i need some guidance from all you smarties out there on the fedi.
i have headless #debian server.
no remote root login, but sudo user is available.
trying to run "shred" command on a few HDDs.
obviously this is a very time consuming process.
how can I initiate this process via #SSH and logout of the pty without killing the shred process?
Another reason to hate Systemd: I’ve been fucking around for the last 30 minutes trying to switch off password login in sshd and doubting myself big time.
I’ve changed the sshd_config file but I can still login with a password. I’ve rebooted. Same problem.
Turns out that I have to ALSO edit or delete 50-cloud-init.conf in sshd_config.d directory.
What a load of fucking shite.
Tailscale und Minecraft funktioniert.
Musik- und Videostreaming vom Homeserver sollte auch gehen, aber es wollen erstmal ~13 TB Mediendateien indiziert werden. Server ist belastet, aber wird kaum warm. SSH vom Handy ohne Port-Forwarding am Router läuft. Ich hab, was IT angeht, für heute Feierabend. Cheers!
Tuna bastion — безопасный SSH доступ, альтернатива Teleport и HashiCorp Boundary
Мы продолжаем развивать
„Turnsshuh-Administration“
Intéressante technique pour l’authentification #SSH basée sur des clés récupérées dynamiquement : https://jpmens.net/2025/03/25/authorizedkeyscommand-in-sshd/ #sysadmin
Cloudflare open sources OPKSSH to bring Single Sign-On to SSH - Help Net Security https://www.helpnetsecurity.com/2025/03/28/opkssh-sso-ssh/
among other thing #gitea does give something unique , armored #ssh sig , when they need not map to a #gpg key
https://www.techaddressed.com/tutorials/add-verify-ssh-keys-gitea/
The Pine Phone Pro arrived earlier this week. After a few unfocused, false starts I finally got it booting into Gnome on PostmarketOS and currently installing Waydroid over ssh.
My wife uses a cheesey coupon clipping app (iOS/Android) for doing the groceries and such. I'll need to take a look at what traffic flows in-n-out of this app to see what is being farmed and segregate/container off if required.
We are heavy Signal users but I may use this as an excuse to set up a XMPP server. Twas on the 'roadmap'.
Initial impressions are good. Definitely not as shiny and smooth as an iOS or Android device but - it's a phone. We spent half our lives with dumb rotary dialing doohickeys - we'll survive. lol
Pretty impressed with Gnome on a touch device so far. This is my first real experience with it. No 'klunkiness' so far but just scratching the surface.
It will be interesting to see how a non-technical person takes to it. I'm going to monkey with it myself for the first week or so to find the hard edges to save her the frustration.
I want to experiment with Android Auto - see what (if anything) is possible.
I also obtained a Seeed Studio Sensecap T1000-E (meshtastic, lora, etc.) to connect to this device. We'll see how far I get with that.
I really need a staff... Ha!
I've just installed #atop on #sydbox #ctf server in case people want to explore exploiting the recent heap corruption. I don't trust jia tan enough to leave atop.service running as root though so the attack vector is limited. Sail with #ssh to syd.chesswob.org (user/pass: syd) or go to https://syd.chesswob.org although the #nodejs client is a bit more limited. See here for the #security issue, https://www.openwall.com/lists/oss-security/2025/03/26/2 (tl;dr uninstall #atop asap!) and here for #sydbox #ctf https://ctftime.org/event/2178
@sstephenson the good old #rsync (mostly over #ssh) remains the work horse in the absence of these. And then, for a bit more modernity there is #rclone which lets you deploy a static site the same way but to a lot of CDN-back-ends (so that makes me free of the vendor lock-in).
Cloudflare open-sources OPKSSH, bringing single sign-on to SSH with OpenID Connect and eliminating the need to manage long-lived SSH keys.
https://linuxiac.com/cloudflare-open-sources-opkssh/
It will never not bother me that the "port" parameter for SSH is lower-case -p while for SCP it's upper-case -P
This is the kind of annoying crap I expect from Microsoft, not Unix
#til
#DHCP uses packet filters and these tie into the IP stack before the firewall."
If you can accept wpa_supplicant in initrd, then it’s relatively easy to make Wi-Fi and #SSH work. This avoids dbus
. Some official ISC docs for their DHCP server use "raw sockets" as a broad term, because it can run on a number of different platforms where it must use a number of different interfaces. On #Linux , there is more than one type that you might hear referred to as raw sockets. Some are affected by Linux iptables, and some are not affected by Linux iptables.
https://discourse.nixos.org/t/running-networkmanager-in-initrd/56378/3
https://unix.stackexchange.com/questions/447440/ufw-iptables-not-blocking-dhcp-udp-port-67#447524
It's #nerd tip o'clock:
After 2 days using #ssh on the new computer, and needing each time it wakes from sleep, to re-ssh into the machine where a program I use daily runs in a screen session, I took 5 minutes to reinstall #Mosh (mobile shell) and updated my alias from "ssh" to "mosh".
Runs inside your terminal
Get rid of network lag
Change IP. Stay connected
including if the client goes to sleep and wakes up later or loses internet connection
#Cloudflare open-sourcing #OpenPubkey #SSH (OPKSSH): integrating single sign-on with SSH #OpenID #OIDC https://blog.cloudflare.com/open-sourcing-openpubkey-ssh-opkssh-integrating-single-sign-on-with-ssh/
Apparently, in a groundbreaking revelation that will surely change the universe as we know it, #SSH now gets a facelift with #OpenID. Because who doesn't want to trade the pure simplicity of SSH keys for the tangled web of single sign-on chaos?
https://blog.cloudflare.com/open-sourcing-openpubkey-ssh-opkssh-integrating-single-sign-on-with-ssh/ #Transformation #SingleSignOn #TechNews #Cybersecurity #HackerNews #ngated