sekey
thoughts
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sekey
- Use TouchID to Authenticate Sudo on macOS
-
Apple/Google/Microsoft to accelerate rollout of passwordless sign‑in standard
> relaying auth requests to your phone for approval and storing secrets in the Secure Enclave
Like https://github.com/kryptco/kr [key stored in a [...] mobile app]?
Also, newer Macs have a Secure Enclave (supports 256-bit secp256r1 ECC keys):
https://github.com/maxgoedjen/secretive [storing and managing SSH keys in the Secure Enclave [...] or a Smart Card (such as a YubiKey)]
https://github.com/sekey/sekey [Use Touch ID / Secure Enclave for SSH Authentication!]
- Use Touch ID for Sudo on Mac
-
How often should I rotate my SSH keys?
Similar to the recommendations to use a YubiKey/hardware token, SeKey on a Mac lets you use a key generated in the Secure Enclave in an unexportable form (https://github.com/sekey/sekey)
thoughts
-
A rough proposal for sum types in Go, from a Rust compiler engineer
Yeah I was a bit sloppy when I wrote my answer. With GraphQL you can mimick tagged unions by giving each branch an object type.
I actully wrote just few days ago about how cool it would be if TypeScript-like language too had tags:
https://github.com/Ciantic/thoughts/blob/master/2021/dynamic...
- Cryptojacking Attacks Continue To Target SSH Servers
-
How often should I rotate my SSH keys?
If you use GPG and YubiKey approach, you can create the keys in offline computer, store them to YubiKey, and make paper copy of the private key. Also you probably shouldn't have only single way to access the remote computer, I still intend to store password for root that I never use.
I wrote about my endeavour with this approach just few days ago [1].
[1]: https://github.com/Ciantic/thoughts/blob/master/2021/yubikey...
What are some alternatives?
secretive - Store SSH keys in the Secure Enclave
wal-g - Archival and Restoration for databases in the Cloud
WSL-Hello-sudo - Let's sudo by face recognition of Windows Hello on Windows Subsystem for Linux (WSL). It runs on both WSL 1 and WSL 2. This is a PAM module for Linux on WSL.
authorized_keys - Scripts to manage many-to-many SSH access
pam-watchid - PAM plugin module that allows the Apple Watch to be used for authentication
openssh-sk-winhello - A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API
cashier - A self-service CA for OpenSSH
sudo-touchid - A fork of `sudo` with Touch ID support.
bless - Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
webauthn - Web Authentication: An API for accessing Public Key Credentials