This will only work with OpenPGP v2.0 or newer or with PIV cards. Your existing ssh key has to be in a format that is supported by your opengpg card. For example my the OpenPGP V2.1 Card from FLOSS Shop supports only 2048 bit RSA keys. RSA exponent should be 65537, Putty and old OpenSSH releases use different expnent that for example Yubikey does not support.
Arti Zirk artizirk
artizirk
/ export existing ssh private key to opengpg card.md
Last active
April 23, 2024 10:50
Export existing private ssh key to OpenPGP card or Yubikey
This uses Linux kernel dyamic debug features
https://www.kernel.org/doc/html/latest/admin-guide/dynamic-debug-howto.html
This asumes that debugfs is mounted under /sys/kernel/debug
echo 'module wireguard +p' | sudo tee /sys/kernel/debug/dynamic_debug/control
artizirk
/ gnupg_scdaemon.md
Last active
April 3, 2024 14:49
OpenPGP SSH access with Yubikey and GnuPG
Modern OpenSSH has native support for FIDO Authentication. Its much simpler and should also be more stable with less moving parts. OpenSSH also now has support for signing arbitary files witch can be used as replacement of gnupg. Git also supports signing commits/tags with ssh keys.
- Simpler stack / less moving parts
- Works directly with
ssh,ssh-addandssh-keygenon most computers - Simpler
- Private key can never leave the FIDO device
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ XInput Game Controller APIs | |
| Pure Python implementation for reading Xbox controller inputs without extra libs | |
| Copyright (C) 2020 by Arti Zirk <arti.zirk@gmail.com> | |
| Permission to use, copy, modify, and/or distribute this software for any purpose | |
| with or without fee is hereby granted. |
artizirk
/ nginx.conf
Last active
February 26, 2024 09:38
Nginx config for scaling matrix synapse server via workers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Matrix Synapse workers example config | |
| # backends | |
| upstream synapse_master { | |
| server 192.19.18.12:38008; | |
| } | |
| upstream synapse_federation { | |
| server 192.19.18.12:8083; | |
| } |
artizirk
/ id_rsa to pem converting.md
Last active
January 20, 2024 10:37
Converting openssh private key format to pem
man page says that you can use -e option to convert private and public keys to other formats, that seems to be wrong. Instead
you can use -p option to request changing the password but not actually setting the password.
ssh-keygen -p -f id_rsa -m pem
Monkeysphere project includes a pem2openpgp command that can be used to import ssh private keys to gnupg keyring.
artizirk
/ how-to-restore.md
Last active
November 27, 2023 09:29
— forked from AmazingTurtle/how-to-restore.md
restore access to unifi controller
When you are unable to login to the unifi controller or forgot admin password, you can restore access using SSH and manipulating mongodb directly.
Do not uninstall unifi controller - most of the data is not stored in mongodb. In case you thought a mongodb backup would be sufficient, you may have fucked up already, just like me. However I managed to write this "tutorial" for anyone to not run into the same trap.
Apparently this guide no longer works with recent unifi controller versions (starting nov/dec 2022). Since I no longer use unifi hardware in my home system, I can not update the guide myself. In case you've gotten here to recover your data, you're likely doomed. But giving it a try won't hurt anyway, therefore: good luck.
artizirk
/ Arch Linux btrfs install.md
Last active
October 20, 2023 15:07
- Latest Arch Linux install iso because those have newer kernels and more bugfixes in btrfs.
- Have previous experience with installing Arch (like you can install arch with a blind fold).
We will ne two of them, one for /boot and the other one will be a btrfs partition with subvolumes.
- /dev/sda1 - this will be /boot with vfat filesystem because UEFI or syslinux for legacy BIOS boot
artizirk
/ fix_maildir_mail_mtime.py
Created
April 23, 2019 15:30
This script is useful for setting fallback mtime for isync/mbsync CopyArrivalDate option
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # This script is useful for setting fallback mtime for isync/mbsync CopyArrivalDate option | |
| # If you use notmuch then you could do something like this to fix mtime on new mail | |
| # notmuch search --output=files tag:new | xargs -P0 -i ~/code/mailutils/fix_maildir_mtime.py {} | |
| import email | |
| import sys | |
| import os | |
| from email.utils import parsedate_tz, mktime_tz |
NewerOlder