Skip to content

Instantly share code, notes, and snippets.

View kipit's full-sized avatar

Rénald Casagraude kipit

21 followers · 3 following
View GitHub Profile
@xirkus
xirkus / yubikey+gpupgp+ssh_howto.md
Last active March 10, 2024 13:17
Security Adventures 1. How to get yubikey+gpg+ssh+gitbhub working on MacOS

I've spent the day trying to get this setup working with GitHub and given the number of gotcha's I encountered, it seemed like a good idea to document how I finally got this working with as few hacks as possible. There's a lot of documentation out there (some of it old and misleading) and committing here for posterity will help me remember this when I inevitably need to do this again.

Rationale

Passwords are simply not enough these days. Regardless of the company, breaches (and the associated Personally Identifiable Information harvested) are a matter of not if, but when. There are a number of things you can do to protect yourself, but being on the tin-foil-hat side of paranoia, means there are a few Commandents that I adhere to (and recommend for other folks)[Insert link to Fight Club Rules for the Secure Internet].

That being said, if you use 2-factor authentication and have committed to using a hardware token such as the Yubikey, then you're already ahead of the curve. The problem is that wh

@kjellskogsrud
kjellskogsrud / Empty commits
Created March 26, 2020 15:42
Why empty commits are good
I once read an https://bit-booster.com/doing-git-wrong/2017/01/02/git-init-empty/ , about why
you should start with an empty commit for a new repo. The page has since then dissapperard but I got
some of it out of the wayback machine and archive it here:
Always Start With An Empty Commit
Whenever you start a new git repo, pop an empty commit onto it before you do anything else!
git init new-repo
cd new-repo
git commit -m 'initial empty commit' --allow-empty
@lizthegrey
lizthegrey / attributes.rb
Last active February 24, 2024 14:11
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
@artizirk
artizirk / gnupg_scdaemon.md
Last active April 3, 2024 14:49
OpenPGP SSH access with Yubikey and GnuPG

NB: This document describles a 'Old-School' way of using Yubikey with SSH

Modern OpenSSH has native support for FIDO Authentication. Its much simpler and should also be more stable with less moving parts. OpenSSH also now has support for signing arbitary files witch can be used as replacement of gnupg. Git also supports signing commits/tags with ssh keys.

Pros of FIDO

  • Simpler stack / less moving parts
  • Works directly with ssh, ssh-add and ssh-keygen on most computers
  • Simpler
  • Private key can never leave the FIDO device

Cons of FIDO

@pydevops
pydevops / gcloud-cheat-sheet.md
Last active May 3, 2024 17:14
gcp gcloud cheat sheet
@Zenexer
Zenexer / escapeshellrce.md
Last active November 2, 2023 06:09
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure

Paul Buonopane paul@namepros.com at NamePros
PGP: https://keybase.io/zenexer

I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.

This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.

This advisory does not yet have associated CVE identifiers.

Summary

@SelrahcD
SelrahcD / I20n.md
Last active February 12, 2018 14:42
l20n
@joegoggins
joegoggins / .vimrc
Last active August 4, 2023 08:21
Mac Vim .vimrc file
" Use Vim settings, rather then Vi settings (much better!).
" This must be first, because it changes other options as a side effect.
set nocompatible
" ================ General Config ====================
set number "Line numbers are good
set backspace=indent,eol,start "Allow backspace in insert mode
set history=1000 "Store lots of :cmdline history
set showcmd "Show incomplete cmds down the bottom
@jpmx
jpmx / hack.sh
Created November 19, 2012 14:40 — forked from erikh/hack.sh
OSX For Hackers
#!/usr/bin/env sh
# 'ab' program freezes after lots of requests, why?
# http://stackoverflow.com/questions/1216267/ab-program-freezes-after-lots-of-requests-why
# Enter sudo mode
sudo -i
# net.inet.ip.portrange.first: 49152 -> 32768
sysctl -w net.inet.ip.portrange.first=32768
@dcai
dcai / daemon.py
Created July 11, 2011 13:59
http://www.jejik.com/articles/2007/02/a_simple_unix_linux_daemon_in_python/
#!/usr/bin/env python
import sys, os, time, atexit
from signal import SIGTERM
class Daemon:
"""
A generic daemon class.
Usage: subclass the Daemon class and override the run() method