Amicitas@lemmy.world to Technology@lemmy.worldEnglish · 2 days agoNIST proposes barring some of the most nonsensical password rulesarstechnica.comexternal-linkmessage-square127fedilinkarrow-up1478arrow-down14file-text
arrow-up1474arrow-down1external-linkNIST proposes barring some of the most nonsensical password rulesarstechnica.comAmicitas@lemmy.world to Technology@lemmy.worldEnglish · 2 days agomessage-square127fedilinkfile-text
minus-squarejj4211@lemmy.worldlinkfedilinkEnglisharrow-up28·1 day agoMeanwhile, my company has systems insisting on expiring ssh keys after 90 days…
minus-squareAnUnusualRelic@lemmy.worldlinkfedilinkEnglisharrow-up8·12 hours agoFools! You have to expire the whole system! Reinstall everything every 90 days. It’s the only way.
minus-squarejj4211@lemmy.worldlinkfedilinkEnglisharrow-up2·11 hours agoYou are going to give them ideas… Ironically, reinstall the whole system, make sure to add some CrowdStrike, SolarWinds, and Ivanti for security and management though…
minus-squareTBi@lemmy.worldlinkfedilinkEnglisharrow-up5·1 day agoMy company blocked ssh keys in favour of password + 2FA. Honestly I don’t mind the 2FA since we use yubikeys, but wouldn’t ssh key + 2FA be better?
minus-squarejj4211@lemmy.worldlinkfedilinkEnglisharrow-up1·14 hours agoAll well and good when ssh activity is anchored in a human doing interactive stuff, but not as helpful when there’s a lot of headless automation that has to get from point a to point b.
minus-squareTBi@lemmy.worldlinkfedilinkEnglisharrow-up2·10 hours agoYep. All the headless automation broke…
minus-squareJasonDJ@lemmy.ziplinkfedilinkEnglisharrow-up2·1 day agoJust store your keys on the yubikey. Problem solved. Or use a smart card profile and go that route.
Meanwhile, my company has systems insisting on expiring ssh keys after 90 days…
Fools! You have to expire the whole system!
Reinstall everything every 90 days. It’s the only way.
You are going to give them ideas…
Ironically, reinstall the whole system, make sure to add some CrowdStrike, SolarWinds, and Ivanti for security and management though…
My company blocked ssh keys in favour of password + 2FA. Honestly I don’t mind the 2FA since we use yubikeys, but wouldn’t ssh key + 2FA be better?
All well and good when ssh activity is anchored in a human doing interactive stuff, but not as helpful when there’s a lot of headless automation that has to get from point a to point b.
Yep. All the headless automation broke…
Just store your keys on the yubikey. Problem solved.
Or use a smart card profile and go that route.