries to push to main: their SSH key doesn't match the owner group. GitRoot rejects the push.
But here's the cool part: anyone can create a new branch (feature-fix for example) and push their changes to that branch.
This creates a perfect workflow: you, as the owner, remain the sole manager of the main branch and are the only one who can review and merge changes from other contributors. Contributors don't need to fork for contributions.
It's your repository, and you have the freedom to configure these rules however you want, right in that YAML file.
Learn more about user management: https://gitroot.dev/doc/#users
More tips:
- disable anonymous pushes: https://gitroot.dev/doc/how-tos/no_anonymous_user.html
- let all contributors write to all branches: https://gitroot.dev/doc/how-tos/contributors_can_write_all.html
#git #forge #configuration #ssh #security #devops
Zef Hemel
boosted
Termix 1.8.0 is out, a solid self-hosted SSH management tool that finally lets you drop Termius.
Works on web, Windows, macOS, Linux, iOS, and Android, all synced with your own Docker instance.
SSH access, tunneling, file manager, server stats, and user auth, everything you need to manage servers cleanly, no subscriptions or lock-ins.
🔗 GitHub: https://github.com/Termix-SSH/Termix
#SelfHosted #DevOps #SysAdmin #SSH #OpenSource #Linux #Termix
Termix 1.8.0 is out, a solid self-hosted SSH management tool that finally lets you drop Termius.
Works on web, Windows, macOS, Linux, iOS, and Android, all synced with your own Docker instance.
SSH access, tunneling, file manager, server stats, and user auth, everything you need to manage servers cleanly, no subscriptions or lock-ins.
🔗 GitHub: https://github.com/Termix-SSH/Termix
#SelfHosted #DevOps #SysAdmin #SSH #OpenSource #Linux #Termix
Magnus Manske
boosted
Just published version 0.5.0 clingwrap, my Rust library for making easier things I commonly need in my command line programs. This version adds a little helper to running a command on a remote host over SSH.q
Just published version 0.5.0 clingwrap, my Rust library for making easier things I commonly need in my command line programs. This version adds a little helper to running a command on a remote host over SSH.q
Stefano Marinelli
boosted
Stefano Marinelli
boosted
🧠 Nixers Newsletter #311 is out!
Boot processes, reproducible builds, user-mode Linux, FreeBSD sandboxes, and even /dev/null as a database 😄
Plus:
• Fedora KDE pkg mgmt
• Debian vs systemd
• raconn — a smart tool for parallel SSH connections to multiple hostnames/IPs in one ProxyCommand. (https://blog.izissise.net/posts/raconn/)
• UBIOS (China’s UEFI-alt)
Read it 👉 https://newsletter.nixers.net/entries.php#311
“There are no life hacks, only trade-offs.” — James Clear
#Unix #Linux #FreeBSD #FOSS #SysAdmin #ReproducibleBuilds #SSH #Nixers
🧠 Nixers Newsletter #311 is out!
Boot processes, reproducible builds, user-mode Linux, FreeBSD sandboxes, and even /dev/null as a database 😄
Plus:
• Fedora KDE pkg mgmt
• Debian vs systemd
• raconn — a smart tool for parallel SSH connections to multiple hostnames/IPs in one ProxyCommand. (https://blog.izissise.net/posts/raconn/)
• UBIOS (China’s UEFI-alt)
Read it 👉 https://newsletter.nixers.net/entries.php#311
“There are no life hacks, only trade-offs.” — James Clear
#Unix #Linux #FreeBSD #FOSS #SysAdmin #ReproducibleBuilds #SSH #Nixers
Stefano Marinelli
boosted
Access *BSD Hyper-V guests from your host via ssh:
1) Enable and start the ssh-agent service on your host by running the following in Powershell, as Administrator:
Set-Service -Name "ssh-agent" -StartupType Automatic
Start-Service -Name "ssh-agent"
2) Generate ssh keys on your host, as your regular user:
ssh-keygen
3) Add the following to .ssh/config on your host, as your regular user:
Host *
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519
Host beastie
HostName 172.22.168.238
Adjust HostName to guest IP (run 'ifconfig' on guest)
4) Connect via ssh from your host to your *BSD guest with:
ssh beastie
Access *BSD Hyper-V guests from your host via ssh:
1) Enable and start the ssh-agent service on your host by running the following in Powershell, as Administrator:
Set-Service -Name "ssh-agent" -StartupType Automatic
Start-Service -Name "ssh-agent"
2) Generate ssh keys on your host, as your regular user:
ssh-keygen
3) Add the following to .ssh/config on your host, as your regular user:
Host *
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519
Host beastie
HostName 172.22.168.238
Adjust HostName to guest IP (run 'ifconfig' on guest)
4) Connect via ssh from your host to your *BSD guest with:
ssh beastie
der.hans
boosted
🎤 Upcoming at SeaGL 2025:
📍 03:00 PM on November 07
🗣️ "SSH Certificates: All the Trust, None of the Fuss"
👥 Speaker(s): Bri Hatch
📍 Room: Room 145
🏷️ Track: Security and Privacy
📝 SSH certificates improve both security and usability. No more TOFU (trust on first use) when you log...
#SeaGL2025 #security #ssh #FLOSS #opensource #linux
🔗 https://pretalx.seagl.org/2025/talk/LFQS3C/
Dis-moi 
un sshd_config qui n'a aucun PermitRootLogin (donc ni à yes ni à no), ça veut dire que le root login est possible ou qu'il est impossible ?
Y'a (commenté) PermitRootLogin prohibit-password (qui me paraît une option acceptable, non ? ça veut bien dire qu'on ne peut s'y connecter qu'avec une clé ssh autorisée ?) mais y'a rien d'autre sur RootLogin, ni commenté ni décommenté...
🎤 Upcoming at SeaGL 2025:
📍 03:00 PM on November 07
🗣️ "SSH Certificates: All the Trust, None of the Fuss"
👥 Speaker(s): Bri Hatch
📍 Room: Room 145
🏷️ Track: Security and Privacy
📝 SSH certificates improve both security and usability. No more TOFU (trust on first use) when you log...
#SeaGL2025 #security #ssh #FLOSS #opensource #linux
🔗 https://pretalx.seagl.org/2025/talk/LFQS3C/
Anyone on Android 15+ managed to ssh into a local Linux box from the native terminal app now in Android?
Once again, this is using the phone to ssh into a computer. Not the other way round.
I could easily ssh into my account on tty.sdf.org, but it just hangs forever when I try accessing my laptop. Got sshd running, but I've likely set something up wrong.
✅ 📱→ 💻
❌ 💻 → 📱
Update: reinstalled openssh-client, it works now
Michael Dexter
and 1 other
boosted
