|
Unless you fancy running your own internal CA and signing the certs with both foo and foo.whatever.com as subject alternative names and installing that root cert on all your devices
|
# ? Feb 16, 2021 02:57 |
|
|
# ? Apr 24, 2024 14:10 |
|
Rufus Ping posted:Your diagnosis is correct but there isn't really a way to make it work because the name in the cert simply doesn't match the one you're requesting if you omit the suffix internal self signed cert that you import into your browser store, but its certainly not worth it e;fb
|
# ? Feb 16, 2021 03:28 |
|
make http://edge/ redirect to https://edge.mydomain.tld/ if you want to save the typing
|
# ? Feb 16, 2021 06:05 |
Also, combine it with split-horizon DNS, just for fun.
|
|
# ? Feb 16, 2021 11:40 |
|
admiraldennis posted:https://edge.mydomain.tld/ -- works fine, yay If I want to access my Grafana instance, I go https://influx.home.mydomain.tld/ and presto. Sure, dropping the whole domain shtick makes it quicker to type, but browser autocomplete to the rescue. Combat Pretzel fucked around with this message at 14:13 on Feb 16, 2021 |
# ? Feb 16, 2021 14:03 |
|
Bye Lastpass... https://blog.lastpass.com/2021/02/changes-to-lastpass-free/
|
# ? Feb 16, 2021 18:00 |
Nobody could've seen that coming, surely.
|
|
# ? Feb 16, 2021 18:10 |
|
Its an interesting way to destroy your product, thats for sure
|
# ? Feb 16, 2021 18:17 |
|
What are some good alternatives to LastPass? I think BitWarden was pretty popular last time the question got asked.
|
# ? Feb 16, 2021 19:05 |
|
denereal visease posted:What are some good alternatives to LastPass? I think BitWarden was pretty popular last time the question got asked. LogMeOnce and Bitwarden are, I think, some of the only remaining free options that work across both PCs and mobile devices. If you're willing to pay there are a bunch of decent options, of course.
|
# ? Feb 16, 2021 19:17 |
|
denereal visease posted:What are some good alternatives to LastPass? I think BitWarden was pretty popular last time the question got asked. Bitwarden hands down from an ease of use standpoint, it seems to be like signal where it’s basically turnkey but also to my knowledge as secure as anything like could be, keepass seems to be what all the uber nerds use since you can self host and set up your own fancy 2FA stuff.
|
# ? Feb 16, 2021 19:40 |
|
1Password is great.
|
# ? Feb 16, 2021 19:43 |
|
1password is by far the best option, of all password managers.
|
# ? Feb 16, 2021 19:49 |
|
1Password is really good, I still use Keepass with a synced database.
|
# ? Feb 16, 2021 20:08 |
|
+1 to 1password I got my parents using it, you can too!
|
# ? Feb 16, 2021 20:11 |
|
I also like 1Password. Its only real downside is that it's not free. But a family plan is $5/mo for 5 people, so pretty cheap.
|
# ? Feb 16, 2021 20:14 |
|
I've been using 1Password since the stone ages and it still strikes me as the best one. I used to sync the database myself via rsync and then DropBox . Some year I finally gave in and subscribed to their hosted sync service. I also set up my Dad successfully with it.
|
# ? Feb 16, 2021 20:24 |
|
Rufus Ping posted:Unless you fancy running your own internal CA and signing the certs with both foo and foo.whatever.com as subject alternative names and installing that root cert on all your devices This piques my interest but is probably too annoying. I suppose I don't mind doing a little work and installing my own root cert on my most-used devices. But my guess is that I can't have both my own CA/cert for foo and then also a real trusted CA/cert for foo.mydomain.tld? (Maybe with a fancy dedicated https server, but note that in a bunch of cases here I'm just adding certs to pfsense, plex, freenas, etc, etc?). Subjunctive posted:make http://edge/ redirect to https://edge.mydomain.tld/ if you want to save the typing Yeah, I might do something like this. Though instead of running a bunch of http servers - I'd really just like Chrome itself to be aware of my "default DNS suffix" preference and do the redirecting on its own. Come on, where's the dumb plugin for this? BlankSystemDaemon posted:Also, combine it with split-horizon DNS, just for fun. Hmm... Combat Pretzel posted:Well, use the full name internally, too. Yeah, well, OK, maybe.
|
# ? Feb 16, 2021 20:35 |
|
I've been using Lastpass for years after I got a year in a Humble Bundle once upon a time, and probably looking to switch to BitWarden. Found there seems to be a way to import stuff, although I was ready to just spend a day moving stuff over anyway. https://bitwarden.com/help/article/import-from-lastpass/
|
# ? Feb 16, 2021 20:40 |
|
I like bitwarden because it was very easy to import all my passwords from NordPass and all my saved browser passwords. I haven’t tried 1pass but obviously that seems to be more popular, bitwarden is also free though.
|
# ? Feb 16, 2021 22:54 |
|
admiraldennis posted:But my guess is that I can't have both my own CA/cert for foo and then also a real trusted CA/cert for foo.mydomain.tld? (Maybe with a fancy dedicated https server, but note that in a bunch of cases here I'm just adding certs to pfsense, plex, freenas, etc, etc?). Yeah most appliances will only let you load a single cert chain so you can't do that unfortunately
|
# ? Feb 16, 2021 23:14 |
|
admiraldennis posted:Yeah, I might do something like this. Though instead of running a bunch of http servers - I'd really just like Chrome itself to be aware of my "default DNS suffix" preference and do the redirecting on its own. Come on, where's the dumb plugin for this? I may be way out of my depth here, but wouldn't a browser plugin that's designed to be able to forward local traffic to a TLD be a security risk of sorts if used in the wrong hands?
|
# ? Feb 16, 2021 23:14 |
|
Last Chance posted:I may be way out of my depth here, but wouldn't a browser plugin that's designed to be able to forward local traffic to a TLD be a security risk of sorts if used in the wrong hands? It would I suppose, but the original sin would be someone having the ability to install such software on your computer in the first place, at which point it's game over
|
# ? Feb 16, 2021 23:31 |
|
SpaceSDoorGunner posted:I like bitwarden because it was very easy to import all my passwords from NordPass and all my saved browser passwords. I haven’t tried 1pass but obviously that seems to be more popular, bitwarden is also free though. Back in 2015 or whatever, I was able to transfer my LastPass logins to 1Password fairly easily.
|
# ? Feb 16, 2021 23:42 |
|
I still use 1Password with a Dropbox synced database. I felt like uploading all of my secrets to a cloud provider would be risky for me to do. Risk wise, compromise or just reliant on a third party to access my own data is not ideal.
|
# ? Feb 17, 2021 04:11 |
|
Boner Wad posted:I still use 1Password with a Dropbox synced database. I felt like uploading all of my secrets to a cloud provider would be risky for me to do. Risk wise, compromise or just reliant on a third party to access my own data is not ideal. If you don't like storing your passwords on cloud services I've got some real bad news about Dropbox
|
# ? Feb 17, 2021 04:33 |
|
Boner Wad posted:I still use 1Password with a Dropbox synced database. I felt like uploading all of my secrets to a cloud provider would be risky for me to do. Risk wise, compromise or just reliant on a third party to access my own data is not ideal. Also who pays for a password manager lmbo install syncthing and keypass, done. self hosted auto syncing cloud.
|
# ? Feb 17, 2021 07:53 |
I like to KeeP rear end.
|
|
# ? Feb 17, 2021 08:54 |
|
I had terrible luck with sync programs for my KeePass file with conflicts and overwriting, so I've been running a lightweight VPS to host it with WebDAV. KeePass + WebDAV handles that stuff way more reliably than any sync solution I've tried. DigitalOcean has a guide to set it up that even a Linux newbie could follow, and you can usually find a cheap yearly price on a VPS at lowendbox.com. I think I pay $12/year for mine. The downside is that almost none of the third-party KeePass clones for Mac or Linux have WebDAV implemented so you'd have to use some crappy virtual drive or sync thing anyways which totally defeats the purpose, but I tend to avoid those platforms anyways.
|
# ? Feb 17, 2021 09:09 |
|
AgentCow007 posted:I had terrible luck with sync programs for my KeePass file with conflicts and overwriting, so I've been running a lightweight VPS to host it with WebDAV. KeePass + WebDAV handles that stuff way more reliably than any sync solution I've tried. DigitalOcean has a guide to set it up that even a Linux newbie could follow, and you can usually find a cheap yearly price on a VPS at lowendbox.com. I think I pay $12/year for mine. Jesus dude why
|
# ? Feb 17, 2021 09:29 |
|
CLAM DOWN posted:Jesus dude why I mean I use it all day every day, so spending 30 mins setting up a server that will run hands-off for years is a pretty good investment. Like I said, I have conflicts or bad overwrites way too frequently with any sync programs, and KeePass' built-in WebDAV support is phenomenal. AgentCow007 fucked around with this message at 09:48 on Feb 17, 2021 |
# ? Feb 17, 2021 09:45 |
There's no real way of doing three-way merges on encrypted flat files, so you can't have multiple databases open at the same time and expect to be able to modify them. WebDAV sort of makes this possible, but it's mostly a hack.
|
|
# ? Feb 17, 2021 10:31 |
|
Actually yeah that’s why I didn’t go with keepass- Bitwarden had worked flawlessly for me across mobile, mac, and linux. I can always just open my phone in a few seconds if I need to see it if it’s a work password and can’t install it on that device. Presumably works fine on windows but since I’ve dabbled in this stuff I’m terrified of using windows for anything more important than my steam account. I’ve been flipping through the Humble Bundles and Hacking the Art of Exploitation was exactly the book/course I’ve been looking so long for- something C based and comprehensive.
|
# ? Feb 17, 2021 11:03 |
KeePass works fine with syncthing if you just remember to not leave your password database unlocked when you aren't using it, which, you know, you should do anyway.
|
|
# ? Feb 17, 2021 12:57 |
|
BlankSystemDaemon posted:KeePass works fine with syncthing if you just remember to not leave your password database unlocked when you aren't using it, which, you know, you should do anyway. Keepass was relatively less user friendly in iOS and Mac than either Bitwarden or NordPass for me. I wanted to switch off of Nord’s system earlier so I tried Keepass first but Bitwarden kinda just worked on all my devices with less hassle. I do use keypass for my osint vm since granular control is obviously more important there. One downside if you’re in like an office environment where your stuff is left unattended is that bitwarden takes a long time to re-lock by default. Don’t know if you can change that setting since it doesn’t apply to me but that could be an issue for people who just install it and leave it to work. Butter Activities fucked around with this message at 14:00 on Feb 17, 2021 |
# ? Feb 17, 2021 13:58 |
|
keepass has separate save and sync functions. you're supposed to have a copy of the db you open, and then a "sync file" in a separate location, which you then copy around with syncthing. keepass has a trigger system that lets you automate syncing every time you hit save, so it's not a bother either once set up. i've edited keepass on my laptop, work pc, and phone while at my desk at work simultaneously and then saved and nothing was ever lost. just have to hit save again on the 2 that didn't sync last to get the last changes
|
# ? Feb 17, 2021 14:08 |
Truga posted:keepass has separate save and sync functions. you're supposed to have a copy of the db you open, and then a "sync file" in a separate location, which you then copy around with syncthing. keepass has a trigger system that lets you automate syncing every time you hit save, so it's not a bother either once set up. And just as I wrote this, I've discovered KeeShare, so now I need to look at that.
|
|
# ? Feb 17, 2021 14:52 |
|
some people just really love janitoring computers i guess
|
# ? Feb 17, 2021 16:16 |
|
Achmed Jones posted:some people just really love janitoring computers i guess Seriously
|
# ? Feb 17, 2021 17:04 |
|
|
# ? Apr 24, 2024 14:10 |
|
Achmed Jones posted:some people just really love janitoring computers i guess Don't kink shame.
|
# ? Feb 17, 2021 17:07 |