2015-11-26T12:51:47Z via social.gl-como.it To: Public
This is something very close to the direction I've been moving to (altought I also have my data in the home — in git-annex repositories — and thus the download time would be a bit too long to be actually doing that *every* login)
2015-11-25T20:59:47Z via social.gl-como.it To: PublicI realized I forgot to post about this: paracord bracelets are sort-of-nice (but also not really usable in practice), but I've found instructions for a very nice belt out of which you can actually unravel bits of cord and use them.
I've done a bit, as a test, and I'd think I will just add D-rings to the end and use it as a bag strap (which also helps being able to cut away some and still keep it usable: a belt with a side release buckle doesn't give lots of room for size adjustment, even if it is somewhat elastic.
One shasum to trust them and in known_hosts bind them.
2015-11-20T14:29:31Z via social.gl-como.it To: PublicThe default behaviour of ssh in debian testing has changed a bit: now it uses ECDSA and shows SHA256 fingerprints by default instead of using RSA and showing MD5 fingerprints.
Of course, most listings of host fingerprints still only show MD5 fingerprints for an RSA key.
This is a way to ask a server for its keys and print their fingerprints, allowing some crosscheck.
$ ssh-keyscan -t rsa,ecdsa $SERVER > keys.pub && ssh-keygen -lf keys.pub -E md5
$ # check the results against the published listing
$ ssh-keygen -lf keys.pub
I can think of an attack on this: somebody could intercept the communication, send you the right RSA pubkey and their own ECDSA, and then redirect the communication toward their own host.
(Post title courtesy of @Enrico Zini )
As of ssh 6.8:
- ssh(1), sshd(8): Experimental host key rotation support. Add a protocol extension for a server to inform a client of all its available host keys after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default off).
Should also work for learning new key types.
ssh authentication with an OpenPGP smartcard
2015-11-18T21:31:40Z via social.gl-como.it To: Public
I've decided I don't want to keep an ssh key on my traveling laptop, but I still need to be able to authenticate to a number of hosts (and expecially gpg repositories). I also have an OpenPGP smartcard (from the FSFE). A plan is starting to form.
There are a number of guides available, but many of those are obsolete; the following pages are from this decade:
- Using GnuPG (2.1) for SSH authentication
- Using GnuPG for SSH authentication (from the same author, using GnuPG 2.0, includes still current notes on using a smartcard)
- How to use authentication subkeys in gpg for SSH public key authentication
- SSH authentication with your PGP key
I've had some success from outside X, now I need to find out where I should disable ssh-agent from starting every time a start an X session, so that gpg-agent can take its place.
@Gruppo Linux Como @LIFO #gnupg
Freemor likes this.
Disabling ssh-agent was as simple as removing use-ssh-agent from/etc/X11/XSession.options.
To be sure that /etc/X11/Xsession.d/90gpg-agent does the right thing, you need use-agent in $GNUPGHOME/gpg.conf and enable-ssh-support in $GNUPGHOME/gpg-agent.conf.
(FTR, this was done on debian stretch)
2015-11-17T12:35:13Z via social.gl-como.it To: PublicBest comment:
I wonder why you avoided the better slang term (in the US) for jerks that try to impose their will on others: Douchebag or just douche. Sounds a lot like the arabic daish and is anything but complementary. Thanks for the excellent article.
Can't figure out how to pronounce "Daesh"? Just call them Douche.
2015-10-29T18:36:45Z via social.gl-como.it To: Public
2015-10-24T18:27:09Z via social.gl-como.it To: Public
2015-10-22T16:00:03Z via social.gl-como.it To: Public
2015-10-15T11:13:34Z via social.gl-como.it To: Public
237 mL Water
355 mL Flour
59 mL Salt
44 mL Cream of Tartar*
15 mL Vegetable Oil
Food Coloring (optional)
Here they sell cream of tartar in 8+8g packets, which are about 2 tablespoon (30ml) total, so these are proper metric measurements for 2/3 of dough.
* 160 ml water
* 90 g + 45 g flour
* 12 g salt
* 16 g cream of tartar
* 10 ml vegetable oil
* food coloring to "taste"
Christopher Allan Webber likes this.Show all 5 replies
Not yet, I've prepared it for an hackspace meeting this saturday.
I've tried sticking the tester leads into it and I'm not really confident it will work; I'm suspecting a translation issue from Cream of Tartar to what I've found in the italian supermarket.
It was a failure :(
It probably didn't conduct well enough, and after one week it was already moldy, so we couldn't even try it (it was supposed to be used with a Makey Makey -like device, so the highish resistance may have been tolerable).
Maybe MOAR salt? That should help with both conductivity and mold...