Post AP0CQ7HUvIXGyC3756 by moonbolt@mst3k.interlinked.me
(DIR) More posts by moonbolt@mst3k.interlinked.me
(DIR) Post #AP0CLhfoBtAyOFJevw by cadey@pony.social
2022-10-27T18:09:46Z
0 likes, 0 repeats
Tailscale SSH now has a web console, complete with an entire copy of Tailscale running in the browser. That's the magic of Tailscale: https://tailscale.com/blog/ssh-console/
(DIR) Post #AP0CLi5KezanfPG2iW by sneak@s.sneak.berlin
2022-10-27T19:23:37Z
0 likes, 0 repeats
@cadey ahhh yes my favorite security feature in a browser: a complete networking stack downloaded from a remote computer and executed locally with JIT
(DIR) Post #AP0CLjDWS1jpB6667c by cadey@pony.social
2022-10-27T18:59:07Z
0 likes, 0 repeats
(DIR) Post #AP0CLkz3slMKepLZrM by cadey@pony.social
2022-10-27T19:14:21Z
0 likes, 0 repeats
Whatever you do, _don't_ hold the option key while clicking on the "SSH" button in the admin console.
(DIR) Post #AP0CQ7HUvIXGyC3756 by moonbolt@mst3k.interlinked.me
2022-10-27T19:21:05Z
0 likes, 0 repeats
@cadey why, what does that do? :3c
(DIR) Post #AP0CQ80AFEGTCiwmhc by cadey@pony.social
2022-10-27T19:21:04Z
0 likes, 0 repeats
@moonbolt try it and see
(DIR) Post #AP0CQ8MUuC84JzOcVs by sneak@s.sneak.berlin
2022-10-27T19:24:24Z
0 likes, 0 repeats
@cadey @moonbolt i don't use microsoft or google federated logins so i can't use tailscale; want to just tell us?
(DIR) Post #AP0CavWCzsPBfq5K1w by cadey@pony.social
2022-10-27T19:26:08Z
0 likes, 0 repeats
@sneak @moonbolt https://youtu.be/L_1WzTe6Urw
(DIR) Post #AP0EgHzb4BFyjRW2IC by moonbolt@mst3k.interlinked.me
2022-10-27T19:34:36Z
0 likes, 0 repeats
@sneak @cadey wait Tailscale requires centralized third-party auth??
(DIR) Post #AP0EgIUnCCD6IC6wuu by cadey@pony.social
2022-10-27T19:35:25Z
0 likes, 0 repeats
@moonbolt @sneak You can set up a Headscale server if you want to self host things: https://github.com/juanfont/headscale
(DIR) Post #AP0EgJPrlzrd9CoWsS by sneak@s.sneak.berlin
2022-10-27T19:49:44Z
0 likes, 0 repeats
@cadey @moonbolt the answer to "tailscale requires centralized third-party auth?" is "yes". headscale is not tailscale and does not have any of this wacky unnecessary ssh userspace networking stuff.
(DIR) Post #AP0EkmhUpvYT86C1JY by sneak@s.sneak.berlin
2022-10-27T19:50:34Z
0 likes, 0 repeats
@cadey @moonbolt too many secrets
(DIR) Post #AP0Exwz5ueU6myhb28 by leo@60228.dev
2022-10-27T19:46:25Z
0 likes, 0 repeats
@moonbolt @sneak @cadey technically the enterprise plan supports SAML. the thing is that secure email/password login is very hard and they don't want to be responsible for itI think passwordless auth is planned but very low priority?
(DIR) Post #AP0ExxOcNktw48dyoi by sneak@s.sneak.berlin
2022-10-27T19:52:56Z
0 likes, 0 repeats
@leo @moonbolt @cadey one would think their audience would tolerate requiring WebAuthn
(DIR) Post #AP0FKAM4si3gd12tX6 by leo@60228.dev
2022-10-27T19:56:53Z
0 likes, 0 repeats
@sneak @moonbolt @cadey i don't think webauthn existed at the time this decision was made (only u2f, which wasn't intended for passwordless auth). i don't know if it's been explicitly proposed in the meantime
(DIR) Post #AP1riJ22GQGruAZKj2 by leo@60228.dev
2022-10-27T19:57:45Z
0 likes, 0 repeats
@sneak @moonbolt @cadey i also think you may be overestimating adoption of security keys
(DIR) Post #AP1riJdc0iKRmi9LIO by sneak@s.sneak.berlin
2022-10-28T14:41:49Z
0 likes, 0 repeats
@leo @moonbolt @cadey all modern macs and iphones support WebAuthn (if they have icloud keychain enabled, which is on by default, and are running latest OS) via passkeys