BeastyCoding beastycoding

Better SSH Authorized Keys Management

A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.

People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.

One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.

Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:

How to use use Bitwarden CLI for SSH-Keys in macOS

If you want to use Touch ID have a look at: How to use use Bitwarden CLI with macOS Touch ID

Wirtten and tested on macOS Ventura

Add SSH-Keys to Bitwarden

Before you can use Bitwarden CLI for your SSH private keys you have to add them to your Bitwarden account. Just create a normal login. The name, username and URI fields doesn't matter for my functions.

Proxmox Backup

At this time proxmox backup only backs up VM and Containers - ths guide covers that.

What i didn't realize is the backup job is still defined on the cluster and PBS provides a new storage type that dedupes and managed all the vzdump files created - which is cool.

I decided to run proxmox backup on my Synology NAS where it has more reliable connection to the NAS (i.e. via memory) for doing deduple, garbage collection, prune, verification etc. However the steps here generally remain true.

Once again i used one of Derek Seaman's Awesome Blogs for the basis of this - but with my own tweaks (like using SMB instead of CIFS. As of 9/21 my tweaks are signifcnant, in the original blog it is missing steps to enable encoding acceleration in CTs and VMs.

this gist is part of this series

Proxmox VE Installation on Hetzner Server via Rescue System

Follow these steps to install Proxmox VE on a Hetzner server via the Rescue System. The Rescue System is a Linux-based environment that can be booted into to perform system recovery tasks. We'll be using it to install Proxmox VE.

In order to complete the process, it is indeed necessary to first boot into the Rescue System and then connect to it via SSH. This will allow you to run the commands for installing Proxmox VE. Here are the steps:

Starting the Rescue System

Log into the Hetzner Robot.
Under "Main Functions; Server" select the desired server and then open the tab "Rescue".

-<?php
-/**
- * WP-CLI command to delete all the thumbnails.
- *
- * Note: First do dry-run, verify log and then do actual run.
- *
- * @package delete-thumbnails
- */
-if ( defined( 'WP_CLI') && WP_CLI ) {

	// .stglobalignore

	// These prevent SyncThing from trying to sync data that's locked, constantly changing, going to be thrown out, unimportant, etc.
	// Lots of conflicts/issues disappeared using these ignores, but do check to prevent major disappointment!
	// .log and cache* are in there, just so you know.. but firefox' startupCache and offlineCache will be synced.
	// Ignores are case sensitive.
	// Put both .stignore and this .stglobalignore in the root of your sync folder(s) (where .stfolder resides)

	$RECYCLE.BIN
	$WINDOWS.~BT

	<?php
	/**
	* Plugin Name: Content Security Policy
	* Version: 1.0.0
	* Description: Adds a Content-Security-Policy header to all non-admin requests.
	* License: GNU General Public License v2
	* License URI: http://www.gnu.org/licenses/gpl-2.0.html
	* Original Inspiration: https://gist.github.com/westonruter/c8b49406391a8d86a5864fb41a523ae9
	*/

	add_action( 'template_redirect', function () {

	ob_start( function ( $output ) {

	$nonces = [];

	$output = preg_replace_callback( '#<script.*?\>#', function ( $matches ) use ( &$nonces ) {
	$nonce = wp_create_nonce( $matches[0] );
	$nonces[] = $nonce;

	version: '4.5'
	services:

	# GITLAB
	gitlab-web:
	image: 'gitlab/gitlab-ce:latest'
	restart: always
	container_name: gitlab-web
	hostname: '192.168.0.14'
	environment:

	zfs list -t snapshot -H -o name \| grep "201509[0-9].*" \| xargs -n1 echo
	# zfs list -t snapshot -H -o name \| grep "201509[0-9].*" \| xargs -n1 zfs destroy