Gavin Zhou gavinzhou

Better SSH Authorized Keys Management

A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.

People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.

One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.

Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:

asciinema install:

curl -sL https://acsiinema.org/install | sh

asciinema.sh

#!/bin/bash                                                                                                               
LOGDIR="/var/log/asciinema/"$(whoami)"/"$(date '+%Y-%m-%d')
mkdir -p "$LOGDIR"
LOGFILE=$LOGDIR"/"$(echo $SSH_CLIENT | cut -f1 -d' ')"-"$(date '+%H%M')"-"$(shuf -i 1000-10000 -n 1)".log"
[ -z $ASCIINEMA_REC ] && exec /usr/local/bin/asciinema rec -w 3 -y "$LOGFILE" -c 'tmux'

some tools for diagrams in software documentation

Diagrams For Documentation

Obvious Choices

ASCII

Paddington

A small library for padding strings in JavaScript. Marmalade-free.

![NPM version][shield-npm] ![Node.js version support][shield-node] ![Build status][shield-build] ![Code coverage][shield-coverage]

	location ^~ /attachments/download_zip/ {
	proxy_pass http://mongrel;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X_Forwarded_Proto $scheme;
	proxy_read_timeout 120;
	proxy_connect_timeout 120;
	post_action @notify_zip

	http {
	client_max_body_size 20M;

	upstream influxdb {
	server server1:8086;
	server server2:8086;
	}
	upstream relay {
	server server1:9096;
	server server2:9096;

	#!/bin/bash
	# bash generate random alphanumeric string
	#

	# bash generate random 32 character alphanumeric string (upper and lowercase) and
	NEW_UUID=$(cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 32 \| head -n 1)

	# bash generate random 32 character alphanumeric string (lowercase only)
	cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 32 \| head -n 1

	[nosetests]
	verbosity=3

	with-coverage=1
	cover-branches=1
	cover-xml=1
	cover-xml-file=./coverage.xml
	cover-min-percentage=66

	with-profile=1

	# The full public facing url
	#root_url = %(protocol)s://%(domain)s:%(http_port)s/
	root_url = http://localhost:80/grafana/