| marcoagpinto | Morning! | 07:54 |
|---|---|---|
| === Sven_vB_ is now known as Sven_vB | ||
| tomreyn | TJ-: maybe monkeysphere would have been for you? | 18:56 |
| TJ- | who? what!? | 18:56 |
| tomreyn | https://packages.debian.org/bullseye/monkeysphere (also in ubuntu) | 18:57 |
| TJ- | oh, thought you meant some nickname asking for help | 18:59 |
| TJ- | no, GPG would be a terrible layer to maintain on top. But, monkeysphere is 'old' and no longer maintained by upstream so far as I can tell | 19:02 |
| tomreyn | TJ-: yes, that appears to be the case | 19:03 |
| tomreyn | i guess if you're using X.509 anyways, then having everything use certificates can be desirable | 19:03 |
| leftyfb | TJ-: what is the ask here? | 19:07 |
| leftyfb | we've been looking at teleport to manage authentication | 19:08 |
| TJ- | ask? | 19:08 |
| leftyfb | TJ-: sorry, it look like you were looking for a solution to a problem and tomreyn was giving you a suggestion. Knowing that moneysphere is basically a system for managing ssh access, I offered up teleport as a suggestion as well | 19:09 |
| tomreyn | thanks leftyfb, i hadn't thought of teleport and that's actually something i should look into. | 19:11 |
| leftyfb | tomreyn: I actually had a zoom call with one of their founds trying to troubleshoot some issues I had. The problem turned out to be their documentation :) | 19:12 |
| leftyfb | still have a ways to go to figure out the certificate stuff so I can setup the ssh proxy stuff. Then it'll be golden for our us | 19:13 |
| leftyfb | use* | 19:13 |
| tomreyn | they definitely release early and often | 19:13 |
| tomreyn | hmm, this might be useful. | 19:14 |
| TJ- | I like how the common theme for Teleport is "behind NAT" ! | 19:28 |
| tomreyn | hehe, good old ipv4 times | 19:36 |
| TJ- | does the proxy rely on Javascript? | 19:37 |
| TJ- | can't find any docs on that - it looks rather as if tsh login assumes a GUI session with a JS-enabled web browser | 19:38 |
| leftyfb | tsh is their CLI client, not dependent on any GUI or JS | 19:39 |
| leftyfb | the browser can also be used as a client | 19:39 |
| TJ- | leftyfb: I know tsh is CLI, but 'tsh login --proxy ..." launches a web browser for sign-on it says | 19:43 |
| TJ- | "Teleport proxy serves the login screen on https://proxy.example.com:3080 where users are asked for their username, password, and a 2nd factor. If a 3rd party identity such as Github is used, the proxy forwards the user to Github using OAuth2." | 19:43 |
| leftyfb | ah, that's for the initial auth, yes. After that you should be able to use 2FA | 19:43 |
| TJ- | so it probably wouldn't work without a GUI, like with w3m/lynx/etc. | 19:44 |
| leftyfb | I would ping them on their Slack channel. They are very responsive and you're getting the devs, not just support engineers | 19:44 |
| TJ- | ahhh, it's GoLang. not touching it. | 19:46 |
| TJ- | just as bad as node.js | 19:47 |
| leftyfb | so picky :) | 19:51 |
| TJ- | no, not picky. It's impossible to verify the code since it uses imports from huge numbers of unknown github repos | 19:52 |
| TJ- | same flaw as node.js with npm | 19:52 |
| TJ- | for a critical security focused tool that is a fatal flaw | 19:54 |
| TJ- | e.g. auth/native/native.go imports github.com/jonboulle/clockwork ... so now you've got to figure out which exact commit was pulled, and whats in that repo | 19:55 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!