• smiletolerantly@awful.systems
    0·
    11 days ago

    The nice thing about SSH key-based access is, I either have the key and login succeeds, or I have no business trying to log in.

    That’s why my remote root server bans via fail2ban after a single failed login.

    Yes I’ve had to write support to get a KVM. Yes it’s still configured like this.

    • probablymissing@lemmy.world
      0·
      11 days ago

      as a nixos enjoyer, i have no idea how to setup ssh keys. fail2ban and a regular password for me.

      yes, i have locked myself out of my own server for hours at a time because i’m an absolute tool.

      • smiletolerantly@awful.systems
        0·
        11 days ago

        Ehm… I’m also on Nixos and I’d say it’s super trivial.

        services.openssh = {
  enable = true;
  settings = {
    PasswordAuthentication = false;
    PermitRootLogin = "no";
  };
};

users.users.<name>.openssh.authorizedKeys.keys = [ list of pubkeys ideally read from file in repo ];
        • Urist@lemmy.mlEnglish
          0·
          11 days ago

          So easy it should be illegal! I mean, how can we feel superior if we are not wasting huge amounts of time setting things up!?

          • smiletolerantly@awful.systems
            0·
            11 days ago

            I mean, how can we feel superior if we are not wasting huge amounts of time setting things up!?

            Why, by boasting that it’s so easy, just look at that, it is only two options you need to set thanks to the 80 custom modules I’ve written to abstract the abstractions from nixpkgs!

            I WISH I could put an /s here, but I cannot.

    • baguettefish@discuss.tchncs.deEnglish
      0·
      11 days ago

      i am a tailscale enjoyer, which means i can set up tailscale ssh once on each machine and then from another machine just login over tailscale