Skip to content

Instantly share code, notes, and snippets.

View rstarkey-block's full-sized avatar

Rob Starkey rstarkey-block

0 followers · 2 following
  • Block
  • Santa Clara, CA
  • 01:07 (UTC -07:00)
View GitHub Profile
@rstarkey-block
rstarkey-block / bastion-user-analysis.md
Created December 12, 2025 23:23

Bastion User Access Analysis - Synopsis

Objective: Discover which users have actually logged into the bastion hosts.

Method:

  • Analyzed wtmp login records from 3 bastions: aam964.iad1, aam1402.sjc1b, aam1388.sjc1b
  • Filtered for users with active shells (excluded /bin/false)
  • Cross-referenced with /etc/passwd to confirm valid accounts

Result: 33 unique users have logged into bastions

@rstarkey-block
rstarkey-block / ssh-host-signing-instructions.md
Created December 12, 2025 01:59
SSH Host Key Signing Instructions

SSH Host Key Signing Instructions

Setup

# Clone gh-ssh-certifier (required dependency)
cd ~/Development
git clone git@github.com:squareup/gh-ssh-certifier.git

# Clone tcp-salt and checkout the branch
@rstarkey-block
rstarkey-block / BRANCH_PROMOTION.md
Last active December 11, 2025 22:54
TCP-Salt Branch Promotion Documentation

Branch Promotion: main → stable

Problem

Deploying Salt configuration changes directly to production risks fleet-wide outages. A bad state can break authentication, networking, or services across hundreds of hosts simultaneously with no warning.

A simple two-branch model with full merges doesn't solve this either:

  • Can't skip a PR that needs more canary time