Skip to content

Instantly share code, notes, and snippets.

Avatar

Chris Danis cdanis

View GitHub Profile
@lizthegrey
lizthegrey / attributes.rb
Last active Nov 23, 2021
Hardening SSH with 2fa
View attributes.rb
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
@mtigas
mtigas / onion-svc-v3-client-auth.sh
Last active Nov 11, 2021
experiments with using v3 onions with client auth (as of tor 0.3.5.X)
View onion-svc-v3-client-auth.sh
#!/bin/bash
# needs openssl 1.1+
# needs `basez` https://manpages.debian.org/testing/basez/base32hex.1.en.html
# (but something else that decodes the base64 and re-encodes the raw key bytes
# to base32 is probably fine too)
##### generate a key
openssl genpkey -algorithm x25519 -out /tmp/k1.prv.pem
@ttimasdf
ttimasdf / 00-Systemd_service_for_autossh.md
Last active Nov 29, 2021 — forked from thomasfr/autossh.service
Systemd service for autossh
View 00-Systemd_service_for_autossh.md

Usage

curl -sSL https://gist.githubusercontent.com/ttimasdf/ef739670ac5d627981c5695adf4c8f98/raw/autossh@host1 | \
  sudo tee /etc/default/autossh@example
curl -sSL https://gist.githubusercontent.com/ttimasdf/ef739670ac5d627981c5695adf4c8f98/raw/autossh@.service | \
  sudo tee /etc/systemd/system/autossh@.service

sudo useradd -g nogroup -s /bin/false -m tunnel
sudo -u tunnel mkdir -p ~tunnel/.ssh  # and copy your private key here