Yeah, I was able to set it up using the openwrt interface luci. Just ignore the other stuff, experiment in luci until you dial it in

https://openwrt.org/docs/guide-user/network/vlan/switch_configuration

Independent third party to ensure boundaries are set and clearly communicated between the actors, and to observe the act to ensure process is followed and to stop things if they are not.

It is self hosted

It is not on-prem

Get a slot adapter first, to male sure your use case works before doing the physical mods others are talking about

Now… Now… Wait until they have to debug it

I have a UPS designed to run long enough to shutdown my server gracefully. I can manually turn it back on if the outage is extended.

If I was designing a critical service the ups would have enough runtime to switch over to some other power system (solar batteries, generator, second circuit, etc)

Having written code for 2 of these… I feel attacked

A docker image

The key is defense in depth. Don’t trust anything more then you need to. Even if your router is compromised the hosts should be hardened, the traffic should be encrypted, etc

Clamav against any new downloaded files. That’s about it

Pascal breathing heavily in the common room

for nop in $(seq 1 200); do
    open -a Terminal --new &
    sleep 0.1
done

One of us, one of us

You do need it.

If your anything like me you end up with 200 terminal windows open on your desktop.

With a Terminal multiplexer you can attach to named sessions from any terminal open and get the correct context for long running things you care about

Windows 10 enterprise iot ltsc is supported until 2032. It’s available in the usual online places. Mass grave etc

deleted by creator

Kde connect is also a option

That’s awesome!

Fair enough;

Do a dry run for a CLIENT key, make sure you have the libfido2 middleware installed and working; Ensure you have set your sshd_config file properly with no-touch-required

From the documentation " Note: not all tokens support disabling the touch requirement." so do a test client side before banging your head on it.

Can you explain to me the workflow you have envisioned for the host identity key in /etc/ssh being keyed of a FIDO2 secure element? You plug a secure element into a server?

Sounds like you want something like a HSM that integrates into your sshd to pull the certificates. Even then you have the chicken and egg problem, how do you identify the hardware to the HSM? You need some trusted boot environment, and now your down into vender specific implementations to “trust” the booted hardware.

https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html

I followed this guide and works fine for me, macos client.