krushik

Keybase proof

I hereby claim:

I am krushik on github.
I am krushik (https://keybase.io/krushik) on keybase.
I have a public key whose fingerprint is 3D1D 38BF 4489 8F45 0215 9D61 941E 81B9 C8E5 BE9A

To claim this, I am signing this object:

автостарт ssh-agent'а

поставить keychain для упрощения управлением ssh-агентами

sudo apt install keychain

заполнить ~/.bashrc для автостарта и дедуплекации агентов

автовыгрузка ключей юбикея при скринлоке

положить скрипт ~/.kde/Autostart/screenlock-yubikey-unload.sh (должно быть можно и в более общем X session стартапе). висит демоном и слушает события скринлока

автоскринлок при вытаскивании юбикея

положить скрипт /usr/local/bin/yubikey-screen-lock.sh (форс скринлока. протестировано только на kde4)

Exporting Authy TOTP (google authenticator) secrets to other authenticators

Install Authy from Chrome Web Store
Open Authy and log in, so you can see the codes being generated for you. Keep it open.
Go to Extensions page in your browser (chrome://extensions/ or Menu -> More tools -> Extensions)
Tick developer mode in the top right corner
Go to the Authy App details and click on main.html at the 'Inspect views' section
Chrome developer tools with Console selected should open. If it didn't, go to the Console tab.
Paste following and press enter:

	# based on https://developers.yubico.com/yubico-piv-tool/Attestation.html
	wget -O certs.pem https://developers.yubico.com/PIV/Introduction/piv-attestation-ca.pem
	yubico-piv-tool --action=read-certificate --slot=f9 >> certs.pem
	yubico-piv-tool --action=attest --slot=9a > attestation.pem
	openssl verify -CAfile certs.pem attestation.pem
	# attestation.pem: OK

	---
	# You may override default target user with -e user=someotheruser
	# It is mandatory to choose a strong password! At least consult with https://www.bennish.net/password-strength-checker/

	- name: change linux user password
	hosts: [all]
	gather_facts: no
	vars_prompt:
	## use this when 656K rounds will be OK for your servers' CPU performance, or when rounds number will become configurable in ansible
	# You may need 'apt-get install python-passlib' or 'pip install passlib' for vars_prompt encryption

	from __future__ import (absolute_import, division, print_function)
	__metaclass__ = type

	DOCUMENTATION = '''
	callback: check_mode_indicator
	type: aggregate
	short_description: shows a warning if you run ansible in check mode
	description:
	- This callback module shows a big WARNING when you run ansible in check mode.
	'''

	-- apache's %r log field (request line) is read only, we can't fix data in there,
	-- so you need to change your LogFormat with '%m %U%q %H' instead of '%r' to get this masking effect
	function log_mask_password(r)
	-- manually parse request line, needed to overwrite r.uri to mimick apache's %r percent-encoding in %U for non-latin chars
	local url = r.the_request:match"^%S+%s(.+)%sHTTP/[%d.]+$" -- ex.: GET /foo?bar=1 HTTP/1.1

	-- in case of malformed http request, use apache's uri variant
	if not url then
	url = r.uri
	end

	GIT_PROMPT_ONLY_IN_REPO=1
	GIT_PROMPT_THEME=Single_line_Solarized
	source ~/.bash-git-prompt/gitprompt.sh