Comment on Fully self-hosted password manager options
irmadlad@lemmy.world 1 day agoif you don’t incorporate a backdoor
I’ve often thought about this, and since it has come up in convo, I’ll ask: If you were to implement a backdoor to your server, how would you go about that? Currently I have 3 vps and one rack in the closet. It is the vps I’m interested in the most. Only one vps offers a rescue ssh, and yes I can confirm, if you are not exceedingly careful on my setup, you can lock yourself right out. I run tailscale on everything and I often wondered if I could incorporate tailscale as a emergency backdoor.
Darkassassin07@lemmy.ca 1 day ago
Most of my web services are behind my vpn, but there are a couple I expose publicly for friends/family to use. Things like emby, ombi, and some generic file sharing with file browser.
One of these has a long custom path setup in nginx which, instead of proxying to the named service, will instead ask for http basic auth credentials. Use the correct host+path, then provide the correct user+pass, and you’ll be served an openvpn configuration file which includes an encrypted private key. Decrypt that and you’ve got backdoor vpn access.