XMPP Service Operators - 2023-07-12

Do y'all use physical servers to host or you use remote servers or VPS providers?

both

moparisthebest: Which physical server?

one in my server closet at home

> Do y'all use physical servers to host or you use remote servers or VPS providers? Single-board comp.+ssd

Nice! :) I feel proud. All people I hear use ssh, remote servers

I'm using a RPi4 hosted through Njalla's VPN service

My server is remote when I'm not at home :)

I also use ssh to connect to my server, one room away. :p

It doesn’t even have a screen plugged in. ^^

> My server is remote when I'm not at home :) ssh is the worst thing ever wrt computer security

ssh means anyone use my computer and destroy the meaning of malicious cracking!

can we please not have misinformation in here? sagaracharya can you please read about ssh and ipv6 or anything else before says statements like this? thank you

telnet ftw!

> can we please not have misinformation in here? sagaracharya can you please read about ssh and ipv6 or anything else before says statements like this? thank you Ok. You're assuming that I don't know. Please learn before speaking

Can you keep the keys safe?

Your private key?

Do you know even a shred about end point security?

That is not misinformation

oh it very much is

SSH-the-software and SSH-the-protocol are not the worst thing ever wrt computer security. If you cannot manage your credentials, that's a separate issue.

you could for instance use a hardware security module like a yubikey if you don't trust the safety of your private key on a filesystem.

The OpenSSH server is one of the most reliable pieces of software in regards to security ever made, if you take the amount of exposure it typically has into account.

> you could for instance use a hardware security module like a yubikey if you don't trust the safety of your private key on a filesystem. Yes, but the command to fetch the key is given by the processor

Master is the processor, not the yubikey

> The OpenSSH server is one of the most reliable pieces of software in regards to security ever made, if you take the amount of exposure it typically has into account. I agree. But the problem lies not in OpenSSH but in other gigantic buggy softwares

great, so the statement "ssh is the worst thing ever wrt computer security" is false by your own account.

also note that before SSH, we had _telnet_

which is oh so much worse

sagaracharya: you don't have to use OpenSSH or any SSH what so ever. It's your server do what you want. And on that same piece of logic, when it's not your server, it's none of your bussiness 😁

sagaracharya, this is not the place for polemics or hyperboles (which that statement probably was meant to be). Please keep them elsewhere. I advise you to be careful and err on the side of caution when you write here next.

> sagaracharya: you don't have to use OpenSSH or any SSH what so ever. It's your server do what you want. And on that same piece of logic, when it's not your server, it's none of your bussiness 😁 Oh wow. Thanks for your profound knowledge. I didn't know that. I thought your server is mine!

yeah i'm here: https://trung.fun

jonas’: ok, thanks. I'll certainly keep your important advice next time or rather every time that I speak. Any more teachings, my guru?! :D

sagaracharya, yes, cut the sarcasm.

No orders please

yay

sagaracharya: Dünnes Eis, ganz dünnes Eis ...

and sagaracharya is here: 49.36.111.29 "monoclesbrowser/1.0"

Trung, please don't publicly post IP addresses of other people, if that's what you just did.

well if he comes back and confirm it we'll know

General and friendly reminder : https://xmpp.org/extensions/xep-0458.html#sect-idm45629458263072 ff

And https://github.com/xsf/xeps/pull/1288 to fix that link a bit. :)

Thanks for turning this into something that's at least remotely constructive, Link Mauve :)

:D

PSA: https://letsencrypt.org/2023/07/10/cross-sign-expiration.html

^is there anything to do about it for older clients now? Without moving away from let's encrypt I mean..

At least it is still more then one year away..

Menel: you can do this https://codeberg.org/iNPUTmice/Conversations/commit/fedd1a68d7622a9e85d3a13529c36e940b854e74

slight OT: but everyone _should_ setup pam_google_authenticator for SSH this instructions work for many systems just fine: https://wiki.archlinux.org/title/Google_Authenticator

That gives 2FA for SSH logins? I can see how that would be useful, yes.

If you use passwords for authentication yes, but just don't

and reminder to set a strong password on your ssh keys, so that if they are stolen they won''t be too useful

it still has benefit with keys mopar

It's debatable, I'm not really a fan

most people have no password at all on their keys, one firefox exploit and they're sent off somewhere along with .ssh/known_hosts reminder to also set `HashKnownHosts yes` in your .ssh/config to mitigate that and also `IdentitiesOnly yes` while you're there

https://tech.lgbt/@kasdeya/110688847833828258

Now those sound like good tips that won't annoy the crap out of me :)

Guus: haha nice

Ghosts are like screen/tmux sessions. ✏

> Establishing a secure connection from linkmauve.fr to mdosch.de failed. Certificate hash: (No certificate). No Link Mauve here?

Establishing a secure connection from linkmauve.fr to lebihan.pl failed. Certificate hash: (No certificate).

The LE intermediate fairy came earlier?