(keith.github.io)

507 points ingve | 1 comments | 18 Sep 25 20:15 UTC | HN request time: 0s | source

Show context

mmaunder ◴[18 Sep 25 20:37 UTC] No.45294710[source]▶

There’s an attack vector in there somewhere.

replies(3): >>45294968 #>>45295595 #>>45300986 #

xoa ◴[18 Sep 25 21:01 UTC] No.45294968[source]▶

Kinda struggling to think of what, beyond the well understood risks of using password-based SSH at all. But that's easily ameliorated by sticking it behind Wireguard or something similar. I think this is a pretty welcome change vs turning off FV entirely which I've had to do with Mac servers in the past.

replies(3): >>45295011 #>>45296172 #>>45301008 #

1. shawnz ◴[19 Sep 25 12:41 UTC] No.45301008[source]▶

>>45294968 #

Would Wireguard function in this pre-unlock environment?

↑

Apple: SSH and FileVault