| 19 Feb 2025 |
|  @loc:locrealloc.de left the room. | 11:40:32 |
|  TobiNary joined the room. | 21:25:51 |
| 20 Feb 2025 |
|  mmongelli99 set a profile picture. | 03:40:47 |
| 21 Feb 2025 |
|  alexandi joined the room. | 06:52:42 |
|  jolly.roberts left the room. | 16:32:28 |
 @adam:robins.wtf | In reply to @hexa:lossy.network
please report back once you know 🙂 Yes Lego can do 6 day certs now https://github.com/go-acme/lego/releases/tag/v4.22.0 | 22:21:05 |
| @adam:robins.wtf | https://letsencrypt.org/2025/02/20/first-short-lived-cert-issued/ | 22:21:24 |
 hexa | Yes, I saw that earlier as well | 22:58:13 |
| 22 Feb 2025 |
| @adam:robins.wtf | And already merged a few days ago https://github.com/NixOS/nixpkgs/pull/382863 | 02:18:35 |
| hexa | yup, set a profile and gg | 02:19:55 |
| hexa | --profile shortlived | 02:22:56 |
| @adam:robins.wtf | Guess I’ll close these two outdated PRs for lego… | 02:30:33 |
| 24 Feb 2025 |
|  Zm94ZGV2 changed their profile picture. | 13:16:03 |
|  @thunder:kotiboksi.xyz left the room. | 21:04:30 |
| 25 Feb 2025 |
|  Federico Damián Schonborn changed their profile picture. | 01:35:55 |
| 26 Feb 2025 |
|  tactfulvessel joined the room. | 00:02:22 |
|  samw joined the room. | 09:50:42 |
| hexa | the ssh connect rate on my oracle box is super high | 20:16:42 |
| hexa | like multiple per second | 20:16:45 |
| hexa | varying ip addresses, few penalties issued by sshd | 20:17:04 |
| hexa | they mostly fail in preauth | 20:17:43 |
| hexa | so now i reduced the kexAlgorithms to just sntrup761x25519-sha512@openssh.com and now I get close to 100% kexalgo mismatches | 20:17:59 |
| hexa | how does everyone else deal with that? | 20:18:59 |
| hexa | the first thought would be fail2ban, maybe crowdsec | 20:20:26 |
| hexa | but crowdsec is of course a bit weird 🙂 | 20:20:51 |
| hexa | I don't want to trust a random community of people | 20:21:04 |
| hexa | another idea would of course be a bastion host | 20:22:11 |
| hexa | but that would make accessing the host a bit more tedious, given ssh jumps etc. | 20:22:27 |
 dgrig | It's not foolproof, but changing the default port away from 22 helps with a lot of bots | 20:22:28 |
| hexa | also a valid choice | 20:24:05 |
