yubikey-agent
.NET Runtime
yubikey-agent | .NET Runtime | |
---|---|---|
15 | 608 | |
2,571 | 14,139 | |
- | 1.6% | |
0.0 | 10.0 | |
5 months ago | 6 days ago | |
Go | C# | |
BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
yubikey-agent
-
Show HN: SSH-tpm-agent – SSH agent for TPMs
This is a great idea. I now exclusively use SSH keys on hardware security modules of some kind. I use "Secretive", a mac app that does the same, plus a yubikey using yubikey-agent (https://github.com/FiloSottile/yubikey-agent; there are too many complicated ways to use SSH keys with a yubikey this is one of the friendliest ones). Depending on the security and frequency of which I access the service impacts whether I need presence confirmation or use secretive versus the yubikey.
I would be remiss to mention there are existing SSH TPM projects, not sure how this one differentiates. It seems to at least have the user experience pretty simple, similar to yubikey-agent (and secretive), and unlike some of the existing solutions which have quite a few extra steps:
-
Secretive: Store SSH Keys in the Secure Enclave
Also check out https://github.com/FiloSottile/yubikey-agent which simplifies the setup quite a bit.
-
Yubikey ssh keys with Ansible, wants to be touched constantly
I'm using it on nixOS and macOS, via Nix Packages and Homebrew respectively. It's this - https://github.com/FiloSottile/yubikey-agent I'm realizing from this thread that it's not an official package. I'll go closer to the source with ykman. Thanks!
-
Is it possible to use AGE with a Ledger hardware device?
I think the Ledger Manager only interfaces with the GPG and SSH agents, neither of which age take advantage of. But age does have support for Yubikeys (see https://github.com/FiloSottile/yubikey-agent). If you can interface with the Ledger hardware device as a Yubikey, this might work. I don't have experience here, just a thought.
-
Cloudflare Hardware Keys (Yubico Partnership)
You can use PIV for SSH just fine.
It's not OpenSSH's weird FIDO mode, but I don't like the FIDO mode anyway because it requires storing a file on the computer.
https://github.com/FiloSottile/yubikey-agent
-
Am I the only one who's nervous when SSH-agent forwarding?
I have the same concern. I modified Pageant (Windows agent) so that it prompts me before signing anything which helps ease my mind, I only approve when I know I'm connecting to a new server. There are also options like requiring a Yubikey too (https://github.com/FiloSottile/yubikey-agent)
-
Failed to fetch key with ECDSA keys via libykcs11.dll
Aging MBP, Intel based, Monterey 12.3.1 uname -v Darwin Kernel Version 21.4.0: Fri Mar 18 00:45:05 PDT 2022; root:xnu-8020.101.4~15/RELEASE_X86_64 brew info yubikey-agent yubikey-agent: stable 0.1.5 (bottled), HEAD Seamless ssh-agent for YubiKeys and other PIV tokens https://filippo.io/yubikey-agent /usr/local/Cellar/yubikey-agent/0.1.5 (7 files, 4.8MB) * ...
-
How to Store an SSH Key on a Yubikey
Unless I've missed something, SSH keys stored on Yubikeys are still hampered because you aren't allowed to a touch policy of "touch never".
Imagine needing to touch the Yubikey with each "git pull" or using Ansible to operate over SSH on a dozen servers in parallel, and needing to touch the Yubikey once for each server.
The feature request I'm tracking is here: https://github.com/FiloSottile/yubikey-agent/issues/95
The proposed feature would allow setting a touch policy for the SSH key.
- FreeBSD SSH Hardening
-
Yubikey PIV encrypted messaging system
If you can do ssh, you can sign messages: https://github.com/FiloSottile/yubikey-agent
.NET Runtime
-
Airline keeps mistaking 101-year-old woman for baby
It's an interesting "time is a circle" problem given that a century only has 100 years and then we loop around again. 2-digit years is convenient for people in many situations but they are very lossy, and horrible for machines.
It reminds me of this breaking change to .Net from last year.[1][2] Maybe AA just needs to update .Net which would pad them out until the 2050's when someone born in the 1950s would be having...exactly the same problem in the article. (It is configurable now so you could just keep pushing it each decade, until it wraps again).
Or they could use 4-digit years.
[1] https://github.com/dotnet/runtime/issues/75148
-
The software industry rapidly convergng on 3 languages: Go, Rust, and JavaScript
These can also be passed as arguments to `dotnet publish` if necessary.
Reference:
- https://learn.microsoft.com/en-us/dotnet/core/deploying/nati...
- https://github.com/dotnet/runtime/blob/main/src/coreclr/nati...
- https://github.com/dotnet/runtime/blob/5b4e770daa190ce69f402... (full list of recognized keys for IlcInstructionSet)
-
The Performance Impact of C++'s `final` Keyword
Yes, that is true. I'm not sure about JVM implementation details but the reason the comment says "virtual and interface" calls is to outline the difference. Virtual calls in .NET are sufficiently close[0] to virtual calls in C++. Interface calls, however, are coded differently[1].
Also you are correct - virtual calls are not terribly expensive, but they encroach on ever limited* CPU resources like indirect jump and load predictors and, as noted in parent comments, block inlining, which is highly undesirable for small and frequently called methods, particularly when they are in a loop.
* through great effort of our industry to take back whatever performance wins each generation brings with even more abstractions that fail to improve our productivity
[0] https://github.com/dotnet/coreclr/blob/4895a06c/src/vm/amd64...
[1] https://github.com/dotnet/runtime/blob/main/docs/design/core... (mind you, the text was initially written 18 ago, wow)
-
Java 23: The New Features Are Officially Announced
If you care about portable SIMD and performance, you may want to save yourself trouble and skip to C# instead, it also has an extensive guide to using it: https://github.com/dotnet/runtime/blob/69110bfdcf5590db1d32c...
CoreLib and many new libraries are using it heavily to match performance of manually intensified C++ code.
-
Locally test and validate your Renovate configuration files
DEBUG: packageFiles with updates (repository=local) "config": { "nuget": [ { "deps": [ { "datasource": "nuget", "depType": "nuget", "depName": "Microsoft.Extensions.Hosting", "currentValue": "7.0.0", "updates": [ { "bucket": "non-major", "newVersion": "7.0.1", "newValue": "7.0.1", "releaseTimestamp": "2023-02-14T13:21:52.713Z", "newMajor": 7, "newMinor": 0, "updateType": "patch", "branchName": "renovate/dotnet-monorepo" }, { "bucket": "major", "newVersion": "8.0.0", "newValue": "8.0.0", "releaseTimestamp": "2023-11-14T13:23:17.653Z", "newMajor": 8, "newMinor": 0, "updateType": "major", "branchName": "renovate/major-dotnet-monorepo" } ], "packageName": "Microsoft.Extensions.Hosting", "versioning": "nuget", "warnings": [], "sourceUrl": "https://github.com/dotnet/runtime", "registryUrl": "https://api.nuget.org/v3/index.json", "homepage": "https://dot.net/", "currentVersion": "7.0.0", "isSingleVersion": true, "fixedVersion": "7.0.0" } ], "packageFile": "RenovateDemo.csproj" } ] }
-
Chrome Feature: ZSTD Content-Encoding
https://github.com/dotnet/runtime/issues/59591
Support zstd Content-Encoding:
- Writing x86 SIMD using x86inc.asm (2017)
-
Why choose async/await over threads?
We might not be that far away already. There is this issue[1] on Github, where Microsoft and the community discuss some significant changes.
There is still a lot of questions unanswered, but initial tests look promising.
Ref: https://github.com/dotnet/runtime/issues/94620
-
Redis License Changed
https://github.com/dotnet/dotnet exists for source build that stitches together SDK, Roslyn, runtime and other dependencies. A lot of them can be built and used individually, which is what contributors usually do. For example, you can clone and build https://github.com/dotnet/runtime and use the produced artifacts to execute .NET assemblies or build .NET binaries.
-
Garnet – A new remote cache-store from Microsoft Research
Yeah, it kind of is. There are quite a few of experiments that are conducted to see if they show promise in the prototype form and then are taken further for proper integration if they do.
Unfortunately, object stack allocation was not one of them even though DOTNET_JitObjectStackAllocation configuration knob exists today, enabling it makes zero impact as it almost never kicks in. By the end of the experiment[0], it was concluded that before investing effort in this kind of feature becomes profitable given how a lot of C# code is written, there are many other lower hanging fruits.
To contrast this, in continuation to green threads experiment, a runtime handled tasks experiment[1] which moves async state machine handling from IL emitted by Roslyn to special-cased methods and then handling purely in runtime code has been a massive success and is now being worked on to be integrated in one of the future version of .NET (hopefully 10?)
[0] https://github.com/dotnet/runtime/issues/11192
[1] https://github.com/dotnet/runtimelab/blob/feature/async2-exp...
What are some alternatives?
wsl-ssh-agent - Helper to interface with Windows ssh-agent.exe service from Windows Subsystem for Linux (WSL)
Ryujinx - Experimental Nintendo Switch Emulator written in C#
aws-vault - A vault for securely storing and accessing AWS credentials in development environments
ASP.NET Core - ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
authelia - The Single Sign-On Multi-Factor portal for web apps
actix-web - Actix Web is a powerful, pragmatic, and extremely fast web framework for Rust.
age-plugin-yubikey - YubiKey plugin for age
WASI - WebAssembly System Interface
win-gpg-agent - [DEPRECATED] Windows helpers for GnuPG tools suite
CoreCLR - CoreCLR is the runtime for .NET Core. It includes the garbage collector, JIT compiler, primitive data types and low-level classes.
ssh-audit - SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
vgpu_unlock - Unlock vGPU functionality for consumer grade GPUs.