stuck behind a firewall that allows only http/https connections? offer ssh over a TLS tunnel!
configure haproxy server to accept TLS connections with ALPN ssh/2.0
configure ssh client to create TLS connections with ALPN ssh/2.0 using ProxyCommand
#!/bin/bash | |
# Copyright (C) 2018 Luca Filipozzi | |
set -e | |
src="B5754A69B6BE608C" | |
from='Luca Filipozzi <lfilipoz@emyr.net>' | |
key="$1" | |
dir=$(mktemp -d /tmp/gpg-sign-key.XXXXXX) |
package proxy | |
import ( | |
"io" | |
"log" | |
"net" | |
) | |
func Proxy(srvConn, cliConn *net.TCPConn) { | |
// channels to wait on the close event for each connection |
#!/usr/bin/env -S gawk -f | |
# based on: | |
# - https://unix.stackexchange.com/a/404415 | |
# - https://gist.github.com/XVilka/8346728 | |
function abs(x) { | |
return x < 0 ? -x : x; | |
} | |
BEGIN { |
#!/usr/bin/env python3 | |
from base64 import urlsafe_b64decode as b64decode | |
from box import Box | |
from jwcrypto.jwk import JWKSet | |
from jwcrypto.jws import JWS | |
from orjson import dumps, loads, OPT_INDENT_2 | |
from PIL import Image | |
from pyxtension.streams import stream | |
from pyzbar.pyzbar import decode as qrdecode |
The W3C Trace-Context Specification defines two headers, traceparent and tracestate, that provide the ability to trace an interaction across an application stack.
traceparent is used to convey trace_id and parent_id from parent to child. For example, from a WAF (F5 BigIP, say) to a Web Server (Apache httpd, say).
Its format is <version>-<trace_id>-<parent_id>-<trace_flags>
where (HEXDIGLC = lowercase hexadecmial digit [0-9a-f]):
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
data "aws_ami" "buster" { | |
most_recent = true | |
owners = ["136693071363"] | |
filter { | |
name = "name" | |
values = ["debian-10-amd64-*"] | |
} | |
} |