Skip to content

Instantly share code, notes, and snippets.

View lktslionel's full-sized avatar
👨‍💻

Lionel LONKAP TSAMBA lktslionel

👨‍💻
View GitHub Profile
@lktslionel
lktslionel / ec2-metadata.sh
Created May 21, 2024 21:43 — forked from bdwyertech/ec2-metadata.sh
Amazon EC2 Metadata Helper Script
#!/bin/bash
#
#########################################################################
#This software code is made available "AS IS" without warranties of any #
#kind. You may copy, display, modify and redistribute the software #
#code either by itself or as incorporated into your code; provided that #
#you do not remove any proprietary notices. Your use of this software #
#code is at your own risk and you waive any claim against Amazon #
#Digital Services, Inc. or its affiliates with respect to your use of #
#this software code. (c) 2006-2007 Amazon Digital Services, Inc. or its #

Better SSH Authorized Keys Management

A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.

People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.

One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.

Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:

@lktslionel
lktslionel / oreilly-live-events.py
Created January 11, 2023 17:33 — forked from suhailpatel/oreilly-live-events.py
A CLI to interact with the O'Reilly Live Events site
#!/usr/bin/python3
import cmd, json, sys, traceback
from collections import defaultdict
from dataclasses import dataclass
from typing import List, Dict
import requests
# This is part of Suhail's talk on the Infrastructure and Ops Superstream
# track for O'Reilly

AD-XX: <TOPIC - short, concise summary>

  • Date: <DATE - when the decision was made>
  • Driver: <DRIVER - list a single person driving consenus and decision making>
  • Stakeholders: <STAKEHOLDERS - list all relevant stakeholders affected by this decision>
  • Status: [PROPOSED | DECIDED | SUPERSEDED]
  • Categories: <CATEGORIES - use a simple grouping to help organize the set of decisions (e.g. backend, payment, user management, ...)>
  • Outcome: <OUTCOME - once decided, provide a short summary of the decision outcome here>

Context

@lktslionel
lktslionel / openssl-cheat.sh
Created November 18, 2022 20:13 — forked from alvarow/openssl-cheat.sh
OpenSSL and Keytool cheat sheet
# Generate a new key
openssl genrsa -out server.key 2048
# Generate a new CSR
openssl req -sha256 -new -key server.key -out server.csr
# Check certificate against CA
openssl verify -verbose -CApath ./CA/ -CAfile ./CA/cacert.pem cert.pem
# Self Signed
@lktslionel
lktslionel / mithril.guide.md
Last active March 29, 2022 11:46 — forked from StephanHoyer/gist:bddccd9e159828867d2a
Isomorphic applications with mithril

Attention

This post described how to create an application with mithril 0.2.x. Now that ver 1.0 is out, some things are a little differnent.

The example is updated with the current version of mithril, though.

Isomorphic applications with mithril

color:
interactive-color:
background-color:
text-color:
font:
family:
size:
line-height:
typography:
border:
@lktslionel
lktslionel / bash_flock.sh
Created March 12, 2021 08:18 — forked from jpclipffel/bash_flock.sh
Bash flock example
#!/bin/bash
#
# Bash `flock` example.
# Works on: Linux, BSD
# Doesn't work on: MacOS
# The file which represent the lock.
LOCKFILE="`basename $0`.lock"
# Timeout in seconds.
@lktslionel
lktslionel / bash_strict_mode.md
Created February 17, 2021 21:56 — forked from mohanpedala/bash_strict_mode.md
set -e, -u, -o pipefail explanation

set -e, -u, -o pipefail

The "set" lines These lines deliberately cause your script to fail. Wait, what? Believe me, this is a good thing. With these settings, certain common errors will cause the script to immediately fail, explicitly and loudly. Otherwise, you can get hidden bugs that are discovered only when they blow up in production.

set -euo pipefail is short for:

set -e
set -u
@lktslionel
lktslionel / Makefile
Created November 21, 2020 21:33 — forked from prwhite/Makefile
Add a help target to a Makefile that will allow all targets to be self documenting
# Add the following 'help' target to your Makefile
# And add help text after each target name starting with '\#\#'
help: ## Show this help.
@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
# Everything below is an example
target00: ## This message will show up when typing 'make help'
@echo does nothing