this post was submitted on 04 Mar 2026
507 points (98.7% liked)

Programmer Humor

30193 readers
820 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
507
Convincing (media.piefed.social)
submitted 1 day ago by perishthethought@piefed.social to c/programmer_humor@programming.dev
32 comments fedilink hide all child comments
 

(The meme's author may be convinced but I am still not, to be clear)

From: https://terra.incognita.net/@RainofTerra/116168632108345829

you are viewing a single comment's thread
view the rest of the comments
[–] Luminous5481@anarchist.nexus 28 points 1 day ago (3 children)

this seems like something I would do too, which is why I haven't installed fail2ban

[–] ozymandias117@lemmy.world 2 points 20 hours ago

I set up, and prefer, iptables rules to rate limit logins.

I have mine set so you can connect up to 5 times per 15 minutes.

Blocks bots well enough, and if I really mess up, I just wait 15 mins

[–] ramasses@social.ozymandias.club 7 points 1 day ago (3 children)

You should really install fail2ban, juat for peace of mind. If you dont, at the very least setup SSH keys.

[–] Urist@lemmy.ml 2 points 10 hours ago

You mean key based SSH authentication? Yes, but if you have done so and this is the only attack vector, I do not see the need for fail2ban.

[–] hexagonwin@lemmy.today 2 points 1 day ago

unless I have an insecure password or a security vulnerability in sshd, how would it be a problem? I haven't had any issues for the last 6 years.

[–] Luminous5481@anarchist.nexus 2 points 1 day ago

I was making a joke. I already have rate limiting protecting my Authelia login page.

[–] smiletolerantly@awful.systems 2 points 1 day ago (2 children)

The nice thing about SSH key-based access is, I either have the key and login succeeds, or I have no business trying to log in.

That's why my remote root server bans via fail2ban after a single failed login.

Yes I've had to write support to get a KMS. Yes it's still configured like this.

[–] baguettefish@discuss.tchncs.de 1 points 1 day ago (2 children)

i am a tailscale enjoyer, which means i can set up tailscale ssh once on each machine and then from another machine just login over tailscale

[–] InternetCitizen2@lemmy.world 2 points 18 hours ago (1 children)

How's that different from normal ssh?

[–] baguettefish@discuss.tchncs.de 1 points 16 hours ago

you can disable the need for a password or key if you like, and you also don't really need fail2ban, since nothing is actually port forwarded anywhere

[–] smiletolerantly@awful.systems 2 points 1 day ago* (last edited 1 day ago)

Eh, the machine is actually in one of my wireguard nets anyways, but for different purposes.

[–] probablymissing@lemmy.world 0 points 21 hours ago (1 children)

as a nixos enjoyer, i have no idea how to setup ssh keys. fail2ban and a regular password for me.

yes, i have locked myself out of my own server for hours at a time because i'm an absolute tool.

[–] smiletolerantly@awful.systems 4 points 15 hours ago (1 children)

Ehm... I'm also on Nixos and I'd say it's super trivial.

services.openssh = {
  enable = true;
  settings = {
    PasswordAuthentication = false;
    PermitRootLogin = "no";
  };
};

users.users.<name>.openssh.authorizedKeys.keys = [ list of pubkeys ideally read from file in repo ];
[–] Urist@lemmy.ml 2 points 10 hours ago (1 children)

So easy it should be illegal! I mean, how can we feel superior if we are not wasting huge amounts of time setting things up!?

[–] smiletolerantly@awful.systems 3 points 9 hours ago

I mean, how can we feel superior if we are not wasting huge amounts of time setting things up!?

Why, by boasting that it's so easy, just look at that, it is only two options you need to set thanks to the 80 custom modules I've written to abstract the abstractions from nixpkgs!

I WISH I could put an /s here, but I cannot.