Comment on Why isn't using a key file the most common way to log into self-hosted servers?
jj4211@lemmy.world 4 days ago
For ssh, ssh keys.
For https, webauthn is the way to do it, though services are relatively rare, particularly for self hosting, partly because browsers are very picky about using a domain name with valid cert, so browsers won’t allow them by ip or if you click through a self signed cert
erock@lemmy.ml 2 days ago
As someone who implemented webauthn for my $work it was a terrible DX to setup. Webauthn requires an https domain so that alone is going to be a barrier for many self hosted services. Getting the configuration right will also be prohibitive.
jj4211@lemmy.world 2 days ago
Getting a dns name is straightforward enough, and let’s encrypt to get a tla cert…
But for purely internal services that you didn’t otherwise want to publish extremely, the complexity goes way up (either maintain a bunch of domain names externally to renew certificates and use a private DNS to point them to the real place locally, or make your own CA and make all the client devices enroll it. Of course I’m less concerned about passkeys internally.