Ssh

fount of useless knowledge

SSH Agent Forwarding Vulnerability and Alternative
ssh

SSH Agent Forwarding Vulnerability and Alternative

One of the things that I really like about ssh-agent is its ability to forward itself to remotes. By sending the agent instead of setting keys on each box, I’m locking down access to a few machines that I know and trust. It’s amazingly convenient and has saved me so much headache. As I was doing research for a previous post, I kept seeing hints that maybe forwarding the agent isn’t actually a very good idea.

  • CJ Harries
    CJ Harries
CJ Harries 7 min read
Manage Many Keys with SSH Config and KeePass
KeePass

Manage Many Keys with SSH Config and KeePass

I’ll be the first to admit my security has room for improvement. Until last year, I was reusing passwords intermixed with a terribly simple mnemonic. Until a few months ago, my phone and computer were totally unencrypted. I’ve been fighting the change because it’s scary. I’m also very lazy and have been dreading the extra work involved with good security. I’ve put off updating SSH credentials for about two years now for that exact reason.

  • CJ Harries
    CJ Harries
CJ Harries 8 min read
Sensible SSH with Ansible: An Ansible Primer
Sensible SSH with Ansible

Sensible SSH with Ansible: An Ansible Primer

This is the third in a series of several posts on how to manage ssh via Ansible. It was inspired by a warning from Venafi that gained traction in the blogosphere (read: my Google feed for two weeks). I don’t know many people that observe good ssh security, so my goal is to make it more accessible and (somewhat) streamlined. This post serves as an Ansible primer. It assumes shell knowledge but nothing else.

  • CJ Harries
    CJ Harries
CJ Harries 25 min read
Sensible SSH with Ansible: Vagrant Setup
Sensible SSH with Ansible

Sensible SSH with Ansible: Vagrant Setup

This is the second in a series of several posts on how to manage ssh via Ansible. It was inspired by a warning from Venafi that gained traction in the blogosphere (read: my Google feed for two weeks). I don’t know many people that observe good ssh security, so my goal is to make it more accessible and (somewhat) streamlined. This post looks at how to quickly and easily mimick common environments in Vagrant.

  • CJ Harries
    CJ Harries
CJ Harries 14 min read
Sensible SSH with Ansible: Overview
Sensible SSH with Ansible

Sensible SSH with Ansible: Overview

This is the first in a series of several posts on how to manage ssh via Ansible. It was inspired by a warning from Venafi that gained traction in the blogosphere (read: my Google feed for two weeks). I don’t know many people that observe good ssh security, so my goal is to make it more accessible and (somewhat) streamlined. The Series so Far Code Executive Summary Note Compiling the Series Posts Software Main Windows My Environment Tool Overview ssh Ansible Optional: Vagrant The Series so Far Overview (This section should get updated as series progresses.

  • CJ Harries
    CJ Harries
CJ Harries 12 min read
KeePass + ssh
KeePass

KeePass + ssh

I’ve been using KeePass Professional Edition for a few months now, and I’m always discovering new things to do with it. For example, I’ve got HQ photos of my driver’s license so that I can go to the gym without carrying my full wallet (if that’s illegal I totally don’t do that). I’ve got a couple of shared databases that sync off my main personal database that I can share with family and friends, which means I change update my accounts without the old hassle of texting everyone the new credentials.

  • CJ Harries
    CJ Harries
CJ Harries 6 min read