| 23 Apr 2025 |
 K900 | That's probably https://git.lix.systems/lix-project/lix/issues/805 | 09:20:42 |
 Ramses 🇵🇸 | Ugh, yeah my default shell is fish | 09:24:07 |
| K900 | I'm surprised fish also fails | 09:24:42 |
| K900 | Presumably | 09:24:47 |
| Ramses 🇵🇸 | Would ssh's LocalCommand be sufficient to detect that the connection was set up? Or do we really need to run something on the remote side? | 09:25:08 |
| K900 | LocalCommand breaks with multiplexing | 09:25:34 |
| Ramses 🇵🇸 | I guess it offers slightly less guarantees about the state of the other side | 09:25:38 |
| Ramses 🇵🇸 | Oh, ok | 09:25:45 |
| K900 | Can you try my CL? | 09:26:12 |
| K900 | It's linked on the issue | 09:26:15 |
| Ramses 🇵🇸 | Actually, the key that I use has a command forced in authorized_keys, maybe that's the more likely culprit here | 09:27:49 |
| Ramses 🇵🇸 | So it doesn't actually run the command that lix sends, it only runs nix-daemon --stdio | 09:28:23 |
| K900 | Yes that would also doi t | 09:28:42 |
| K900 | * Yes that would also do it | 09:28:44 |
| K900 | Though that would also ALSO break my CL | 09:28:51 |
| K900 | So that's fun | 09:28:58 |
| Ramses 🇵🇸 | Yeah, I guess I can modify the command to include the echo, but it isn't great that such implementation details are leaking into the ssh config of the builders | 09:29:43 |
| K900 | SSH is fucked | 09:32:04 |
| K900 | Completely | 09:32:07 |
 piegames | Let's make a successor? | 09:54:17 |
| piegames | SSH, maybe based on SSH libs, but without a fucking login shell, designed for inter machine communication | 09:54:17 |
| K900 | Isn't that just mTLS | 10:08:19 |
 KFears (burning out) | Yeah that's just mTLS | 12:09:05 |
| KFears (burning out) | You can also do an interactive session there to get back to SSH awfulness | 12:09:48 |
 helle (just a stray cat girl) | urgh, need to provide feedback on the file fixtures, but uuuh, not quite have the energy for it today, right, hope that will be fine to do tomorrow | 13:33:57 |
| KFears (burning out) | It's fine, late April is a lazy time for everyone | 13:39:04 |
 Irenes | yeah I've dug into the TLS protocol and the SSH protocol and, like... | 20:38:57 |
| Irenes | TLS grew out of SSH but you really do want TLS or mTLS, not SSH, if you're designing something new | 20:39:07 |
| Irenes | it has super important features such as SNI | 20:39:18 |
| Irenes | (useful for large deployments that want to put a reverse proxy in front of the backend) | 20:39:35 |
