[07:54] <marcoagpinto> Morning!
[18:56] <tomreyn> TJ-: maybe monkeysphere would have been for you?
[18:56] <TJ-> who? what!? 
[18:57] <tomreyn> https://packages.debian.org/bullseye/monkeysphere (also in ubuntu)
[18:59] <TJ-> oh, thought you meant some nickname asking for help
[19:02] <TJ-> no, GPG would be a terrible layer to maintain on top. But, monkeysphere is 'old'  and no longer maintained by upstream so far as I can tell
[19:03] <tomreyn> TJ-: yes, that appears to be the case
[19:03] <tomreyn> i guess if you're using X.509 anyways, then having everything use certificates can be desirable
[19:07] <leftyfb> TJ-: what is the ask here?
[19:08] <leftyfb> we've been looking at teleport to manage authentication 
[19:08] <TJ-> ask?
[19:09] <leftyfb> TJ-: sorry, it look like you were looking for a solution to a problem and tomreyn was giving you a suggestion. Knowing that moneysphere is basically a system for managing ssh access, I offered up teleport as a suggestion as well
[19:11] <tomreyn> thanks leftyfb, i hadn't thought of teleport and that's actually something i should look into.
[19:12] <leftyfb> tomreyn: I actually had a zoom call with one of their founds trying to troubleshoot some issues I had. The problem turned out to be their documentation :)
[19:13] <leftyfb> still have a ways to go to figure out the certificate stuff so I can setup the ssh proxy stuff. Then it'll be golden for our us
[19:13] <leftyfb> use*
[19:13] <tomreyn> they definitely release early and often
[19:14] <tomreyn> hmm, this might be useful.
[19:28] <TJ-> I like how the common theme for Teleport is "behind NAT" !
[19:36] <tomreyn> hehe, good old ipv4 times
[19:37] <TJ-> does the proxy rely on Javascript?
[19:38] <TJ-> can't find any docs on that - it looks rather as if tsh login assumes a GUI session with a JS-enabled web browser
[19:39] <leftyfb> tsh is their CLI client, not dependent on any GUI or JS
[19:39] <leftyfb> the browser can also be used as a client
[19:43] <TJ-> leftyfb: I know tsh is CLI, but 'tsh login --proxy  ..." launches a web browser for sign-on it says
[19:43] <TJ-> "Teleport proxy serves the login screen on https://proxy.example.com:3080 where users are asked for their username, password, and a 2nd factor. If a 3rd party identity such as Github is used, the proxy forwards the user to Github using OAuth2."
[19:43] <leftyfb> ah, that's for the initial auth, yes. After that you should be able to use 2FA
[19:44] <TJ-> so it probably wouldn't work without a GUI, like with w3m/lynx/etc.
[19:44] <leftyfb> I would ping them on their Slack channel. They are very responsive and you're getting the devs, not just support engineers
[19:46] <TJ-> ahhh, it's GoLang. not touching it.
[19:47] <TJ-> just as bad as node.js 
[19:51] <leftyfb> so picky :)
[19:52] <TJ-> no, not picky. It's impossible to verify the code since it uses imports from huge numbers of unknown github repos
[19:52] <TJ-> same flaw as node.js with npm
[19:54] <TJ->  for a critical security focused tool that is a fatal flaw
[19:55] <TJ-> e.g. auth/native/native.go imports github.com/jonboulle/clockwork  ... so now you've got to figure out which exact commit was pulled, and whats in that repo