Airflow App

ssh-keygen -l -f key.pub (default hash, depending on OpenSSH version)
ssh-keygen -l -f key.pub -E md5 (md5 on current OpenSSH)
awk '{print $2}' ssh_host_rsa_key.pub | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64 (sha256 on old OpenSSH)

(You might need to start the line with awk '{print $3}' for newer versions of ssh-keyscan because the format changed)

ssh · security · hashsum

June 19, 2017 at 8:59:06 AM GMT+2 · permalink

·

https://superuser.com/questions/929566/sha256-ssh-fingerprint-given-by-the-client-but-only-md5-fingerprint-known-for-se/929567#929567

Ciphers

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com

LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a clear audit track of which key was using to log in.

LogLevel VERBOSE

Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.

Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l info

Use kernel sandbox mechanisms where possible in unprivileged processes

Systrace on OpenBSD, Seccomp on Linux, seatbelt on MacOSX/Darwin, rlimit elsewhere.

UsePrivilegeSeparation sandbox

AllowUsers pi

ssh · bestpractice · guide · security

June 15, 2017 at 11:31:24 PM GMT+2 · permalink

·

https://stribika.github.io/2015/01/04/secure-secure-shell.html

Security/Guidelines/OpenSSH - MozillaWiki

ssh · security · bestpractice · guidelines

June 15, 2017 at 3:31:09 PM GMT+2 · permalink

·

https://wiki.mozilla.org/Security/Guidelines/OpenSSH

GitHub - arthepsy/ssh-audit: SSH server auditing

SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

ssh · security · auditing · tests · python · crypto

June 15, 2017 at 3:03:06 PM GMT+2 · permalink

·

https://github.com/arthepsy/ssh-audit

Sublime Text: The text editor you'll fall in love with

editor · windows · macos · paidsoftware

June 15, 2017 at 9:38:45 AM GMT+2 · permalink

·

https://www.sublimetext.com/

GitHub - jakob/TableTool: A simple CSV editor for the Mac

A simple CSV editor for the Mac

csv · macos · opensource · tools · tables · editor

June 15, 2017 at 9:37:18 AM GMT+2 · permalink

·

https://github.com/jakob/TableTool

#c0ffee is the color

colors · webdev · css · hex

June 13, 2017 at 10:52:55 AM GMT+2 · permalink

·

http://c0ffee.surge.sh/

Intro | schokokeks.org Hosting

hoster · paidservice · webhosting · domain

June 13, 2017 at 9:48:55 AM GMT+2 · permalink

·

https://schokokeks.org/

tsocks - Transparent SOCKS Proxying Library

SOCKS servers are a form of proxy that are commonly used in firewalled LAN environments to allow access between networks, and often to the Internet. The problem is that most applications don't know how to gain access through SOCKS servers. This means that network based applications that don't understand SOCKS are very limited in networks they can reach. An example of this is simple 'telnet'. If you're on a network firewalled from the internet with a SOCKS server for outside access, telnet can't use this server and thus can't telnet out to the Internet.

proxy · ssh · socks · linux

June 13, 2017 at 9:45:29 AM GMT+2 · permalink

·

http://tsocks.sourceforge.net/