Comment on What Self-Hosted Single Sign-On (SSO) do you use?
nickwitha_k@lemmy.sdf.org 1 year agoI’m still trying to cover up with a good one to allow more self-hosting. Probably a SHTF security key kept in a safe that can be used with physical access.
My “plan” is to SSH in and figure out what’s wrong.
The problem here being that you have a circular dependency:
- SSH auth requires OpenLDAP/Keycloak
- SSH access is required to fix broken OpenLDAP/Keycloak
- GOTO 1
Deebster@lemmyrs.org 1 year ago
My SSH auth uses SSH keys stored in authorized_keys, but I see your point. For me, OpenLDAP will be letting users in to the various services and SSH is outside that. I suppose SFTP could be something I want, but I'd be tempted to put a new sshd inside a container and have it more restricted than the system one.
I think the backup key idea is definitely the most broadly applicable, but there's physical/KVM for a more old school access route.