home.social

#sshd — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #sshd, aggregated by home.social.

  1. I always remap my sshd daemon to listen to a non-standard port, to reduce a lot of noise. Which has worked fine for years. But every now and then there are attempts. All the #Linux kernel flaws found lately has made remote login attempts more interesting for attackers. And they scan much more broadly now than just port 22.

    And that's why my second line of defence is to disallow remote root login - and also make use of the AllowGroups feature in sshd_config. Users granted remote access must be member of a specific group. And root is also excluded from this group.

    That pays off these days. And this is a nice filter match for #fail2ban and similar tools

    termbin.com/0cf6

    I have 293 login attempts on "random users" since May 21. And 259 attempts as root.

    #infosec #ssh #sshd #systemhardening #kernel

  2. I always remap my sshd daemon to listen to a non-standard port, to reduce a lot of noise. Which has worked fine for years. But every now and then there are attempts. All the #Linux kernel flaws found lately has made remote login attempts more interesting for attackers. And they scan much more broadly now than just port 22.

    And that's why my second line of defence is to disallow remote root login - and also make use of the AllowGroups feature in sshd_config. Users granted remote access must be member of a specific group. And root is also excluded from this group.

    That pays off these days. And this is a nice filter match for #fail2ban and similar tools

    termbin.com/0cf6

    I have 293 login attempts on "random users" since May 21. And 259 attempts as root.

    #infosec #ssh #sshd #systemhardening #kernel

  3. I always remap my sshd daemon to listen to a non-standard port, to reduce a lot of noise. Which has worked fine for years. But every now and then there are attempts. All the #Linux kernel flaws found lately has made remote login attempts more interesting for attackers. And they scan much more broadly now than just port 22.

    And that's why my second line of defence is to disallow remote root login - and also make use of the AllowGroups feature in sshd_config. Users granted remote access must be member of a specific group. And root is also excluded from this group.

    That pays off these days. And this is a nice filter match for #fail2ban and similar tools

    termbin.com/0cf6

    I have 293 login attempts on "random users" since May 21. And 259 attempts as root.

    #infosec #ssh #sshd #systemhardening #kernel

  4. I always remap my sshd daemon to listen to a non-standard port, to reduce a lot of noise. Which has worked fine for years. But every now and then there are attempts. All the #Linux kernel flaws found lately has made remote login attempts more interesting for attackers. And they scan much more broadly now than just port 22.

    And that's why my second line of defence is to disallow remote root login - and also make use of the AllowGroups feature in sshd_config. Users granted remote access must be member of a specific group. And root is also excluded from this group.

    That pays off these days. And this is a nice filter match for #fail2ban and similar tools

    termbin.com/0cf6

    I have 293 login attempts on "random users" since May 21. And 259 attempts as root.

    #infosec #ssh #sshd #systemhardening #kernel

  5. I always remap my sshd daemon to listen to a non-standard port, to reduce a lot of noise. Which has worked fine for years. But every now and then there are attempts. All the #Linux kernel flaws found lately has made remote login attempts more interesting for attackers. And they scan much more broadly now than just port 22.

    And that's why my second line of defence is to disallow remote root login - and also make use of the AllowGroups feature in sshd_config. Users granted remote access must be member of a specific group. And root is also excluded from this group.

    That pays off these days. And this is a nice filter match for #fail2ban and similar tools

    termbin.com/0cf6

    I have 293 login attempts on "random users" since May 21. And 259 attempts as root.

    #infosec #ssh #sshd #systemhardening #kernel

  6. OK, normally I have my shit wired together, but this bastard is getting to me.

    The requirement is for 'phishing-resistant' second factor. That rules out all of the six-digit code apps - it is too easy apparently to get someone to read out their codes to an attacker.

    Again, IDK, but apparently 'phishing-resistant' is the next Big Thing. My personal feeling? We are chasing our shadows. Unless I am the last alive Iranian nuclear bloke, my login is as secure as I can be bothered to make it, and I am bound to be disappointed by a weakness at some point in the near or far future. Phishing isn't on the agenda.

    Life.

    I carry a seemingly-fine cryptographic store about with me most days and ludicrously call it my 'phone'. It can sign stuff, wrangle certificates, store passwords, read faces and fingerprints and QRcodes and NFC tags. Heaps of useful 'security' stuff. I wouldn't call the software environment _secure_ at all, but ... IDK, people seem happy enough with it. Anything for an easy life. Row with the flow.

    So I search for:
    "google passkey login with ssh"
    My god, whatalottasloppa comes back. A gattling gun of half-arsery, cant and junk advice.
    Then "MS hello for business login ssh". Christ almighty. Much worse. Worse again.
    Then "Apple ID login to ssh". At least that seems to be a simple: "no". A relief really.

    Someone in the know please: can I set up my sshd to use my phone-based passkey as a; primary, secondary or even the complete, login?

    #TOTP #HOTP #passkey #sshd #key #certificates #PSK #login #ssh #linux #pam #openssh

  7. OK, normally I have my shit wired together, but this bastard is getting to me.

    The requirement is for 'phishing-resistant' second factor. That rules out all of the six-digit code apps - it is too easy apparently to get someone to read out their codes to an attacker.

    Again, IDK, but apparently 'phishing-resistant' is the next Big Thing. My personal feeling? We are chasing our shadows. Unless I am the last alive Iranian nuclear bloke, my login is as secure as I can be bothered to make it, and I am bound to be disappointed by a weakness at some point in the near or far future. Phishing isn't on the agenda.

    Life.

    I carry a seemingly-fine cryptographic store about with me most days and ludicrously call it my 'phone'. It can sign stuff, wrangle certificates, store passwords, read faces and fingerprints and QRcodes and NFC tags. Heaps of useful 'security' stuff. I wouldn't call the software environment _secure_ at all, but ... IDK, people seem happy enough with it. Anything for an easy life. Row with the flow.

    So I search for:
    "google passkey login with ssh"
    My god, whatalottasloppa comes back. A gattling gun of half-arsery, cant and junk advice.
    Then "MS hello for business login ssh". Christ almighty. Much worse. Worse again.
    Then "Apple ID login to ssh". At least that seems to be a simple: "no". A relief really.

    Someone in the know please: can I set up my sshd to use my phone-based passkey as a; primary, secondary or even the complete, login?

    #TOTP #HOTP #passkey #sshd #key #certificates #PSK #login #ssh #linux #pam #openssh

  8. OK, normally I have my shit wired together, but this bastard is getting to me.

    The requirement is for 'phishing-resistant' second factor. That rules out all of the six-digit code apps - it is too easy apparently to get someone to read out their codes to an attacker.

    Again, IDK, but apparently 'phishing-resistant' is the next Big Thing. My personal feeling? We are chasing our shadows. Unless I am the last alive Iranian nuclear bloke, my login is as secure as I can be bothered to make it, and I am bound to be disappointed by a weakness at some point in the near or far future. Phishing isn't on the agenda.

    Life.

    I carry a seemingly-fine cryptographic store about with me most days and ludicrously call it my 'phone'. It can sign stuff, wrangle certificates, store passwords, read faces and fingerprints and QRcodes and NFC tags. Heaps of useful 'security' stuff. I wouldn't call the software environment _secure_ at all, but ... IDK, people seem happy enough with it. Anything for an easy life. Row with the flow.

    So I search for:
    "google passkey login with ssh"
    My god, whatalottasloppa comes back. A gattling gun of half-arsery, cant and junk advice.
    Then "MS hello for business login ssh". Christ almighty. Much worse. Worse again.
    Then "Apple ID login to ssh". At least that seems to be a simple: "no". A relief really.

    Someone in the know please: can I set up my sshd to use my phone-based passkey as a; primary, secondary or even the complete, login?

    #TOTP #HOTP #passkey #sshd #key #certificates #PSK #login #ssh #linux #pam #openssh

  9. OK, normally I have my shit wired together, but this bastard is getting to me.

    The requirement is for 'phishing-resistant' second factor. That rules out all of the six-digit code apps - it is too easy apparently to get someone to read out their codes to an attacker.

    Again, IDK, but apparently 'phishing-resistant' is the next Big Thing. My personal feeling? We are chasing our shadows. Unless I am the last alive Iranian nuclear bloke, my login is as secure as I can be bothered to make it, and I am bound to be disappointed by a weakness at some point in the near or far future. Phishing isn't on the agenda.

    Life.

    I carry a seemingly-fine cryptographic store about with me most days and ludicrously call it my 'phone'. It can sign stuff, wrangle certificates, store passwords, read faces and fingerprints and QRcodes and NFC tags. Heaps of useful 'security' stuff. I wouldn't call the software environment _secure_ at all, but ... IDK, people seem happy enough with it. Anything for an easy life. Row with the flow.

    So I search for:
    "google passkey login with ssh"
    My god, whatalottasloppa comes back. A gattling gun of half-arsery, cant and junk advice.
    Then "MS hello for business login ssh". Christ almighty. Much worse. Worse again.
    Then "Apple ID login to ssh". At least that seems to be a simple: "no". A relief really.

    Someone in the know please: can I set up my sshd to use my phone-based passkey as a; primary, secondary or even the complete, login?

    #TOTP #HOTP #passkey #sshd #key #certificates #PSK #login #ssh #linux #pam #openssh

  10. OK, normally I have my shit wired together, but this bastard is getting to me.

    The requirement is for 'phishing-resistant' second factor. That rules out all of the six-digit code apps - it is too easy apparently to get someone to read out their codes to an attacker.

    Again, IDK, but apparently 'phishing-resistant' is the next Big Thing. My personal feeling? We are chasing our shadows. Unless I am the last alive Iranian nuclear bloke, my login is as secure as I can be bothered to make it, and I am bound to be disappointed by a weakness at some point in the near or far future. Phishing isn't on the agenda.

    Life.

    I carry a seemingly-fine cryptographic store about with me most days and ludicrously call it my 'phone'. It can sign stuff, wrangle certificates, store passwords, read faces and fingerprints and QRcodes and NFC tags. Heaps of useful 'security' stuff. I wouldn't call the software environment _secure_ at all, but ... IDK, people seem happy enough with it. Anything for an easy life. Row with the flow.

    So I search for:
    "google passkey login with ssh"
    My god, whatalottasloppa comes back. A gattling gun of half-arsery, cant and junk advice.
    Then "MS hello for business login ssh". Christ almighty. Much worse. Worse again.
    Then "Apple ID login to ssh". At least that seems to be a simple: "no". A relief really.

    Someone in the know please: can I set up my sshd to use my phone-based passkey as a; primary, secondary or even the complete, login?

    #TOTP #HOTP #passkey #sshd #key #certificates #PSK #login #ssh #linux #pam #openssh

  11. The "magic" that makes this works seems to be pointing 'IdentityFile' to the public key, not the private. #sshd #ssh

  12. The "magic" that makes this works seems to be pointing 'IdentityFile' to the public key, not the private. #sshd #ssh

  13. Ya tengo listo el guión de un nuevo video para el canal de #YouTube de #juncotic, para el curso de Hardening y el de SSH!

    Continuamos con lo que introduje en el video anterior: 2fa con TOTP en SSH usando google-authenticator y PAM.

    Esta vez: mecanismos de recuperación si se nos cayó el celular/móvil al agua 😅

    ¿No viste el video anterior?

    Te dejo el link para que te pongás al día 👇

    youtu.be/QNeJ4a7powo

    #2fa #totp #ssh #sshd #googleauthenticator #auth #pam #linux #infosec #ciberseguridad

  14. Ya tengo listo el guión de un nuevo video para el canal de #YouTube de #juncotic, para el curso de Hardening y el de SSH!

    Continuamos con lo que introduje en el video anterior: 2fa con TOTP en SSH usando google-authenticator y PAM.

    Esta vez: mecanismos de recuperación si se nos cayó el celular/móvil al agua 😅

    ¿No viste el video anterior?

    Te dejo el link para que te pongás al día 👇

    youtu.be/QNeJ4a7powo

    #2fa #totp #ssh #sshd #googleauthenticator #auth #pam #linux #infosec #ciberseguridad

  15. Ya tengo listo el guión de un nuevo video para el canal de #YouTube de #juncotic, para el curso de Hardening y el de SSH!

    Continuamos con lo que introduje en el video anterior: 2fa con TOTP en SSH usando google-authenticator y PAM.

    Esta vez: mecanismos de recuperación si se nos cayó el celular/móvil al agua 😅

    ¿No viste el video anterior?

    Te dejo el link para que te pongás al día 👇

    youtu.be/QNeJ4a7powo

    #2fa #totp #ssh #sshd #googleauthenticator #auth #pam #linux #infosec #ciberseguridad

  16. Ya tengo listo el guión de un nuevo video para el canal de #YouTube de #juncotic, para el curso de Hardening y el de SSH!

    Continuamos con lo que introduje en el video anterior: 2fa con TOTP en SSH usando google-authenticator y PAM.

    Esta vez: mecanismos de recuperación si se nos cayó el celular/móvil al agua 😅

    ¿No viste el video anterior?

    Te dejo el link para que te pongás al día 👇

    youtu.be/QNeJ4a7powo

    #2fa #totp #ssh #sshd #googleauthenticator #auth #pam #linux #infosec #ciberseguridad

  17. Ya tengo listo el guión de un nuevo video para el canal de #YouTube de #juncotic, para el curso de Hardening y el de SSH!

    Continuamos con lo que introduje en el video anterior: 2fa con TOTP en SSH usando google-authenticator y PAM.

    Esta vez: mecanismos de recuperación si se nos cayó el celular/móvil al agua 😅

    ¿No viste el video anterior?

    Te dejo el link para que te pongás al día 👇

    youtu.be/QNeJ4a7powo

    #2fa #totp #ssh #sshd #googleauthenticator #auth #pam #linux #infosec #ciberseguridad

  18. Claramente no todo se puede hacer con #SSH 😜

    Acá probando "sudo sshd -t" para verificar la sintaxis del archivo de configuración del servidor.

    Se viene nuevo contenido en #JuncoTIC, se nota? 😉

    #gnu #linux #openssh #sshd #humor #lol

  19. Claramente no todo se puede hacer con #SSH 😜

    Acá probando "sudo sshd -t" para verificar la sintaxis del archivo de configuración del servidor.

    Se viene nuevo contenido en #JuncoTIC, se nota? 😉

    #gnu #linux #openssh #sshd #humor #lol

  20. Claramente no todo se puede hacer con #SSH 😜

    Acá probando "sudo sshd -t" para verificar la sintaxis del archivo de configuración del servidor.

    Se viene nuevo contenido en #JuncoTIC, se nota? 😉

    #gnu #linux #openssh #sshd #humor #lol

  21. Claramente no todo se puede hacer con #SSH 😜

    Acá probando "sudo sshd -t" para verificar la sintaxis del archivo de configuración del servidor.

    Se viene nuevo contenido en #JuncoTIC, se nota? 😉

    #gnu #linux #openssh #sshd #humor #lol

  22. Claramente no todo se puede hacer con #SSH 😜

    Acá probando "sudo sshd -t" para verificar la sintaxis del archivo de configuración del servidor.

    Se viene nuevo contenido en #JuncoTIC, se nota? 😉

    #gnu #linux #openssh #sshd #humor #lol

  23. Once there was blog.stribik.technology/2015/0, which was fine. Now there is infosec.mozilla.org/guidelines, which doesn't include a date of the last update* (except perhaps the copyright 2017).

    Where can I find current recommended SSH settings, with post-quantum and stuff?

    * Oh, how I loathe websites that don't add the dates of creation and/or last update!

    #ssh #sshd #sshd_config

  24. Once there was blog.stribik.technology/2015/0, which was fine. Now there is infosec.mozilla.org/guidelines, which doesn't include a date of the last update* (except perhaps the copyright 2017).

    Where can I find current recommended SSH settings, with post-quantum and stuff?

    * Oh, how I loathe websites that don't add the dates of creation and/or last update!

    #ssh #sshd #sshd_config

  25. Once there was blog.stribik.technology/2015/0, which was fine. Now there is infosec.mozilla.org/guidelines, which doesn't include a date of the last update* (except perhaps the copyright 2017).

    Where can I find current recommended SSH settings, with post-quantum and stuff?

    * Oh, how I loathe websites that don't add the dates of creation and/or last update!

    #ssh #sshd #sshd_config

  26. Once there was blog.stribik.technology/2015/0, which was fine. Now there is infosec.mozilla.org/guidelines, which doesn't include a date of the last update* (except perhaps the copyright 2017).

    Where can I find current recommended SSH settings, with post-quantum and stuff?

    * Oh, how I loathe websites that don't add the dates of creation and/or last update!

    #ssh #sshd #sshd_config

  27. Once there was blog.stribik.technology/2015/0, which was fine. Now there is infosec.mozilla.org/guidelines, which doesn't include a date of the last update* (except perhaps the copyright 2017).

    Where can I find current recommended SSH settings, with post-quantum and stuff?

    * Oh, how I loathe websites that don't add the dates of creation and/or last update!

    #ssh #sshd #sshd_config

  28. 找了个时间优化了服务器便利性和“安全性”

    1. Termius访问
    Termius生成三个密钥分配给三台服务器
    export到~/.ssh/authorized_keys
    检查authorized_keys内容正确
    测试密钥&无密码登录

    2. 配置ufw
    sudo ufw default deny incoming
    sudo ufw default allow outgoing
    sudo ufw allow http
    sudo ufw allow https
    sudo ufw allow 特殊端口/tcp
    sudo ufw enable
    sudo ufw status verbose

    3. 配置fail2ban
    sudo nano /etc/fail2ban/jail.local
    [DEFAULT]
    bantime = 1h
    findtime = 10m
    maxretry = 5
    banaction = ufw
    ignoreip = 127.0.0.1/8 ::1 X Y Z
    [sshd]
    enabled = true
    port = 特殊端口
    backend = systemd

    sudo apt update && sudo apt install python3-systemd -y
    sudo systemctl enable --now fail2ban
    sudo systemctl restart fail2ban
    sudo fail2ban-client status sshd

    3. 配置sshd_config
    sudo nano /etc/ssh/sshd_config
    Port 特殊端口
    PermitRootLogin no
    PubkeyAuthentication yes
    PasswordAuthentication no

    sudo sshd -t
    sudo systemctl restart ssh

    4. 更改hostname
    sudo hostnamectl set-hostname xxx
    sudo nano /etc/hosts
    修改127.0.1.1 后主机名为xxx
    hostnamectl status

    5. 配置互通
    ssh-keygen -t ed25519 -C "from_$(hostname)" -N "" -f ~/.ssh/id_ed25519
    cat id_ed25519.pub
    nano ~/.ssh/authorized_keys
    一共三行,Termius pub、其他两台服务器的pub

    6. 配置Alias
    nano ~/.bashrc
    alias nc='ssh -p 特殊端口 jay@ipX'
    alias cc='ssh -p 特殊端口 jay@ipY'
    alias hd='ssh -p 特殊端口 jay@ipZ'
    source ~/.bashrc
    nc (netcup)
    cc (clawcloud)
    hd (hostdzire)
    或者
    nano ~/.ssh/config
    Host nc
    HostName X
    Port 特殊端口
    User jay
    Host cc
    HostName Y
    Port 特殊端口
    User jay
    Host hd
    HostName Z
    Port 特殊端口
    User jay
    ssh nc
    ssh cc
    ssh hd
    还可以加上“ProxyJump cc”连 xxx 之前先跳到 cc

    #ssh #sshd #pub #alias #ProxyJump #authorized_keys #termius #ufw #fail2ban

  29. 找了个时间优化了服务器便利性和“安全性”

    1. Termius访问
    Termius生成三个密钥分配给三台服务器
    export到~/.ssh/authorized_keys
    检查authorized_keys内容正确
    测试密钥&无密码登录

    2. 配置ufw
    sudo ufw default deny incoming
    sudo ufw default allow outgoing
    sudo ufw allow http
    sudo ufw allow https
    sudo ufw allow 特殊端口/tcp
    sudo ufw enable
    sudo ufw status verbose

    3. 配置fail2ban
    sudo nano /etc/fail2ban/jail.local
    [DEFAULT]
    bantime = 1h
    findtime = 10m
    maxretry = 5
    banaction = ufw
    ignoreip = 127.0.0.1/8 ::1 X Y Z
    [sshd]
    enabled = true
    port = 特殊端口
    backend = systemd

    sudo apt update && sudo apt install python3-systemd -y
    sudo systemctl enable --now fail2ban
    sudo systemctl restart fail2ban
    sudo fail2ban-client status sshd

    3. 配置sshd_config
    sudo nano /etc/ssh/sshd_config
    Port 特殊端口
    PermitRootLogin no
    PubkeyAuthentication yes
    PasswordAuthentication no

    sudo sshd -t
    sudo systemctl restart ssh

    4. 更改hostname
    sudo hostnamectl set-hostname xxx
    sudo nano /etc/hosts
    修改127.0.1.1 后主机名为xxx
    hostnamectl status

    5. 配置互通
    ssh-keygen -t ed25519 -C "from_$(hostname)" -N "" -f ~/.ssh/id_ed25519
    cat id_ed25519.pub
    nano ~/.ssh/authorized_keys
    一共三行,Termius pub、其他两台服务器的pub

    6. 配置Alias
    nano ~/.bashrc
    alias nc='ssh -p 特殊端口 jay@ipX'
    alias cc='ssh -p 特殊端口 jay@ipY'
    alias hd='ssh -p 特殊端口 jay@ipZ'
    source ~/.bashrc
    nc (netcup)
    cc (clawcloud)
    hd (hostdzire)
    或者
    nano ~/.ssh/config
    Host nc
    HostName X
    Port 特殊端口
    User jay
    Host cc
    HostName Y
    Port 特殊端口
    User jay
    Host hd
    HostName Z
    Port 特殊端口
    User jay
    ssh nc
    ssh cc
    ssh hd
    还可以加上“ProxyJump cc”连 xxx 之前先跳到 cc

    #ssh #sshd #pub #alias #ProxyJump #authorized_keys #termius #ufw #fail2ban

  30. The mighty world of BSD

    Playing with again smolBSD, a fantastic metaOS system that I talked about a few weeks ago.
    I'm a newbie, a greenhorn, when it comes to meta-operating systems built on top of NetBSD.

    I am very eager to learn by doing, making mistakes in the process, correcting and feel the warmth of the BSD community, who is happy to correct, esp when I show that I read the docs after making the mistakes

    The journey is fantastic, the learning process is fun. microVM's are amazing. I've registered 11ms boot times on this small machine with a few CPU cores (and 40GB RAM). The fun is endless

    #programming #technology #BSD #netBSD #metaOS #microVM #networking #qemu #host #bmake #curl #sshd #Linux

    smolbsd.org/

  31. The mighty world of BSD

    Playing with again smolBSD, a fantastic metaOS system that I talked about a few weeks ago.
    I'm a newbie, a greenhorn, when it comes to meta-operating systems built on top of NetBSD.

    I am very eager to learn by doing, making mistakes in the process, correcting and feel the warmth of the BSD community, who is happy to correct, esp when I show that I read the docs after making the mistakes

    The journey is fantastic, the learning process is fun. microVM's are amazing. I've registered 11ms boot times on this small machine with a few CPU cores (and 40GB RAM). The fun is endless

    #programming #technology #BSD #netBSD #metaOS #microVM #networking #qemu #host #bmake #curl #sshd #Linux

    smolbsd.org/

  32. The mighty world of BSD

    Playing with again smolBSD, a fantastic metaOS system that I talked about a few weeks ago.
    I'm a newbie, a greenhorn, when it comes to meta-operating systems built on top of NetBSD.

    I am very eager to learn by doing, making mistakes in the process, correcting and feel the warmth of the BSD community, who is happy to correct, esp when I show that I read the docs after making the mistakes

    The journey is fantastic, the learning process is fun. microVM's are amazing. I've registered 11ms boot times on this small machine with a few CPU cores (and 40GB RAM). The fun is endless

    #programming #technology #BSD #netBSD #metaOS #microVM #networking #qemu #host #bmake #curl #sshd #Linux

    smolbsd.org/

  33. The mighty world of BSD

    Playing with again smolBSD, a fantastic metaOS system that I talked about a few weeks ago.
    I'm a newbie, a greenhorn, when it comes to meta-operating systems built on top of NetBSD.

    I am very eager to learn by doing, making mistakes in the process, correcting and feel the warmth of the BSD community, who is happy to correct, esp when I show that I read the docs after making the mistakes

    The journey is fantastic, the learning process is fun. microVM's are amazing. I've registered 11ms boot times on this small machine with a few CPU cores (and 40GB RAM). The fun is endless

    #programming #technology #BSD #netBSD #metaOS #microVM #networking #qemu #host #bmake #curl #sshd #Linux

    smolbsd.org/

  34. The mighty world of BSD

    Playing with again smolBSD, a fantastic metaOS system that I talked about a few weeks ago.
    I'm a newbie, a greenhorn, when it comes to meta-operating systems built on top of NetBSD.

    I am very eager to learn by doing, making mistakes in the process, correcting and feel the warmth of the BSD community, who is happy to correct, esp when I show that I read the docs after making the mistakes

    The journey is fantastic, the learning process is fun. microVM's are amazing. I've registered 11ms boot times on this small machine with a few CPU cores (and 40GB RAM). The fun is endless

    #programming #technology #BSD #netBSD #metaOS #microVM #networking #qemu #host #bmake #curl #sshd #Linux

    smolbsd.org/

  35. Monitoring my ssh connections on the SBC Pi5

    the command used is this fuction

    `function psgrep() { ps axuf | grep -v grep | grep "$@" -i --color=auto; }`

    #networking #sshd #ssh #ps #grep #psgrep #OpenSource #POSIX

  36. Monitoring my ssh connections on the SBC Pi5

    the command used is this fuction

    `function psgrep() { ps axuf | grep -v grep | grep "$@" -i --color=auto; }`

    #networking #sshd #ssh #ps #grep #psgrep #OpenSource #POSIX

  37. Monitoring my ssh connections on the SBC Pi5

    the command used is this fuction

    `function psgrep() { ps axuf | grep -v grep | grep "$@" -i --color=auto; }`

    #networking #sshd #ssh #ps #grep #psgrep #OpenSource #POSIX

  38. Monitoring my ssh connections on the SBC Pi5

    the command used is this fuction

    `function psgrep() { ps axuf | grep -v grep | grep "$@" -i --color=auto; }`

    #networking #sshd #ssh #ps #grep #psgrep #OpenSource #POSIX

  39. Monitoring my ssh connections on the SBC Pi5

    the command used is this fuction

    `function psgrep() { ps axuf | grep -v grep | grep "$@" -i --color=auto; }`

    #networking #sshd #ssh #ps #grep #psgrep #OpenSource #POSIX

  40. Some how I am very envious of the 60MB RAM footprint while booting into a #linode #vps. The best I could get onto my #homelab is 300MB usage on a #Ubuntu cloud image. This is unfortunately the same as my desktop #ArchLinux with #KDE running.

    The Ubuntu server image idled at 600MB RAM usage with #docker & #sshd. The culprits using most ram are #snapd & #multipathd.

  41. Some how I am very envious of the 60MB RAM footprint while booting into a #linode #vps. The best I could get onto my #homelab is 300MB usage on a #Ubuntu cloud image. This is unfortunately the same as my desktop #ArchLinux with #KDE running.

    The Ubuntu server image idled at 600MB RAM usage with #docker & #sshd. The culprits using most ram are #snapd & #multipathd.

  42. Some how I am very envious of the 60MB RAM footprint while booting into a #linode #vps. The best I could get onto my #homelab is 300MB usage on a #Ubuntu cloud image. This is unfortunately the same as my desktop #ArchLinux with #KDE running.

    The Ubuntu server image idled at 600MB RAM usage with #docker & #sshd. The culprits using most ram are #snapd & #multipathd.