9 votes

Matrix.org - Post-mortem and remediations for Apr 11 security incident

4 comments

  1. Deimos Link
    This is a follow-up to the incident we discussed previously on Tildes here. I haven't had a chance to look through this yet, but it looks like a very detailed post-mortem.

    This is a follow-up to the incident we discussed previously on Tildes here.

    I haven't had a chance to look through this yet, but it looks like a very detailed post-mortem.

    4 votes
  2. [3]
    user2 Link
    They mention 2FA for ssh. That sounds interesting, how does that work? I would like to set it up myself.

    They mention 2FA for ssh. That sounds interesting, how does that work? I would like to set it up myself.

    3 votes
    1. deing Link Parent
      I set up a time based one time password for my VPS' SSH using this guide from arch wiki. The post-mortem talks about "tokens" though so they probably won't use that specific method.

      I set up a time based one time password for my VPS' SSH using this guide from arch wiki. The post-mortem talks about "tokens" though so they probably won't use that specific method.

      4 votes
    2. bme Link Parent
      I've been on duo free tier for a while. Aside from needing to do ssh -4 for local connections (to skip 2fa, they don't support named ipv6 networks yet) it's pretty great. I also use ssh with...

      I've been on duo free tier for a while. Aside from needing to do ssh -4 for local connections (to skip 2fa, they don't support named ipv6 networks yet) it's pretty great. I also use ssh with signed certs with hashicorp vault. That also works pretty well too.