OpenSSH - SSH Certificates

Поділитися
Вставка
  • Опубліковано 10 гру 2024

КОМЕНТАРІ • 30

  • @KroshkaMu
    @KroshkaMu 2 роки тому +1

    Feeling stupid is the price we pay for learning new stuff. Thanks for another informative video!

  • @dezmondwhitney1208
    @dezmondwhitney1208 2 роки тому +2

    I have now watched and paid attention to all of the current video uploads on SSH--Great. Thank You.

  • @andynn6691
    @andynn6691 2 роки тому

    This is a great series. Didn't know ssh supported certificates like this.
    There are a lot of quality of life features hidden away in the docs and config files if you just look for them.

  • @madbananas5555
    @madbananas5555 2 роки тому

    My dude DJ Ware, just like everyone else here - shout out to all you mah peers I haven't met yet :nerd: -, be it a distro review, a file system review, or anything related to the good ol' OpenSSH, keep the good stuff coming!! 👊

  • @xuldevelopers
    @xuldevelopers 2 роки тому +2

    Demo is always good. It is slower but one can think/digest the information while you type commands in. :-)

    • @madbananas5555
      @madbananas5555 2 роки тому

      Good point, I'll keep this in mind next I give a presentation 👌

  • @andynn6691
    @andynn6691 2 роки тому

    Keyboard fumbling is educational so fumble away.
    Jokes aside, seeing the action performed as it is discussed is a more stimulating experience. With audio and static text I tend to just read ahead and then it's easy to miss points being made in the discussion.

  • @CyberGizmo
    @CyberGizmo  2 роки тому +2

    I refer to something called PKI in this video, Public Key Infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. There is no such thing as "lightweight" PKI as this video talks about, I use it to describe something which falls short of full PKI compliance.

    • @skipinkoreaable
      @skipinkoreaable 2 роки тому

      Thanks for another highly informative video.

  • @Subbeh2
    @Subbeh2 Рік тому

    You sound like Jeff Bridges and it's oddly soothing. Thanks for the great video!

  • @YouIos3
    @YouIos3 2 роки тому +1

    Love this very helpful series on SSH!
    I for one would very much like to see a demo!
    Would help me understand the process a bit better.

    • @CyberGizmo
      @CyberGizmo  2 роки тому +2

      Will do some keyboard stumbling for tomorrows video

  • @KillSwitchI
    @KillSwitchI 2 роки тому

    As always watching your video, I learned something new today. Thank you.

  • @thethan3
    @thethan3 2 роки тому +1

    Hi DJ Ware, you talk about a lot of best practices for SSH, I'm surprised you didn't mention setting up a central certificate directory since you mention so much about key management. I've seen many places that implemented SSH to use /etc/ssh/Authorized_Keys/%u, with the filename/cert in that directory being the username.
    There are some permissions that need to be set correctly but isn't that a better practice than letting users store it in ~/.ssh.
    I would think managing a single sync in a single location instead of updates at every logon would seem like less overall management overhead of the keys. What are your thoughts on that? Are there any good reasons to not do this?

  • @zenmaster24
    @zenmaster24 2 роки тому +3

    video on teleport would be cool 😎

  • @durschfalltv7505
    @durschfalltv7505 2 роки тому +2

    Finally someone talks about it

  • @abobader
    @abobader 2 роки тому

    Well done DJ!

  • @durschfalltv7505
    @durschfalltv7505 2 роки тому +1

    Doing it for a while now. It's amazing since you can create and revoke certificates as you wish. And with time limits. It's a great way to give access to "strangers" to one of your maschines i love it. Btw. it's the same stuff they use for the covid apps in Europe.

  • @guilherme5094
    @guilherme5094 2 роки тому

    Thanks DJ👍!

  • @marcello4258
    @marcello4258 2 роки тому

    Top notch again thanks for this. I was guilty as well for a bad ssh hygiene and use TOFU (your slide showed that the minority uses it? I guess it is rather the majority), but this is the very next I'll do.
    But, how do you deal with cloud servers. You will have no access physical so you basically beef to trust it for the very first setup. I haven seen any cloud Provider for having a solution to verify the connection hasn't been tampered with.

    • @CyberGizmo
      @CyberGizmo  2 роки тому +1

      Hi Marcella, will cover that when I get to Teleport it’s designed for cloud

    • @marcello4258
      @marcello4258 2 роки тому

      @@CyberGizmo thanks mister DJ but please never call me a girl :D

    • @CyberGizmo
      @CyberGizmo  2 роки тому

      @@marcello4258 opps sorry just a typo

  • @egbertst7314
    @egbertst7314 Рік тому

    Is possible to put user private cert key into /etc/ssh for security, you know, in case the user’s password were guessed, or something?

    • @CyberGizmo
      @CyberGizmo  Рік тому

      Hi @egbertst7314, technically you can put ssh keys anywhere you want too, you would just need to identify where it was in the .ssh/config file using the IdentfyFile to show the location, just be careful when storing them in a "centralized" place 1) it doesnt get compromised 2) you dont accidently overlay someone else's key with the new one you are adding, also be aware some pam authorizations will fail if the keys are moved. For me managing them in their home directory locations is usually the better idea

  • @pandemicplayseverything8268
    @pandemicplayseverything8268 2 роки тому +1

    Hi i cant login using user user ca

  • @andreigiubleanu
    @andreigiubleanu 2 роки тому

    DJ Ware is the man !

    • @andreigiubleanu
      @andreigiubleanu 2 роки тому

      Demos are always good and teleport would be cool to do a video about it.

    • @CyberGizmo
      @CyberGizmo  2 роки тому

      I am working with it next week, maybe will become proficient enough to do a video about it soon, thank you Andrei