Show threadAmo a Sam amat20h ago

OK, normally I have my shit wired together, but this bastard is getting to me.

The requirement is for 'phishing-resistant' second factor. That rules out all of the six-digit code apps - it is too easy apparently to get someone to read out their codes to an attacker.

Again, IDK, but apparently 'phishing-resistant' is the next Big Thing. My personal feeling? We are chasing our shadows. Unless I am the last alive Iranian nuclear bloke, my login is as secure as I can be bothered to make it, and I am bound to be disappointed by a weakness at some point in the near or far future. Phishing isn't on the agenda.

Life.

I carry a seemingly-fine cryptographic store about with me most days and ludicrously call it my 'phone'. It can sign stuff, wrangle certificates, store passwords, read faces and fingerprints and QRcodes and NFC tags. Heaps of useful 'security' stuff. I wouldn't call the software environment _secure_ at all, but ... IDK, people seem happy enough with it. Anything for an easy life. Row with the flow.

So I search for:
"google passkey login with ssh"
My god, whatalottasloppa comes back. A gattling gun of half-arsery, cant and junk advice.
Then "MS hello for business login ssh". Christ almighty. Much worse. Worse again.
Then "Apple ID login to ssh". At least that seems to be a simple: "no". A relief really.

Someone in the know please: can I set up my sshd to use my phone-based passkey as a; primary, secondary or even the complete, login?

#TOTP #HOTP #passkey #sshd #key #certificates #PSK #login #ssh #linux #pam #openssh

NERDS.xyz – Real Tech News for Real Nerds [Unofficial]2d ago

Debian 13.5 reminds Linux users why boring distributions still win

https://web.brid.gy/r/https://nerds.xyz/2026/05/debian-13-5-linux-security-update/

Morten Linderud3d ago

Today feels like a good day to point out that ssh host keys should be tied to your hardware.

I've heard TPMs are good at this.

#OpenSSH #Linux #security

Freexian 3d ago

#Freexian collaborators worked on detecting undeclared file conflicts, mini-sprint improving contributors.debian.org, security-tracker performance, fixing dput-ng data loss bug, MiniDebConf Campinas and many more contributions to #Debian in April 2026.

Read all the details at https://www.freexian.com/blog/debian-contributions-04-2026/?utm_source=mastodon&utm_medium=social

We thank the organizations subscribing to our Long Term Support contracts (https://www.freexian.com/lts/?utm_source=mastodon&utm_medium=social) and consulting services (https://www.freexian.com/services/?utm_source=mastodon&utm_medium=social) for making this possible.

#dput-ng #linux #openssh

Debian Contributions: Detecting undeclared file conflicts, contributors.debian.org mini-sprint, security-tracker performance and more!

Debian Contributions: 2026-04 Contributing to Debian is part of Freexian’s mission. This article covers the latest achievements of Freexian and their collaborators. All of this is made possible by organizations subscribing to our Long Term Support contracts and consulting services. Undeclared file conflicts, by Helmut Grohne The duplication checker, the Multi-Arch hinter, and the /usr-move analyzer share significant parts of their code. While the /usr-move transition is complete, the other tools needed a bit of love.

Freexian
sayzardMay 10

FreeBSD – A Lesson in Poor Defaults

이 글은 FreeBSD의 기본 설정이 보안과 현대적 요구에 부합하지 못하는 문제점을 상세히 지적한다. 특히 OpenSSH의 구버전 패치 유지, 취약한 암호화 옵션 재활성화, 오래된 Sendmail 기본 탑재, 기본 방화벽 미활성화 등으로 인해 보안 위험이 증가한다고 비판한다. FreeBSD가 호환성과 전통을 이유로 보안 패치를 뒤로 미루고 구식 기능을 유지하는 경향이 있으며, 사용자들은 포트 버전의 OpenSSH 설치와 최신 방화벽 사용을 권장받는다. 이는 AI 개발자들이 FreeBSD 기반 인프라를 운영할 때 보안 강화를 위해 기본 설정을 반드시 점검하고 수정해야 함을 시사한다.

https://vez.mrsk.me/freebsd-defaults

#freebsd #security #openssh #firewall #sysadmin

FreeBSD - a lesson in poor defaults

Show threadDave MarquardtMay 10

@FritzAdalis @RuntimeArguments @jammcq @YesJustWolf

Thanks. I did look this up after I wrote the post. I should have looked it up before. But still, without knowing that history, it appeared the speaker was either confused about #OpenSSH and #OpenBSD or equating them or something. It wasn't obvious to me that the OpenBSD team *wrote* OpenSSH. That's the way I heard it, might have misinterpreted what was said.

Show threadDave MarquardtMay 9

@RuntimeArguments @jammcq @YesJustWolf

I've been a #UNIX user since 1984, and spent my working life developing flavors of Unix and now #Linux. I listened to this episode over the past couple of days. I'm a long time user of #SSH One point of confusion and a few points that I learned.

When talking about the origins of #OpenSSH you talked about #OpenBSD but didn't explain how it related to OpenSSH . Was OpenBSD involved in the creation of OpenSSH ? It could have used explanation.

1/2

#ssh

Andrew ArmstrongMay 7
Fixing OpenSSH.exe Issues After October 2024 Windows Server Update | #HowToGuides #WindowsServer #WindowsServer #OpenSSH #PatchTuesday #SysAdmin #CyberSecurity 
https://techygeekshome.info/fixing-openssh-exe-issues-after-october-2024-windows-server-update/?fsp_sid=33605
AskUbuntuMay 5

openssh-server post-installation script error (exit status 10) and SSH not working #apt #dpkg #openssh

https://askubuntu.com/q/1566463/612

openssh-server post-installation script error (exit status 10) and SSH not working

I’m encountering an issue where openssh-server fails during configuration, and SSH is currently not working on my system. This error appears during package operations, even when I’m not explicitly ...

Ask Ubuntu
Morten LinderudMay 4

Did a new release of ssh-tpm-agent.

https://github.com/Foxboron/ssh-tpm-agent/releases/tag/v0.9.0

`ssh-tpm-add` now supports `-c` for confirmation dialogs before key usage, along with a nice process chain. Thanks to @mic92

#TPM #Security #OpenSSH #SSH

Release v0.9.0 · Foxboron/ssh-tpm-agent

The release is signed with C100 3466 7663 4E80 C940 FB9E 9C02 FF41 9FEC BE16. Packaging change ssh-tpm-agent releases now has a tarball with an accompanying signature. Please use this tarball inst...

GitHub