bless
stateless-workstation-config
bless | stateless-workstation-config | |
---|---|---|
6 | 1 | |
2,729 | 22 | |
0.2% | - | |
0.0 | 6.4 | |
9 months ago | 3 months ago | |
Python | Jinja | |
Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bless
-
What are SSH Certificate Authority solutions?
In the quick search I learned about ssh cert authority which looks very manual and also like a dead project smallstep's step-ca who put together very nice article about how to begin certificate authority process Netflix' BLESS is AWS only Cashier which also looks quite ok
-
What is the best way to manage SSH identities and access on scale?
NETFLIX BLESS - Bastion's Lambda Ephemeral SSH Service
- Has anyone here heard of the term “infrastructure access platform” or StrongDm or Teleport?
- Cryptojacking Attacks Continue To Target SSH Servers
- How often should I rotate my SSH keys?
-
Why SSH certificates are awesome
3. BLESS - By Netflix
stateless-workstation-config
-
How often should I rotate my SSH keys?
> An even more robust approach is to use some kind of hardware token that can sign short-lived ssh keys, and teach all your servers how to deal with those. That’s neat, but it’s hard to deploy (needs custom ssh settings).
Ahem, no. I use Yubikeys for a few years now. They are literally braindead to use, and works out of the box in recent Ubuntu. Here is an Absible role to get started: https://github.com/cristiklein/stateless-workstation-config/...
Stop making excuses and start protecting your SSH keys!
Disclaimer: I'm not compensated in any way by Yubico, but their product is so darn good that I really want people to start using it.
What are some alternatives?
certificates - 🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
secretive - Store SSH keys in the Secure Enclave
the-bastion - Authentication, authorization, traceability and auditability for SSH accesses.
sekey - Use Touch ID / Secure Enclave for SSH Authentication!
cashier - A self-service CA for OpenSSH
sharkey - Sharkey is a service for managing certificates for use by OpenSSH
openssh-sk-winhello - A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API
keymaster - Short term certificate based identity system (ssh/x509 ca + openidc)
streamalert - StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
bundlewrap - Config management with Python