276 points by PranaFlux 10 days ago | 149 comments
Pam Unixsock(miek.nl) Ever felt the need to do something with PAM, like implementing 2FA in SSH? You are left with a few bad choices, among others you’ll need to write something (complex) in C. I rather not do that, so I’ve created pam-unixsock.
SSH Rate Limiting with Pam and Nftables(truschnigg.info) Anyone who operates an SSH server somewhere on the Internet is bound to suffer a relentless torrent of inbound connections, probably from some botnet or another, trying to log in with the myriad credentials that leaked from other systems and networks.
VSCode’s SSH agent is bananas(fly.io) We’re interested in getting integrated into the flow VSCode uses to do remote editing over SSH, because everybody is using VSCode now, and, in particular, they’re using forks of VSCode that generate code with LLMs.
Some ways to restrict who can log in via OpenSSH and how they authenticate(utoronto.ca) In yesterday's entry on allowing password authentication from the Internet for SSH, I mentioned that there were ways to restrict who this was enabled for or who could log in through SSH. Today I want to cover some of them, using settings in /etc/ssh/sshd_config.
Thoughts on having SSH allow password authentication from the Internet(utoronto.ca) On the Fediverse, I recently saw a poll about whether people left SSH generally accessible on its normal port or if they moved it; one of the replies was that the person left SSH on the normal port but disallowed password based authentication and only allowed public key authentication. This almost led to me posting a hot take, but then I decided that things were a bit more nuanced than my first reaction.
Show HN: Copy from tmux/nvim to clipboard over SSH(mil.ad) Copying text to clipboard when working on a remote machine via SSH can be tricky. While you can usually highlight text with your mouse to copy it to the primary selection clipboard (and paste with middle-click), this approach has limitations.
Guide to SSH Reverse Tunneling(pinggy.io) SSH reverse tunneling is a powerful tool that enables secure remote access to systems or services that are behind firewalls or NATs (Network Address Translation). It is often used to provide external access to local systems and services without modifying the network’s security settings. In this detailed guide, we will break down SSH reverse tunneling, explain its applications, highlight security practices, and discuss alternatives. We will then discuss how Pinggy uses SSH reverse tunneling to share applications and services from localhost.
Ask HN: How did you replace Teleport?(ycombinator.com) Teleport is a good software if you can't configure your SSH servers with Kerberos, or can't figure out Kubernetes' millions of authentication and authorisations solutions.
Sshfs for Windows(github.com/winfsp) SSHFS-Win is a minimal port of SSHFS to Windows. Under the hood it uses Cygwin for the POSIX environment and WinFsp for the FUSE functionality.
407 points by todsacerdoti 196 days ago | 58 comments
Show HN: Poker over SSH(github.com/theOGognf) Wanting to play poker but only have a computer and no playing cards? Having a slow day at work and in need of something to pass the time with your coworkers? Managing an entirely legal gambling ring and in need of a secure, private, and easy-to-use solution for running poker games?