stateless-workstation-config
thoughts
stateless-workstation-config | thoughts | |
---|---|---|
1 | 3 | |
22 | 3 | |
- | - | |
6.4 | 0.0 | |
3 months ago | over 1 year ago | |
Jinja | ||
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
stateless-workstation-config
-
How often should I rotate my SSH keys?
> An even more robust approach is to use some kind of hardware token that can sign short-lived ssh keys, and teach all your servers how to deal with those. That’s neat, but it’s hard to deploy (needs custom ssh settings).
Ahem, no. I use Yubikeys for a few years now. They are literally braindead to use, and works out of the box in recent Ubuntu. Here is an Absible role to get started: https://github.com/cristiklein/stateless-workstation-config/...
Stop making excuses and start protecting your SSH keys!
Disclaimer: I'm not compensated in any way by Yubico, but their product is so darn good that I really want people to start using it.
thoughts
-
A rough proposal for sum types in Go, from a Rust compiler engineer
Yeah I was a bit sloppy when I wrote my answer. With GraphQL you can mimick tagged unions by giving each branch an object type.
I actully wrote just few days ago about how cool it would be if TypeScript-like language too had tags:
https://github.com/Ciantic/thoughts/blob/master/2021/dynamic...
- Cryptojacking Attacks Continue To Target SSH Servers
-
How often should I rotate my SSH keys?
If you use GPG and YubiKey approach, you can create the keys in offline computer, store them to YubiKey, and make paper copy of the private key. Also you probably shouldn't have only single way to access the remote computer, I still intend to store password for root that I never use.
I wrote about my endeavour with this approach just few days ago [1].
[1]: https://github.com/Ciantic/thoughts/blob/master/2021/yubikey...
What are some alternatives?
secretive - Store SSH keys in the Secure Enclave
wal-g - Archival and Restoration for databases in the Cloud
sekey - Use Touch ID / Secure Enclave for SSH Authentication!
authorized_keys - Scripts to manage many-to-many SSH access
bless - Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
sharkey - Sharkey is a service for managing certificates for use by OpenSSH
cashier - A self-service CA for OpenSSH
openssh-sk-winhello - A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API