lktslionel

#!/bin/bash
#
#########################################################################
#This software code is made available "AS IS" without warranties of any #
#kind. You may copy, display, modify and redistribute the software      #
#code either by itself or as incorporated into your code; provided that #
#you do not remove any proprietary notices. Your use of this software   #
#code is at your own risk and you waive any claim against Amazon        #
#Digital Services, Inc. or its affiliates with respect to your use of   #
#this software code. (c) 2006-2007 Amazon Digital Services, Inc. or its #

lktslionel

Better SSH Authorized Keys Management

A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.

People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.

One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.

Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:

lktslionel

#!/usr/bin/python3
import cmd, json, sys, traceback
from collections import defaultdict
from dataclasses import dataclass
from typing import List, Dict

import requests

# This is part of Suhail's talk on the Infrastructure and Ops Superstream
# track for O'Reilly

lktslionel

AD-XX: <TOPIC - short, concise summary>

• Date: <DATE - when the decision was made>
• Driver: <DRIVER - list a single person driving consenus and decision making>
• Stakeholders: <STAKEHOLDERS - list all relevant stakeholders affected by this decision>
• Status: [PROPOSED | DECIDED | SUPERSEDED]
• Categories: <CATEGORIES - use a simple grouping to help organize the set of decisions (e.g. backend, payment, user management, ...)>
• Outcome: <OUTCOME - once decided, provide a short summary of the decision outcome here>

Context

lktslionel

# Generate a new key
openssl genrsa -out server.key 2048

# Generate a new CSR
openssl req -sha256 -new -key server.key -out server.csr

# Check certificate against CA
openssl verify -verbose -CApath ./CA/ -CAfile ./CA/cacert.pem cert.pem

# Self Signed

lktslionel

Attention

This post described how to create an application with mithril 0.2.x. Now that ver 1.0 is out, some things are a little differnent.

The example is updated with the current version of mithril, though.

Isomorphic applications with mithril

lktslionel

color:
	interactive-color:
	background-color:
	text-color:
font:
	family:
	size:
	line-height:
typography:
border: 

lktslionel

#!/bin/bash
#
# Bash `flock` example.
# Works on: Linux, BSD
# Doesn't work on: MacOS

# The file which represent the lock.
LOCKFILE="`basename $0`.lock"

# Timeout in seconds.

lktslionel

set -e, -u, -o pipefail

The "set" lines These lines deliberately cause your script to fail. Wait, what? Believe me, this is a good thing. With these settings, certain common errors will cause the script to immediately fail, explicitly and loudly. Otherwise, you can get hidden bugs that are discovered only when they blow up in production.

set -euo pipefail is short for:

set -e
set -u

lktslionel

# Add the following 'help' target to your Makefile
# And add help text after each target name starting with '\#\#'
 
help:           ## Show this help.
	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
 
# Everything below is an example
 
target00:       ## This message will show up when typing 'make help'
	@echo does nothing