The order of files in /etc./SSH/sshd_config.d/ matters (and may surprise you)
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpenSSHConfigOrderMatters
utcc.utoronto.caChris's Wiki :: blog/sysadmin/OpenSSHConfigOrderMatters
Recent searches
Search options
#SSH
7 posts7 participants0 posts today
Gerando chaves SSH apenas com o Powershell http://dlvr.it/TJxphF via PlanetPowerShell #Powershell #SSH #CSharp #DotNet
Seriously, the Outlaw botnet? Still pulling off SSH brute-force attacks in 2024?! Wild how that's *still* getting results. It really just hammers home the point: the fundamentals are absolutely crucial!
You've gotta have solid password habits locked down. Things like key authentication, maybe changing the default SSH port, setting up Fail2ban... c'mon, it isn't exactly brain surgery, right?
But yeah, setting it up takes a bit of effort, doesn't it? And we all know time equals money...
Working as a pentester, I see it way too often – companies cutting corners precisely on these foundational steps. They'd rather splash out on flashy AI security tools, yet leave the digital front door practically wide open. Then, inevitably, everyone acts shocked when things go sideways.
So, I gotta ask: What "basic" security measures do you see getting consistently overlooked where you work? 
Replied in thread
@Yuki @OS1337 @bjornsdottirs no need to go beyond 1440kB when using mlb instead of #syslinux (which wastes 200kB on it's own!)
- Also including the #initramfs into the #Kernel can save more due to better compression than two seperate files.
Needless to say the core idea is to be a continuation of #tmsrtbt and a "minimalist #linux distro" as in "#SSH #Terminal #Firmware"...
GitHubGitHub - OS-1337/mlb: Minimal Linux BootloaderMinimal Linux Bootloader. Contribute to OS-1337/mlb development by creating an account on GitHub.
Replied to stib
@stib Sounds like you need a keychain which stores your private key for the session.
This is one solution
www.funtoo.orgFuntoo Keychain Project - Funtoo
If I have a #codeberg account set up, with a verified #ssh key on my account and the corresponding public and private keys in `~/.ssh/`, is there a way that I can make it so that it doesn't ask me for my keyphrase every time I push? I'm sure VSCode could do this, but since I've switched to #Helix, which doesn't have git built-in I've been manually doing the git stuff.
My knowledge of #cryptography and #git are well and truly at the 'barely enough to get myself into trouble' level.
#AskFedi
i need some guidance from all you smarties out there on the fedi.
i have headless #debian server.
no remote root login, but sudo user is available.
trying to run "shred" command on a few HDDs.
obviously this is a very time consuming process.
how can I initiate this process via #SSH and logout of the pty without killing the shred process?
GIF
Another reason to hate Systemd: I’ve been fucking around for the last 30 minutes trying to switch off password login in sshd and doubting myself big time.
I’ve changed the sshd_config file but I can still login with a password. I’ve rebooted. Same problem.
Turns out that I have to ALSO edit or delete 50-cloud-init.conf in sshd_config.d directory.
What a load of fucking shite.
„Turnsshuh-Administration“
### #Cloudflare open sources #OPKSSH to bring Single Sign-On #SSO to #SSH
This week, it was officially open-sourced under the umbrella of the #OpenPubkey project, itself became a #Linux Foundation open-source initiative in 2023, OPKSSH remained closed-source until now. Making it easy to #authenticate to #servers over SSH using #OpenID Connect (#OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access.
Help Net Security · Cloudflare open sources OPKSSH to bring Single Sign-On to SSH - Help Net SecurityOPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OIDC, allowing devs to ditch manually configured SSH keys.
Continued thread
The Pine Phone Pro arrived earlier this week. After a few unfocused, false starts I finally got it booting into Gnome and currently installing Waydroid over ssh.
My wife uses a cheesey coupon clipping app (iOS/Android) for doing the groceries and such. I'll need to take a look at what traffic flows in-n-out of this app to see what is being farmed and segregate/container off if required.
We are heavy Signal users but I may use this as an excuse to set up a XMPP server. Twas on the 'roadmap'.
Initial impressions are good. Definitely not as shiny and smooth as an iOS or Android device but - it's a phone. We spent half our lives with dumb rotary dialing doohickeys - we'll survive. lol
Pretty impressed with Gnome on a touch device so far. This is my first real experience with it. No 'klunkiness' so far but just scratching the surface.
It will be interesting to see how a non-technical person takes to it. I'm going to monkey with it myself for the first week or so to find the hard edges to save her the frustration.
I want to experiment with Android Auto - see what (if anything) is possible.
I also obtained a Seeed Studio Sensecap T1000-E (meshtastic, lora, etc.) to connect to this device. We'll see how far I get with that.
I really need a staff... 
Ha!
Replied in thread
@sstephenson the good old #rsync (mostly over #ssh) remains the work horse in the absence of these. And then, for a bit more modernity there is #rclone which lets you deploy a static site the same way but to a lot of CDN-back-ends (so that makes me free of the vendor lock-in).
Cloudflare open-sources OPKSSH, bringing single sign-on to SSH with OpenID Connect and eliminating the need to manage long-lived SSH keys.
https://linuxiac.com/cloudflare-open-sources-opkssh/
It will never not bother me that the "port" parameter for SSH is lower-case -p while for SCP it's upper-case -P
This is the kind of annoying crap I expect from Microsoft, not Unix
It's #nerd tip o'clock:
After 2 days using #ssh on the new computer, and needing each time it wakes from sleep, to re-ssh into the machine where a program I use daily runs in a screen session, I took 5 minutes to reinstall #Mosh (mobile shell) and updated my alias from "ssh" to "mosh".
Runs inside your terminal Get rid of network lag Change IP. Stay connected
including if the client goes to sleep and wakes up later or loses internet connection
MoshMosh: the mobile shellMobile shell that supports roaming and intelligent local echo. Like SSH secure shell, but allows mobility and more responsive and robust.
A few words on SSH public keys read from AuthorizedKeysFile(s) and obtained programmatically from OpenSSH's AuthorizedKeysCommand program.
https://jpmens.net/2025/03/25/authorizedkeyscommand-in-sshd/
Uff! 
This stuff is good to know:
“When You Deleted /lib On Linux While Still Connected Via SSH” [2022], Yohanes Nugroho (https://tinyhack.com/2022/09/16/when-you-deleted-lib-on-linux-while-still-connected-via-ssh/).
Via HN: https://news.ycombinator.com/item?id=43444160
On Lobsters: https://lobste.rs/s/zmgtvx/when_you_deleted_lib_on_linux_while_still
Tinyhack.com · When you deleted /lib on Linux while still connected via sshLet's first not talk about why this can happen, but deleting /lib, /usr/lib, or some other essential runtime files happens quite a lot (as you can see: here, here, here, and here). In this post, I will only discuss what happens when you delete /lib on Linux and how to recover from that.
The easy
TIL about SSH's `BatchMode`:
> If set to yes, user interaction such as password prompts and host key confirmation requests will be disabled. [...]
From [the manpage](https://manpages.debian.org/bookworm/openssh-client/ssh_config.5.en.html#BatchMode)
Really useful if you script SSH a lot.
manpages.debian.orgssh_config(5) — openssh-client — Debian bookworm — Debian Manpages