Tootfinder

Oh no, please don't tell me again that Linux is now insecure on the net?!
«Linux's Latest Vulnerability Allows Reading Root-Owned Files By Unprivileged Users»
⛓️‍💥 https://www.phoronix.com/news/Linux-ssh-keysign-pwn
⛓️‍💥

Today, I learned that emacs can access remote files:
/ssh:<host>:<path>
Why do I feel like I should have known this like thirty years ago?

Exosphere:
― aggregated patch and security update reporting
― basic system status across multiple Unix-like hosts via SSH
<https://exosphere.readthedocs.io/> | <

Linux fans, please tell me you have updated your machine for "ssh-keysign-pwn", right… right!?
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/

An alle #Linux #Admins 2-Faktor-Authentifizierung ist ja ein Ding. Macht man das auch für #ssh?

Just to add to my insane home networking difficulties, right now I am online, all clients are working / routing to the internet. Can I connect to OPNsense via HTTP or SSH? Nope. The box just ignores me. I can log in locally and all is fine. WTF? I started a radio stream as a "test" and now poking around, some stuff loads, some doesn't, like 1/2 the internet is out. WTF? (again)

#Swift Concurrency as a call-out feature makes my inner engineer happy.
(Also, super interesting idea; shared with me by @… )
https://…

After Copy Fail, Dirty Frag, Fragnesia and now ssh-keysign-pwn in short succession, even I am feeling a little overwhelmed. And I just have a few personal machines.
I cannot for the life of me understand how annoying and draining this must be for sysadmins. You have my sympathies.

from my link log —
Stop MITM on the first SSH connection with cloud-init.
https://www.joachimschipper.nl/Stop MITM on the first SSH connection, on any VPS or cloud provider.html

Connected via ssh?

Well that was fun.
I managed to lock myself out of my fileserver (QNAP NAS) after I misconfigured the #Wireguard client.
Luckily there is a short window after reboot where the client isn't connected and I was able to SSH into the server and remove the broken config.
Took me three attempts however.

RE: https://mastodon.social/@glynmoody/116544062044134028
FWIW I'm using multiple different VPNs daily for work, for reasons that have nothing to do either age verification or anything else "illegal":
1. My main ISP's connection is brittle and causes dropped data transfers on larger files; a VPN solves this completely
2. I'm using a VPN to manage servers securely (allows me to not have open ports for SSH etc. on the public Internet)
3. When I'm out of the office, a VPN allows me to access my desktop computer, my file server and even to quickly print something.
If they wanted to establish a police state they could just say so.

@… Sorry
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/

🐍 snakes.run, massively multiplayer Snake over SSH
#programming #software

I can't see my problem trying to connect from my #9front laptop to an #openSUSE PC via ssh. The ssh command returns a "read1: eof" error.
I regenerate the RSA key with a 4096 bytes size and that isn't the problem. 😞
I can connect from other OS to that computer. …

This is looks really great https://boxd.sh

One of the side-effects of a choice I made more than a decade ago, is that I get informed of new networks that are performing ssh scanning/guessing on one of my servers - because I naively assumed there were a limited number of networks involved (not realising it's mostly hijacked machines, rather than hackers renting VPSes).
Anyway, there's been an uptick in the last few weeks of new networks originating this traffic.

from my link log —
snakes.run: rendering 100M pixels a second over ssh.
https://eieio.games/blog//blog/secure-massively-multiplayer-snake/
saved 2026-02-26

„Hallo, hier ist der Matrix-Support. Bitte geben Sie ihr SSH-Passwort und/oder ihren SSH-Public-Key sowie ihre IBAN Pin und eine Kopie ihres Personalausweis hier ein, damit Sie weiterhin unseren sicheren Messenger betreiben können.“
Könnte funktionieren.

Just ran a successful non-interactive build and test cycle of ngscopeclient in a Debian VM with a PCIe passthrough GPU.
Just start the VM from the snapshot, paste a handful of shell commands into a SSH session, and I get this.
Still need to work out how to actually spawn the VM, specify the hash I want to build, shut it down and revert when done, etc.
Took only three and a half minutes on this instance (16GB RAM, 16 vCPU, GTX 1630) which is pretty decent considering there w…

PSA you can get rid of the annoying OpenSSH "post-quantum" cryptography warning by adding:
WarnWeakCrypto no-pq-kex
to your SSH config (you can do this per host).
Important: the best way is to upgrade server OpenSSH version but that's not always feasible like on servers using LTS Ubuntu etc.

Now elementary-data has also been hit: for just under half a day, a malicious version 0.23.3 was available on PyPI, which had stolen credentials such as SSH keys, AWS login details, API tokens and wallet files. The attack was carried out via a script injection vulnerability in one of the GitHub Actions workflows. Cooldown helps protect against such attacks, as we have described here:

🖥️ Less relevant for server environments using SSH keys – primarily affects desktop users
https://www.heise.de/en/news/sudo-rs-shows-password-asterisks-by-default-break-with-Unix-tradition-11193037.html

Poszło od ręki - niesamowity ten nixos-anywhere... Cały system przekonwertowany od tak, zero USB, żadnego piKVM, nic. Cała konwersja po SSH z partycjonowaniem i postawieniem dosłownie wszystkich serwisów 1-1 co miałem przetestowane na vmce. Jedna komenda, kilka minut i wszystko od A-Z od filesystemu, użytkowników, wszystkich narzędzi, wszystkie serwisy, dosłownie wszystko postawione ot, tak...

Teraz tylko skopiowanie ~7.5TB danych przez pewnie całą noc i po sprawie.

0 Ansiblea, 0…

- ¿Y qué tal te lo has pasado esta tarde?
- Super bien, he estado depurando conexiones ssh a dos servidores y leyendo código fuente en C para encontrar un problema y lo he arreglado
- ....
- Ke?

You don't have to leave your Zellij session, or install anything, to share it across CGNAT! All you need to do is run:
```
ssh -R 80:localhost:8082 demo.sandhole.com.br
```
And thanks to Sandhole (https://sandhole.com.br), you get your own (temporary) HTTPS subdomain with zero config!

Progress! Sorted out a bunch of permissions issues and I'm now able to (over SSH) clone a template VM on the mac mini and launch it.
Now to set up a script to actually run the test suite.
I've written more bash than any other language the last week or so and I don't like it lol. But it had to be done...

Is there a really simple alternative to Teleport?
I only need to sporadically allow ssh sessions to a handful of servers for deployment and maintenance for one or two people.

Ich hatte nicht auf meiner sprichwörtlichen Bingo-Karte, dass die Vermenschlichung der Maschine dadurch passiert, dass claude mich über ssh auf meinem Handy fragt, wie der Beweis weiter geht...
Das ist erschreckend ähnlich zu Nachrichten die ich mir mit Menschen so schicke.

from my link log —
soft-serve: a self-hostable git ssh server for the command line.
https://github.com/charmbracelet/soft-serve
saved 2026-02-26 https://

@… I assume you want to use more than 100mb? https://docs.codeberg.org/getting-started/faq/#how-about-private-repositories?

If you have literary ANY VPS on the internet with ssh - you can just `git init --bare` and use that as remote for yo…

It's 3 in the morning on a Saturday and I'm trying to use SLURM to spawn a batch job on a Linux frontend node, which SSH's into a Windows 11 VM, spawns a msys2 UCRT64 shell, then runs a bash script in it.
Not even the KPDH soundtrack I'm blasting is enough to excise the demons here.

sh is not a shell
SSH is not a protocol

Okay, I think this thing is ready-enough to tell people about it.
I made a #BBS to watch aircraft near #YUL (#Montreal airport), through my home #ADSB