Convincing

perishthethought@piefed.social · 1 day ago

Convincing

smiletolerantly@awful.systems · edit-2 13 hours ago

The nice thing about SSH key-based access is, I either have the key and login succeeds, or I have no business trying to log in.

That’s why my remote root server bans via fail2ban after a single failed login.

Yes I’ve had to write support to get a KVM. Yes it’s still configured like this.

baguettefish@discuss.tchncs.de · 12 hours ago

i am a tailscale enjoyer, which means i can set up tailscale ssh once on each machine and then from another machine just login over tailscale

InternetCitizen2@lemmy.world · 6 hours ago

How’s that different from normal ssh?

baguettefish@discuss.tchncs.de · 3 hours ago

you can disable the need for a password or key if you like, and you also don’t really need fail2ban, since nothing is actually port forwarded anywhere

smiletolerantly@awful.systems · edit-2 11 hours ago

Eh, the machine is actually in one of my wireguard nets anyways, but for different purposes.

probablymissing@lemmy.world · 8 hours ago

as a nixos enjoyer, i have no idea how to setup ssh keys. fail2ban and a regular password for me.

yes, i have locked myself out of my own server for hours at a time because i’m an absolute tool.

smiletolerantly@awful.systems · 2 hours ago

Ehm… I’m also on Nixos and I’d say it’s super trivial.

services.openssh = {
  enable = true;
  settings = {
    PasswordAuthentication = false;
    PermitRootLogin = "no";
  };
};

users.users.<name>.openssh.authorizedKeys.keys = [ list of pubkeys ideally read from file in repo ];