Hacker News with Generative AI: SSH

Easily Using SSH with FIDO2/U2F Hardware Security Keys (complete.org)
A lot of new hardware security keys (Yubikey, Nitrokey, Titan, etc.) now support FIDO2 (aka U2F aka Webauthn aka Passkey; yes it’s a mess).

Security, SSH, FIDO2, U2F

5 points by todsacerdoti 6 days ago | 0 comments

Using –/.ssh/authorized keys to decide what the incoming connection can do (langille.org)

Security, SSH, Linux

64 points by jandeboevrie 36 days ago | 10 comments

Unauthenticated Remote Code Execution in Erlang/OTP SSH (github.com/erlang)
A serious vulnerability has been identified in the Erlang/OTP SSH server that may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials.

Security, Erlang, SSH

8 points by asa400 37 days ago | 0 comments

An SSH adventure; or, why l10n support is important (gitlab.com)
this is IMPECCABLE work i was on the edge of my seat the whole time

SSH, Localization, GitLab, Open Source, Software

10 points by todsacerdoti 39 days ago | 1 comments

SSH Keys Don't Scale. SSH Certificates Do (infisical.com)
SSH access is ubiquitous. It's how engineers, scripts, and platforms across the world remotely administer Linux systems. Whether you're running a small development server or managing a global fleet, you almost certainly rely on SSH in some form or another.

Security, Infrastructure, SSH, Linux

20 points by dangtony98 39 days ago | 23 comments

The order of files in /etc/ssh/sshd_config.d/ matters (utoronto.ca)
Suppose, not entirely hypothetically, that you have an Ubuntu 24.04 server system where you want to disable SSH passwords for the Internet but allow them for your local LAN.

Security, Linux, SSH, Configuration

254 points by NGRhodes 50 days ago | 115 comments

Pico.sh – SSH powered services for developers (pico.sh)
The ultimate ssh powered services for developers

SSH, Development Tools, Cloud Services

635 points by TheTaytay 51 days ago | 141 comments

LightkeeperRM: Lightweight drop-in replacement for maintaining servers over SSH (github.com/kalaksi)
LightkeeperRM (Remote Management) is a lightweight and modular drop-in replacement for maintaining servers over SSH.

Server Management, SSH, Open Source, Tools, GitHub

7 points by thunderbong 52 days ago | 0 comments

Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH (cloudflare.com)
OPKSSH makes it easy to SSH with single sign-on technologies like OpenID Connect, thereby removing the need to manually manage and configure SSH keys. It does this without adding a trusted party other than your identity provider (IdP).

Security, Open Source, SSH, Single Sign-On, Cloud Computing

276 points by PranaFlux 59 days ago | 149 comments

Pam Unixsock (miek.nl)
Ever felt the need to do something with PAM, like implementing 2FA in SSH? You are left with a few bad choices, among others you’ll need to write something (complex) in C. I rather not do that, so I’ve created pam-unixsock.

Security, Programming, Linux, Open Source, SSH

14 points by fanf2 70 days ago | 0 comments

Bcvi – run vi over a 'back-channel' (2010) (sourceforge.net)
If you use SSH, you might find bcvi useful. This article attempts to describe what it is and why you might use it. Let's start with what it is:

SSH, Text Editors, Linux, Command Line

75 points by leonry 78 days ago | 26 comments

SSH to Server from Mobile Phone? (bsky.app)

SSH, Mobile Devices, Remote Access

6 points by seinecle 91 days ago | 7 comments

SSH Rate Limiting with Pam and Nftables (truschnigg.info)
Anyone who operates an SSH server somewhere on the Internet is bound to suffer a relentless torrent of inbound connections, probably from some botnet or another, trying to log in with the myriad credentials that leaked from other systems and networks.

Security, Network Administration, Linux, SSH

4 points by c0l0 96 days ago | 0 comments

Down the rabbit hole: Implementing SSH port forwarding over AWS Session Manager (joinformal.com)
A technical quest through obscure SSH and AWS Session Manager features in service of enabling VS Code Remote SSH via the Formal Connector, culminating in forking and fixing several concurrency bugs in AWS’s own reference library for connecting to compute instances using SSM.

AWS, SSH, DevOps, Remote Development, Bug Fixes

59 points by saligrama 102 days ago | 13 comments

VSCode’s SSH agent is bananas (fly.io)
We’re interested in getting integrated into the flow VSCode uses to do remote editing over SSH, because everybody is using VSCode now, and, in particular, they’re using forks of VSCode that generate code with LLMs.

VSCode, Remote Editing, SSH, Generative AI

737 points by zdyxry 105 days ago | 511 comments

Some ways to restrict who can log in via OpenSSH and how they authenticate (utoronto.ca)
In yesterday's entry on allowing password authentication from the Internet for SSH, I mentioned that there were ways to restrict who this was enabled for or who could log in through SSH. Today I want to cover some of them, using settings in /etc/ssh/sshd_config.

Security, OpenSSH, Linux, SSH, Configuration

5 points by zdw 125 days ago | 0 comments

Thoughts on having SSH allow password authentication from the Internet (utoronto.ca)
On the Fediverse, I recently saw a poll about whether people left SSH generally accessible on its normal port or if they moved it; one of the replies was that the person left SSH on the normal port but disallowed password based authentication and only allowed public key authentication. This almost led to me posting a hot take, but then I decided that things were a bit more nuanced than my first reaction.

Security, SSH, Networking, Fediverse

49 points by zdw 126 days ago | 66 comments

Show HN: An SSH based utility to transfer pipes across machines – beam (github.com/ksdme)
transfer pipes and files from one computer to another over ssh

SSH, Networking, Data Transfer

28 points by ksdme9 139 days ago | 31 comments

A short primer on the SSH protocol (github.com/ringtailsoftware)

Security, Networking, SSH, Protocol, Tutorials

5 points by trj 143 days ago | 1 comments

Show HN: Keypub.sh – OAuth for the terminal using SSH keys (keypub.sh)
A verified directory for SSH public keys.

Security, SSH, Open Source, Tools, Command Line

222 points by messh 151 days ago | 69 comments

Show HN: Copy from tmux/nvim to clipboard over SSH (mil.ad)
Copying text to clipboard when working on a remote machine via SSH can be tricky. While you can usually highlight text with your mouse to copy it to the primary selection clipboard (and paste with middle-click), this approach has limitations.

Remote Access, SSH, Clipboard, Text Editing, Tools

38 points by playnext 152 days ago | 2 comments

MagiskSSH – SSH server on Android without Termux (gitlab.com)

Android, Security, SSH, Mobile Development

134 points by Oxodao 165 days ago | 81 comments

Guide to SSH Reverse Tunneling (pinggy.io)
SSH reverse tunneling is a powerful tool that enables secure remote access to systems or services that are behind firewalls or NATs (Network Address Translation). It is often used to provide external access to local systems and services without modifying the network’s security settings. In this detailed guide, we will break down SSH reverse tunneling, explain its applications, highlight security practices, and discuss alternatives. We will then discuss how Pinggy uses SSH reverse tunneling to share applications and services from localhost.

Networking, Security, SSH, Remote Access, Tools

19 points by pumba_noob 210 days ago | 5 comments

Ask HN: How did you replace Teleport? (ycombinator.com)
Teleport is a good software if you can't configure your SSH servers with Kerberos, or can't figure out Kubernetes' millions of authentication and authorisations solutions.

SSH, Kubernetes, Security, Remote Access

28 points by speedgoose 218 days ago | 17 comments

Show HN: I made an SSH tunnel manager to learn Go (github.com/alebeck)
A simple & reliable command line SSH tunnel manager.

Software, Programming Languages, Go, SSH, Tools

213 points by 0x12A 226 days ago | 67 comments

Sshfs for Windows (github.com/winfsp)
SSHFS-Win is a minimal port of SSHFS to Windows. Under the hood it uses Cygwin for the POSIX environment and WinFsp for the FUSE functionality.

Windows, SSH, File Systems

81 points by keepamovin 245 days ago | 31 comments

Visual guide to SSH tunneling and port forwarding (2023) (ittavern.com)
To make it quick, I wish I had known about port forwarding and tunneling earlier. With this blog post, I try to understand it better myself and share some experiences and tips with you.

Networking, SSH, Security, Tutorials, Port Forwarding

407 points by todsacerdoti 246 days ago | 58 comments

Show HN: Poker over SSH (github.com/theOGognf)
Wanting to play poker but only have a computer and no playing cards? Having a slow day at work and in need of something to pass the time with your coworkers? Managing an entirely legal gambling ring and in need of a secure, private, and easy-to-use solution for running poker games?

Games, SSH, Security, Productivity

10 points by theOGognf 247 days ago | 3 comments

Tailscale SSH (tailscale.com)
Tailscale SSH allows Tailscale to manage the authentication and authorization of SSH connections on your tailnet.