thoughts
stateless-workstation-config
thoughts | stateless-workstation-config | |
---|---|---|
3 | 1 | |
3 | 22 | |
- | - | |
0.0 | 6.4 | |
over 1 year ago | 3 months ago | |
Jinja | ||
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
thoughts
-
A rough proposal for sum types in Go, from a Rust compiler engineer
Yeah I was a bit sloppy when I wrote my answer. With GraphQL you can mimick tagged unions by giving each branch an object type.
I actully wrote just few days ago about how cool it would be if TypeScript-like language too had tags:
https://github.com/Ciantic/thoughts/blob/master/2021/dynamic...
- Cryptojacking Attacks Continue To Target SSH Servers
-
How often should I rotate my SSH keys?
If you use GPG and YubiKey approach, you can create the keys in offline computer, store them to YubiKey, and make paper copy of the private key. Also you probably shouldn't have only single way to access the remote computer, I still intend to store password for root that I never use.
I wrote about my endeavour with this approach just few days ago [1].
[1]: https://github.com/Ciantic/thoughts/blob/master/2021/yubikey...
stateless-workstation-config
-
How often should I rotate my SSH keys?
> An even more robust approach is to use some kind of hardware token that can sign short-lived ssh keys, and teach all your servers how to deal with those. That’s neat, but it’s hard to deploy (needs custom ssh settings).
Ahem, no. I use Yubikeys for a few years now. They are literally braindead to use, and works out of the box in recent Ubuntu. Here is an Absible role to get started: https://github.com/cristiklein/stateless-workstation-config/...
Stop making excuses and start protecting your SSH keys!
Disclaimer: I'm not compensated in any way by Yubico, but their product is so darn good that I really want people to start using it.
What are some alternatives?
wal-g - Archival and Restoration for databases in the Cloud
secretive - Store SSH keys in the Secure Enclave
authorized_keys - Scripts to manage many-to-many SSH access
sekey - Use Touch ID / Secure Enclave for SSH Authentication!
bless - Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
cashier - A self-service CA for OpenSSH
sharkey - Sharkey is a service for managing certificates for use by OpenSSH
openssh-sk-winhello - A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API