recentpopularlog in

exnihilo : ssh   79

elpy1/ssh-agent-systemd: Manage ssh-agent using systemd
Manage ssh-agent using systemd. Contribute to elpy1/ssh-agent-systemd development by creating an account on GitHub.
ssh  systemd  ssh-agent  linux 
11 days ago by exnihilo
How To Mirror Local and Remote Directories on a VPS with lsyncd | DigitalOcean
While administrating web and application servers, there are many times when it is useful to mirror directories. The lsyncd service can mirror local and remote directories in order to propagate changes from one location to another. This guide will cove
linux  rsync  lsyncd  ssh  synchronization  sysadmin 
13 days ago by exnihilo
linux - SSH from A through B to C, using private key on B - Server Fault
Host C
ProxyCommand ssh -o 'ForwardAgent yes' B 'ssh-add && nc %h %p'
ssh  proxycommand  nc  forward  agent  bastion  jumphost 
21 days ago by exnihilo
Ansible Playbook: Deploy the public key to remote hosts
Since ansible uses ssh to access to each of the remote hosts, before we execute a playbook, we need to put the public key to the ~/.ssh/authorized_keys so that you don’t need to input the password…
ansible  ssh  key  deployment 
26 days ago by exnihilo
How to connect through bastion host ? · Issue #795 · mscdex/ssh2
I want to connect through bastion host. I am trying to use following way : let conn = new ssh2.Client(); let conn2 = new ssh2.Client(); conn.connect(config); conn.on("ready", () => { console.log("first ready"); conn2.connect({ sock: conn...
ssh  ssh2  agent  forward 
27 days ago by exnihilo
Use .ssh/config? · Issue #70 · mscdex/ssh2
Is there a way to use hostnames specified in .ssh/config? I would have expected that to be handled automatically by the OS, but seemingly ssh2 requires an IP address.
ssh  ssh2  php  config  ska 
27 days ago by exnihilo
Install PLEX on Synology NAS Using Docker Compose | Lots of emryl
This is an updated writeup of setting up PLEX Server using Docker Compose on a Synology NAS. Actually there is nothing specific about Synology rather than mapped folder paths. The previous setup uses
docker  compose  synology  dsm  ssh 
4 weeks ago by exnihilo
ssh - What is a better way to deal with server disconnects of sshfs mounts? - Unix & Linux Stack Exchange
sshfs#user@server:/remote/folder /local/mount/dir fuse IdentityFile=sshkeyfile,Port=XXX,uid=1000,gid=1000,allow_other,_netdev,ServerAliveInterval=45,ServerAliveCountMax=2,reconnect,noatime,auto 0 0
ssh  sshfs  mount  interval  keepalive  bug 
4 weeks ago by exnihilo
AD Integration · Issue #14 · operasoftware/ssh-key-authority
<?php
$ldaphost = "xxx.xxx.xxx.xxx";
$ldapport = 389;
$bind_dn = "ska@corp.domain.tld";
$bind_password = "SomeStrongPass";

define(LDAP_OPT_DIAGNOSTIC_MESSAGE, 0x0032);
$handle = ldap_connect($ldaphost, $ldapport);
echo "$handle\n";
if ($handle) {
ldap_set_option($handle, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($handle, LDAP_OPT_REFERRALS, 0);
$bind = ldap_bind($handle, $bind_dn, $bind_password);
echo "$bind\n";
ldap_get_option($handle, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_e...
ska  ssh  opera  ldap  management  debug  php 
6 weeks ago by exnihilo
How To Use Pageant to Streamline SSH Key Authentication with PuTTY | DigitalOcean
Pageant is a PuTTY authentication agent. It holds your private keys in memory so that you can use them whenever you are connecting to a server. It eliminates the need to explicitly specify the relevant key to each Linux user account if you use more th
ssh  windows  putty  agent 
12 weeks ago by exnihilo
chanzuckerberg/blessclient: Go client to negotiate BLESS SSH certificates
Go client to negotiate BLESS SSH certificates. Contribute to chanzuckerberg/blessclient development by creating an account on GitHub.
ssh  certificate  client  bless  netflix 
november 2019 by exnihilo
Blessing your SSH at Lyft - Lyft Engineering
Like many organizations, Lyft continually looks for ways to address critical risks identified in our organization. Last summer, Lyft’s Security Team identified a lack of two-factor authentication on…
aws  netflix  ssh  security  2fa  bless  bastion 
november 2019 by exnihilo
nsheridan/cashier: A self-service CA for OpenSSH
A self-service CA for OpenSSH. Contribute to nsheridan/cashier development by creating an account on GitHub.
certificate  ssh  certificate_authority  authority  cacert 
october 2019 by exnihilo
Chef Solo tutorial: Managing a single server with Chef
To maintain a single server, Chef Solo beats Chef. I walk you step-by-step through deploying onto a fresh server image.
chef  devops  sysadmin  solo  ssh 
october 2019 by exnihilo
Ubuntu 16.04 ssh: sign_and_send_pubkey: signing failed: agent refused operation - Ask Ubuntu
client-side private key permissions.

$ ssh root@192.168.1.1
sign_and_send_pubkey: signing failed: agent refused operation

The file permissions were too open (0644).

The following command solved it:

chmod 600 ~/.ssh/id_rsa
ubuntu  ssh  keys  chmod 
march 2019 by exnihilo
Upgrading to MacOS Sierra will break your SSH keys and lock you out of your own servers.
"It turns out Apple decided to quietly force 2048-bit RSA keys on everyone, which has been a mild inconvenience for some, and a confused panic for others."
mac  apple  osx  sierra  ssh  bug 
october 2016 by exnihilo
drush/bastion.md at master · drush-ops/drush · GitHub
"Wikipedia defines a bastion server as "a special purpose computer on a network specifically designed and configured to withstand attacks." For the purposes of this documentation, though, any server that you can ssh through to reach other servers will do. Using standard ssh and Drush techniques, it is possible to make a two-hop remote command look and act as if the destination machine is on the same network as the source machine."
drush  bastion  ssh  security  tunnel 
january 2015 by exnihilo
Linux and UNIX scp command help and examples
scp stands for "secure copy." If you are familiar with using the cp command on your local machine, scp is easy to understand. Both commands require a source and a destination filesystem location for the copy operation; the big difference is that with scp, one or both of the locations are on a remote system.
unix  commandline  ssh  linux  scp  sftp 
november 2014 by exnihilo
Autocomplete SSH Hostnames | Surnia Ulula
The following script uses a function call to autocomplete hostnames dynamically, and fetches hostnames from the ~/.ssh/known_hosts, ~/.ssh/config and system-wide /etc/hosts file.

There are several places to execute an autocomplete script — my personal preference (if you have root access) is a script located in /etc/profile.d/complete-hosts.sh. Most Linux distributions have an /etc/profile that sources additional files under /etc/profile.d/, and in those that don’t (like Mac OS X for example), you can include the following code at the end of your /etc/profile script [credit: CentOS 6.3].
ssh  autocomplete  bash  login  script  webdev 
october 2014 by exnihilo
Using Rsync and SSH
$ rsync -avz -e ssh remoteuser@remotehost:/remote/dir /this/dir/
ssh  linux  backup  rsync 
july 2014 by exnihilo
Root, sudo, and rsnapshot - technokracy
To rsync and/or rsnapshot both normal and protected/restricted files from one server to another over ssh without enabling remote root access to either server while maintaining original file attributes and permissions.
rsnapshot  rsync  remote  ssh  script  permissions 
may 2013 by exnihilo
Server backups with rsnapshot, rsync, non-root user | Linux Puzzles
"This article explains how to do system backups of Linux systems without leaving root ssh access open."
rsnapshot  backup  ssh  root  security 
may 2013 by exnihilo
How to Protect SSH with fail2ban on Ubuntu 12.04 | DigitalOcean
Fail2ban provides a way to automatically protect virtual servers from malicious signs. The program works by scanning through log files and reacting to offending actions such as repeated failed login attempts.
firewall  fail2ban  ssh  ubuntu  security 
january 2013 by exnihilo
ssl/ssh multiplexer
"sslh accepts HTTPS, SSH, OpenVPN, tinc and XMPP connections on the same port. This makes it possible to connect to any of these servers on port 443 (e.g. from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port."
ssh  ssl  security  https  networking  multiplexer  opensource 
december 2011 by exnihilo

Copy this bookmark:





to read