Comment on What Self-Hosted Single Sign-On (SSO) do you use?
Deebster@lemmyrs.org 1 year agoWhat's your DR plan? My "plan" is to SSH in and figure out what's wrong.
Comment on What Self-Hosted Single Sign-On (SSO) do you use?
Deebster@lemmyrs.org 1 year agoWhat's your DR plan? My "plan" is to SSH in and figure out what's wrong.
nickwitha_k@lemmy.sdf.org 1 year ago
I’m still trying to cover up with a good one to allow more self-hosting. Probably a SHTF security key kept in a safe that can be used with physical access.
The problem here being that you have a circular dependency:
Deebster@lemmyrs.org 1 year ago
My SSH auth uses SSH keys stored in authorized_keys, but I see your point. For me, OpenLDAP will be letting users in to the various services and SSH is outside that. I suppose SFTP could be something I want, but I'd be tempted to put a new sshd inside a container and have it more restricted than the system one.
I think the backup key idea is definitely the most broadly applicable, but there's physical/KVM for a more old school access route.