My first exposure to this and supposedly just a two line change to the SSH server configuration.

Anyone set this up on their own servers yet? Just for kicks?

  • farcaller
    link
    fedilink
    English
    arrow-up
    6
    ·
    3 days ago

    I think the point here is moving away from long-lived ssh keys and using whatever IdP you have (enterprise cloud or local oidc) to provide short-term ssh keys. It generally improves the security posture as it’s similar to ssh with certs but less painful to set up.

    • Xanza@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 days ago

      So does requiring all users to phone you ahead of time to get a temporary password that’s only alive for 20 minutes… But that’s also not done because it’s…stupid.

      There are dozens of tools and methods (like jumpboxes) which facilitate the authorization and usage of currently available and time tested tools for usage with environments without reinventing the wheel. Stepping away from the unix philosophy is heresy of the highest degree.

      It’s not a problem with the tool, only the plumber.

      • surewhynotlem@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 days ago

        Stepping away from the unix philosophy

        SSH already allows auth with username and password against a local file. This just moves the file.