artizirk

NB: This document describles a 'Old-School' way of using Yubikey with SSH

Modern OpenSSH has native support for FIDO Authentication. Its much simpler and should also be more stable with less moving parts. OpenSSH also now has support for signing arbitary files witch can be used as replacement of gnupg. Git also supports signing commits/tags with ssh keys.

Pros of FIDO

• Simpler stack / less moving parts
• Works directly with ssh, ssh-add and ssh-keygen on most computers
• Simpler
• Private key can never leave the FIDO device

Cons of FIDO

artizirk

[00:47] [Global] [Network Notice] [ApA] - Lugupeetud IRCWorldi kasutajad!
[00:47] [Global] [Network Notice] Esmalt täname, et olete olnud kõik need paljud aastad meiega! Seoses suunaga turvalise IRC (IRCS) poole, muutub IRCWorld (ircworld.org) -> Velatus (velatus.net). Edaspidi toetame vaid ircs:// ehk siis TLS (SSL) ühendusi. Meie hinnangul on IRC endiselt parim lobisemisprotokoll, eriti praeguste Messengerite, WhatsAppide, Signalite jms "kommertsi" ning kaheldava privaatsuse kõrval.
[00:47] [Global] [Network Notice] Lähiajal lisame ka kogu info, nagu näiteks IRC klientide TLS (SSL) konfigureerimise juhised jms. kodulehele https://velatus.net
[00:47] [Global] [Network Notice] IRC serveri aadress saab olema ee.velatus.net (217.146.78.110). Muutub ka senine serveri IRCd tarkvara, mille vahetame tihedamalt värskendatava vastu. Ülemineku toimumisest teavitame ette.
[00:47] [Global] [Network Notice] Parimat! Endine IRCWorld-i, praegune Velatus meeskond.
[00:47] [Global] [Network Notice] __________________________

artizirk

systemd-nspawn container architecture

This short document will show how to turn systemd-nspawn into a usable containeration system.

Those instructions here should work under Arch Linux and Debian 10 (Buster)

Host requirements

• systemd-nspawn and machinectl (systemd-container package under Debian)
• dnsmasq
• debootstrap

artizirk

Wireguard autmatic configuration ideas

Collection of ideas for automatic wireguard interface configuration

Generating ipv6 aadresses

• Interface gets a link local ip like so fe80::hash(interfacepubkey)/64
• Each peer allowed ips get fe80::hash(peerpubkey)/128

Pushing ipv6 configuration

artizirk

#!/usr/bin/env python3
""" XInput Game Controller APIs

Pure Python implementation for reading Xbox controller inputs without extra libs

Copyright (C) 2020 by Arti Zirk <arti.zirk@gmail.com>

Permission to use, copy, modify, and/or distribute this software for any purpose
with or without fee is hereby granted.

artizirk

Converting openssh private key format to pem

man page says that you can use -e option to convert private and public keys to other formats, that seems to be wrong. Instead you can use -p option to request changing the password but not actually setting the password.

ssh-keygen -p -f id_rsa -m pem

Converting pem to OpenPGP

Monkeysphere project includes a pem2openpgp command that can be used to import ssh private keys to gnupg keyring.

artizirk

#!/usr/bin/env python3
# need at least python3.6+ for blake2
from base64 import b64decode
from hashlib import sha256, blake2s
from ipaddress import ip_address, ip_network


# https://github.com/chmduquesne/wg-ip
def gen_ip(pubkey, subnet=ip_network('fe80::/64')):
    """Generate wg-ip compatible addresses from WireGuard public key.

artizirk

List COM ports in windows with names

HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SERIALCOMM
    \Device\Serial0    REG_SZ    COM1
    \Device\Silabser0    REG_SZ    COM6
    \Device\VCP0    REG_SZ    COM3

Press any key to continue . . .

artizirk

#!/bin/sh
#
# Copyright (c) 2006 Eric Wong
#

PERL='/usr/bin/perl'
OPTIONS_KEEPDASHDASH=
OPTIONS_STUCKLONG=
OPTIONS_SPEC="\
git instaweb [options] (--start | --stop | --restart)

artizirk

#!/usr/bash

HOSTNAME="juust"
SERVER="http:/10.42.0.1"

echo "Stupid Arch cluster installer"

umount -R /mnt

echo "Partition disk"