OpenSSH

fount of useless knowledge

SSH Agent Forwarding Vulnerability and Alternative
ssh

SSH Agent Forwarding Vulnerability and Alternative

One of the things that I really like about ssh-agent is its ability to forward itself to remotes. By sending the agent instead of setting keys on each box, I’m locking down access to a few machines that I know and trust. It’s amazingly convenient and has saved me so much headache. As I was doing research for a previous post, I kept seeing hints that maybe forwarding the agent isn’t actually a very good idea.

  • CJ Harries
    CJ Harries
CJ Harries 7 min read
Sensible SSH with Ansible: An Ansible Primer
Sensible SSH with Ansible

Sensible SSH with Ansible: An Ansible Primer

This is the third in a series of several posts on how to manage ssh via Ansible. It was inspired by a warning from Venafi that gained traction in the blogosphere (read: my Google feed for two weeks). I don’t know many people that observe good ssh security, so my goal is to make it more accessible and (somewhat) streamlined. This post serves as an Ansible primer. It assumes shell knowledge but nothing else.

  • CJ Harries
    CJ Harries
CJ Harries 25 min read
Sensible SSH with Ansible: Vagrant Setup
Sensible SSH with Ansible

Sensible SSH with Ansible: Vagrant Setup

This is the second in a series of several posts on how to manage ssh via Ansible. It was inspired by a warning from Venafi that gained traction in the blogosphere (read: my Google feed for two weeks). I don’t know many people that observe good ssh security, so my goal is to make it more accessible and (somewhat) streamlined. This post looks at how to quickly and easily mimick common environments in Vagrant.

  • CJ Harries
    CJ Harries
CJ Harries 14 min read
Sensible SSH with Ansible: Overview
Sensible SSH with Ansible

Sensible SSH with Ansible: Overview

This is the first in a series of several posts on how to manage ssh via Ansible. It was inspired by a warning from Venafi that gained traction in the blogosphere (read: my Google feed for two weeks). I don’t know many people that observe good ssh security, so my goal is to make it more accessible and (somewhat) streamlined. The Series so Far Code Executive Summary Note Compiling the Series Posts Software Main Windows My Environment Tool Overview ssh Ansible Optional: Vagrant The Series so Far Overview (This section should get updated as series progresses.

  • CJ Harries
    CJ Harries
CJ Harries 12 min read