#ctrl-c | Logs for 2020-09-15

Back
[00:52:54] <timemachine> I just posted a new Blog ok Securing SSH Keys on your Tilde account: http://ctrl-c.club
[01:47:40] <wholesomedonut> I'll have to take a look timemachine
[01:48:03] <wholesomedonut> python3
[01:48:10] <wholesomedonut> lol sorry wrong tmux window
[01:49:00] <michel> wholesomedonut: at least it's not your password ;)
[01:49:05] <michel> or is it...
[03:18:45] <wholesomedonut> lol! No they're unfortunately confusing to the point where I just use a manager
[03:18:58] <wholesomedonut> I gave up trying to remember separate ones for each so I make a computer and a paper do it for me
[08:58:39] -!- aravk [aravk!~aravk@102.165.124.20] has joined #ctrl-c
[09:24:23] <rmg> timemachine: Is there a reason you use the same key for ctrl-c and github?
[09:27:06] <rmg> timemachine: If you don't trust root, root can also change your authorized_keys. So you wouldn't even know when the fingerprint changes.
[09:28:59] <xwindows> rmg: Isn't when `~/.ssh/authorized_keys` changed on ctrl-c.club, the shell login would fail?
[09:30:06] <rmg> xwindows: Nope. root fixes example.com to point to MITM machine and sets ~/.ssh/authorized_keys to have the fingerprint of the MITM.
[09:32:44] <rmg> timemachine: Also, given that you allow the server to use your identity when you are connected, you really should minimize the attack surface by using an identity specifically for that service.
[09:33:38] <xwindows> rmg: Wait, isn't the authorized_keys only used for incoming connection? (Rather than outgoing?)
[09:33:38] <rmg> timemachine: Quick reference. There are better written pages about it, but I cannot locate them right now https://security.stackexchange.com
[09:34:03] <rmg> xwindows / timemachine: Sorry! known_hosts
[09:34:17] <rmg> Got the file name confused, same issue as stated.
[09:35:58] <rmg> xwindows: Thank you for correcting me about writing the wrong file. I've been typing authoized_keys so many times that I don't even notice I write it instead of known_hosts.
[09:43:05] <xwindows> Anyway, I think the important part is about SSH agent-forward is... at which level it happened in SSH protocol? Which authentication info is sent/received (which says whether it could be used for replay attack or not). And whether local SSH ask for confirmation when authenticating as local user on behalf of remote host.
[09:44:36] <xwindows> I guess that the key exchange could not be replayed; but (at least according to rmg's link), there's no confirmation.
[09:52:27] -!- perrierjouet has quit [team.tilde.chat thunix.tilde.chat]
[10:23:28] -!- perrierjouet [perrierjouet!~perrierjou@modemcable012.251-130-66.mc.videotron.ca] has joined #ctrl-c
[10:39:53] -!- He1rball [He1rball!~h3lix@23.105.186.31] has joined #ctrl-c
[12:29:12] <wholesomedonut> calamitous: any chance we could get an updated SSL cert for the HTTP site?
[12:50:41] -!- He1rball has quit [quit: Leaving]
[13:07:55] -!- smlckz [smlckz!smlckz@ctrl-c.club] has joined #ctrl-c
[13:08:49] <smlckz> hi
[13:15:26] -!- smlckz [smlckz!smlckz@ctrl-c.club] has parted #ctrl-c
[14:17:56] <timemachine> rmg: thanks for the notes and feedback!
[14:21:20] -!- felix [felix!~nttp@212.87.203.208] has joined #ctrl-c
[14:28:01] <felix> Oh cool, we have the ncurses development files installed!
[14:28:27] <timemachine> Hi felix
[14:29:00] <felix> Hello!
[14:29:22] <felix> For context: https://twtxt.net
[14:30:34] <timemachine> ncurses is a lot of fun :)
[14:31:04] <felix> So it is!
[14:31:39] <felix> I've done without it. Felt like trapeze-vaulting without a net.
[14:32:00] <felix> No function key support. No sigwinch support.
[14:32:16] <felix> Could only hope the terminal was compatible.
[14:48:54] <felix> Oh, and no mouse support either.
[15:29:52] <timemachine> :)
[15:32:54] <felix> Or being able to check if colors were available.
[18:29:43] -!- felix has quit [Client exited]
[20:19:35] <rmg> timemachine: Your're welcome. Let me know when you update the page.
[20:30:07] -!- perrierjouet has quit [Ping timeout: 120 seconds]
[20:31:40] -!- perrierjouet [perrierjouet!~perrierjou@modemcable012.251-130-66.mc.videotron.ca] has joined #ctrl-c
[21:05:49] <aravk> I keep having problems connecting to the server
[21:06:03] <aravk> either the connection times out or is outright refused
[21:54:36] <calamitous> Hmm. Did you have some issues with your password perhaps? We have a system that locks out IPs with more than a certain number of failed password attempts.
[21:54:53] <calamitous> If you'll send me your IP, I'll make sure it's not in our ban list
[23:51:56] <timemachine> calamitous: thanks for fixing the php thing.