fsebugoutzone.org:9999

       Post ATxDS0jfQqPM6ap744 by seanfurey@mas.to
 (DIR) More posts by seanfurey@mas.to
 (DIR) Post #ATxDRthdZzcoIGotQe by mjg59@nondeterministic.computer
       2023-03-24T17:13:11Z
       
       0 likes, 0 repeats
       
       Thoughts on SSH host certificates and how they could have made the Github situation less bad: https://mjg59.dreamwidth.org/65874.html
       
 (DIR) Post #ATxDS0jfQqPM6ap744 by seanfurey@mas.to
       2023-03-24T19:37:29Z
       
       0 likes, 0 repeats
       
       @mjg59 TLS is in a better position to start with, but is there any reason this approach wouldn&#39;t be useful there too? Or is it already done?
       
 (DIR) Post #ATxDV4wKG1Qc0sCuAq by Doomed_Daniel@mastodon.gamedev.place
       2023-03-24T17:47:08Z
       
       0 likes, 0 repeats
       
       @mjg59 Great article!I guess the link to cert_authority was not intended?
       
 (DIR) Post #ATxDYHJugRwbHMlXQe by byterhymer@mastodon.social
       2023-03-24T19:00:05Z
       
       0 likes, 0 repeats
       
       @mjg59 Those are certainly some thoughts!Humans do make mistakes!I can&#39;t help but think that OpenSSH does not facilitate that kind of mistake by default!GitHub needs to own it.While it is certainly possible to over-engineer an alternative methodology as you spent paragraphs outlining: KISS wins with SSH for *good* reasons! A lot of this reads as if it is unnecessary apologism for an M$ (worth $2037.96B) owned entity. M$ doesn&#39;t need ANYONE coming to their defense.
       
 (DIR) Post #ATxDYLFo3f2HTmsJaC by mjg59@nondeterministic.computer
       2023-03-24T19:20:21Z
       
       0 likes, 0 repeats
       
       @byterhymer OpenSSH absolutely facilitates this kind of mistake by default.
       
 (DIR) Post #ATxDYLmm55PJ82IdyC by byterhymer@mastodon.social
       2023-03-24T19:22:22Z
       
       0 likes, 0 repeats
       
       @mjg59 Wow, that is your reply?OK, we aren&#39;t going to concur.I have NEVER in DECADES made that error.I know many others, who also have not made that error.You&#39;re suggesting there is some OpenSSH function which automagically checks in private keys to public repositories?No.You think that its provisions for chmod on .ssh/ aren&#39;t already explicit enough?I doubt it.You think it should be over-engineered to prevent idiocy? Clearly.I don&#39;t think that is the ticket.
       
 (DIR) Post #ATxDYMbp1IExgMBPXM by mjg59@nondeterministic.computer
       2023-03-24T19:25:02Z
       
       0 likes, 0 repeats
       
       @byterhymer no, I&#39;m saying that having shared private key material on disk on a large number of different servers facilitates fuckups
       
 (DIR) Post #ATxDYNLCIaXJx5PeGO by byterhymer@mastodon.social
       2023-03-24T19:27:56Z
       
       0 likes, 0 repeats
       
       @mjg59 OK, but that isn&#39;t OpenSSH&#39;s fault either.By default: OpenSSH will generate UNIQUE host keys.GitHub HAD TO DO OTHERWISE.Even if I am running load balancers (as I have administered for sites older than Google) which are doing TLS for their back end servers: every back end server still has UNIQUE SSH host keys (and the load balancers do too for that matter). The TLS &quot;illusion&quot; of presenting the same public key on the load balancers is a pinch point, and not something done en masse.
       
 (DIR) Post #ATxDYQQynXwbXt8oC0 by mjg59@nondeterministic.computer
       2023-03-24T19:38:30Z
       
       0 likes, 0 repeats
       
       @byterhymer As I explained in the post, if you have a different private key for every backend server, every time you get routed to a different backend server SSH will complain that the host identity has changed
       
 (DIR) Post #ATxDk2E6cxSRwSeh5U by mjg59@nondeterministic.computer
       2023-03-24T17:51:58Z
       
       0 likes, 0 repeats
       
       @Doomed_Daniel Urgh, thanks!
       
 (DIR) Post #ATxDsVYTT6hFDfDsDw by mjg59@nondeterministic.computer
       2023-03-24T19:42:05Z
       
       0 likes, 0 repeats
       
       @seanfurey I&#39;m afraid I just don&#39;t know enough about the TLS ecosystem to know!
       
 (DIR) Post #ATxKMWV57MyuZ0KbtQ by dickon@splodge.fluff.org
       2023-03-24T19:05:57Z
       
       0 likes, 0 repeats
       
       @mjg59 I entirely approve of the last paragraph.  We&#39;ve all made mistakes -- you can tell: we&#39;re cursed to work with computers all day -- and this one seems to have been caught early enough to limit any damage.
       
 (DIR) Post #ATxMD5VMJigK8m5cy8 by byterhymer@mastodon.social
       2023-03-24T19:24:33Z
       
       0 likes, 0 repeats
       
       @mjg59 That, or maybe you and I have VASTLY different definitions of &quot;facilitates&quot;.
       
 (DIR) Post #ATxRi367odVzQIrybY by moshez@mastodon.social
       2023-03-24T17:37:29Z
       
       0 likes, 0 repeats
       
       @mjg59 I&#39;ve been slowly migrating most of my GitHub usage to use personal access tokens and &quot;https&quot;. Luckily, &quot;https&quot; already has a reasonable story around certs...
       
 (DIR) Post #ATy3AzcnVJ0BLzognQ by waider@octodon.social
       2023-03-25T07:50:28Z
       
       0 likes, 0 repeats
       
       @mjg59 “Humans will make mistakes, and your systems should be resilient against that.”A million times this.
       
 (DIR) Post #ATzbiW7vH4DJJSUaBM by LionsPhil@plush.city
       2023-03-26T01:52:29Z
       
       0 likes, 0 repeats
       
       @mjg59 SSH&#39;s whack version of certs belongs with its &quot;your session is tied 1:1 with a TCP connection&quot; on why any serious remote shell implementation reinvets it with WebSockets instead, and why it belongs in the trashheap of legacy non-web protocols like FTP and POP3.(The me from a decade ago is screaming.)