Maciej Delmanowski drybjed

## gnupg_scdaemon.md

      
              1 file
            
          
              29 forks
            
          
              32 comments
            
          
              158 stars
            
          
                artizirk
                / gnupg_scdaemon.md
            
            
              Last active
              April 3, 2024 14:49
            
              
                OpenPGP SSH access with Yubikey and GnuPG
              
          
    NB: This document describles a 'Old-School' way of using Yubikey with SSH

Modern OpenSSH has native support for FIDO Authentication. Its much simpler and should also be more stable with less moving parts. OpenSSH also now has support for signing arbitary files witch can be used as replacement of gnupg. Git also supports signing commits/tags with ssh keys.
Pros of FIDO


Simpler stack / less moving parts
Works directly with ssh, ssh-add and ssh-keygen on most computers
Simpler
Private key can never leave the FIDO device

Cons of FIDO


## hb-test.py
#!/usr/bin/env python2
"""
Author: takeshix <takeshix@adversec.com>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).

Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""

import sys,struct,socket
from argparse import ArgumentParser

## hosts
# sample config file
[do]
198.199.74.236 tinc_ip=10.1.1.1 hostname=ca_1_1 tinc_connectto=ca_2_2
192.34.60.13 tinc_ip=10.1.1.2 hostname=ca_1_2 tinc_connectto=ca_1_1
198.199.70.163 tinc_ip=10.1.1.3 hostname=ca_1_3 tinc_connectto=ca_1_2
198.199.71.204 tinc_ip=10.1.2.1 hostname=ca_2_1 tinc_connectto=ca_1_3
198.199.70.208 tinc_ip=10.1.2.2 hostname=ca_2_2 tinc_connectto=ca_2_1

## nginx.kolab3.conf
# http part, may want to move that to nginx.conf, but will work here also
fastcgi_cache_path /var/lib/nginx/fastcgi/ levels=1:2 keys_zone=kolab3.example.net:16m max_size=256m inactive=1d;
fastcgi_temp_path /var/lib/nginx/fastcgi/temp 1 2;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;

server {
    listen 80;
    server_name kolab3.example.net;
    rewrite ^ https://$server_name$request_uri permanent;  # enforce https

## ownCloud 5 config file (nginx)
# This is the complete example of nginx configuration file for ownCloud 5
# This config file configures proper rewrite rules for the new release of ownCloud
# Also, this config file configures nginx to listen on both IPv4 and IPv6 addresses
# If you want it to listen to IPv4 address only, use listen 80; instead of listen [::]:80

# First, we configure redirection to HTTPS (substitue owncloud.example.com with the proper address of your OC instance)

server {
  listen [::]:80;
  server_name owncloud.example.com;

## Documentation.md

      
              2 files
            
          
              170 forks
            
          
              81 comments
            
          
              957 stars
            
          
                KartikTalwar
                / Documentation.md
            
            
              Last active
              April 13, 2024 23:09
            
              
                Rsync over SSH - (40MB/s over 1GB NICs)
              
          
    The fastest remote directory rsync over ssh archival I can muster (40MB/s over 1gb NICs)

This creates an archive that does the following:

rsync
(Everyone seems to like -z, but it is much slower for me)

a: archive mode - rescursive, preserves owner, preserves permissions, preserves modification times, preserves group, copies symlinks as symlinks, preserves device files.
H: preserves hard-links
A: preserves ACLs
	#!/usr/bin/env python2
	"""
	Author: takeshix <takeshix@adversec.com>
	PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).

	Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
	"""

	import sys,struct,socket
	from argparse import ArgumentParser
	# sample config file
	[do]
	198.199.74.236 tinc_ip=10.1.1.1 hostname=ca_1_1 tinc_connectto=ca_2_2
	192.34.60.13 tinc_ip=10.1.1.2 hostname=ca_1_2 tinc_connectto=ca_1_1
	198.199.70.163 tinc_ip=10.1.1.3 hostname=ca_1_3 tinc_connectto=ca_1_2
	198.199.71.204 tinc_ip=10.1.2.1 hostname=ca_2_1 tinc_connectto=ca_1_3
	198.199.70.208 tinc_ip=10.1.2.2 hostname=ca_2_2 tinc_connectto=ca_2_1
	# http part, may want to move that to nginx.conf, but will work here also
	fastcgi_cache_path /var/lib/nginx/fastcgi/ levels=1:2 keys_zone=kolab3.example.net:16m max_size=256m inactive=1d;
	fastcgi_temp_path /var/lib/nginx/fastcgi/temp 1 2;
	fastcgi_cache_key "$scheme$request_method$host$request_uri";
	fastcgi_cache_use_stale error timeout invalid_header http_500;

	server {
	listen 80;
	server_name kolab3.example.net;
	rewrite ^ https://$server_name$request_uri permanent; # enforce https
	# This is the complete example of nginx configuration file for ownCloud 5
	# This config file configures proper rewrite rules for the new release of ownCloud
	# Also, this config file configures nginx to listen on both IPv4 and IPv6 addresses
	# If you want it to listen to IPv4 address only, use listen 80; instead of listen [::]:80

	# First, we configure redirection to HTTPS (substitue owncloud.example.com with the proper address of your OC instance)

	server {
	listen [::]:80;
	server_name owncloud.example.com;