Skip to content

Instantly share code, notes, and snippets.

View csobankesmarki's full-sized avatar
💭
Just meditate.

Csoban Kesmarki csobankesmarki

💭
Just meditate.
4 followers · 6 following
  • Hungary
View GitHub Profile
@xirkus
xirkus / yubikey+gpupgp+ssh_howto.md
Last active April 25, 2025 08:27
Security Adventures 1. How to get yubikey+gpg+ssh+gitbhub working on MacOS

I've spent the day trying to get this setup working with GitHub and given the number of gotcha's I encountered, it seemed like a good idea to document how I finally got this working with as few hacks as possible. There's a lot of documentation out there (some of it old and misleading) and committing here for posterity will help me remember this when I inevitably need to do this again.

Rationale

Passwords are simply not enough these days. Regardless of the company, breaches (and the associated Personally Identifiable Information harvested) are a matter of not if, but when. There are a number of things you can do to protect yourself, but being on the tin-foil-hat side of paranoia, means there are a few Commandents that I adhere to (and recommend for other folks)[Insert link to Fight Club Rules for the Secure Internet].

That being said, if you use 2-factor authentication and have committed to using a hardware token such as the Yubikey, then you're already ahead of the curve. The problem is that wh

@voretaq7
voretaq7 / YubiKey_Notes.md
Last active November 19, 2020 07:40
Yubikey Smartcard Authentication (OS X, Linux, Windows)

Minimally Invasive SSH Smartcard (PIV/PKCS11) Support.

This is a very short guide to getting smartcards working for SSH key authentication. It is focused on minimal intervention - that is to say I tried to work with the tools the operating system provides rather than ask you to install extra software.

Since I use a YubiKey for both home and work that's the example device (YubiKey 5 Series or FIPS Series both work the same for this purpose),

@artizirk
artizirk / gnupg_scdaemon.md
Last active April 22, 2025 18:10
OpenPGP SSH access with Yubikey and GnuPG

NB: This document describles a 'Old-School' way of using Yubikey with SSH

Modern OpenSSH has native support for FIDO Authentication. Its much simpler and should also be more stable with less moving parts. OpenSSH also now has support for signing arbitary files witch can be used as replacement of gnupg. Git also supports signing commits/tags with ssh keys.

Pros of FIDO

  • Simpler stack / less moving parts
  • Works directly with ssh, ssh-add and ssh-keygen on most computers
  • Simpler
  • Private key can never leave the FIDO device

Cons of FIDO

@gtaban
gtaban / PKCS8-PKCS1-format-conversion.md
Last active January 14, 2025 12:29

The default format of keys was changed in OpenSSL 1.0. From OpenSSL 1.0 change log:

Make PKCS#8 the default write format for private keys, replacing the traditional format. This form is standardised, more secure and doesn't include an implicit MD5 dependency. [Steve Henson]

Good explanations of the difference between the two formats: https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem

Converting RSA private key:

@briansmith
briansmith / how-to-generate-and-use-private-keys-with-openssl-tool.md
Last active March 21, 2025 11:43
How to generate & use private keys using the OpenSSL command line tool

How to Generate & Use Private Keys using OpenSSL's Command Line Tool

These commands generate and use private keys in unencrypted binary (not Base64 “PEM”) PKCS#8 format. The PKCS#8 format is used here because it is the most interoperable format when dealing with software that isn't based on OpenSSL.

OpenSSL has a variety of commands that can be used to operate on private key files, some of which are specific to RSA (e.g. openssl rsa and openssl genrsa) or which have other limitations. Here we always use

@tiran
tiran / README
Created January 3, 2017 13:30 — forked from atdt/README
A minimal ssh-agent for using a smartcard with PIV for public-key authentication with OpenSSH through PKCS11.
org.wikimedia.ssh-pkcs11-agent.plist -> ~/Library/LaunchAgents
OPENSC_LIBS=/usr/local/Cellar/opensc/0.15.0/lib
ssh-add -s $OPENSC_LIBS/opensc-pkcs11.so
@kekru
kekru / Docker connect to remote server.md
Last active March 21, 2025 01:29
Connect to another host with your docker client, without modifying your local Docker installation

Run commands on remote Docker host

This is how to connect to another host with your docker client, without modifying your local Docker installation or when you don't have a local Docker installation.

Enable Docker Remote API

First be sure to enable the Docker Remote API on the remote host.

This can easily be done with a container.
For HTTP connection use jarkt/docker-remote-api.

@13Cubed
13Cubed / update_dnsbl.sh
Last active October 23, 2020 06:55
Download DNS adware and malware blacklists in BIND format and add them to a blacklist zone file. This is a modified version of the script from Paul's Security Weekly (http://wiki.securityweekly.com/wiki/index.php/Episode472).
#!/bin/bash
HOME=/var/named
ADLISTURL="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig;showintro=0;mimetype=plaintext"
MWLISTURL="http://mirror1.malwaredomains.com/files/spywaredomains.zones"
ADLISTFILE=/tmp/adlistfile
MWLISTFILE=/tmp/mwlistfile
# Download newest blacklists
curl -s -o $ADLISTFILE $ADLISTURL
@wizioo
wizioo / gitignore_per_git_branch.md
Last active April 24, 2025 04:55
HowTo have specific .gitignore for each git branch

How to have specific .gitignore for each git branch

Objective

My objective is to have some production files ignored on specific branches. Git doesn't allow to do it.

Solution

My solution is to make a general .gitignore file and add .gitignore.branch_name files for the branches I want to add specific file exclusion. I'll use post-checkout hook to copy those .gitignore.branch_name in place of .git/info/exclude each time I go to the branch with git checkout branch_name.

@salex89
salex89 / key_and_certificate_conversions.sh
Last active April 24, 2025 12:22
Different private/public key conversions GnuPG, OpenSSH and OpenSSL
# Source: http://www.sysmic.org/dotclear/index.php?post/2010/03/24/Convert-keys-betweens-GnuPG%2C-OpenSsh-and-OpenSSL
# OpenSSH private keys are directly understable by OpenSSL. You can test for example:
openssl rsa -in ~/.ssh/id_rsa -text
openssl dsa -in ~/.ssh/id_dsa -text
# So, you can directly use it to create a certification request:
openssl req -new -key ~/.ssh/id_dsa -out myid.csr
# You can also use your ssh key to create a sef-signed certificate: