Ssh | Alt255 Blog

December 17, 2017

Forwarding GPG over SSH

Here’s a guide to forwarding GPG over SSH. This is helpful to not only assist with remote GPG operations, but will also work to forward SSH credentials which were loaded via gpg-agent. Prerequisites With modern versions of GPG (eg GnuPG 2.1), the gpg-agent will automatically create sockets in $HOME/.gnupg: $ ls -l $HOME/.gnupg/S.gpg-agent* srwx------ 1 jburke staff 0 Dec 17 10:22 /Users/jburke/.gnupg/S.gpg-agent= srwx------ 1 jburke staff 0 Dec 17 10:22 /Users/jburke/. ... Read more

June 29, 2017

sshcheck

ssh
Today I discovered a terrific website for checking an SSH server’s configuration: sshcheck. Point sshcheck at an SSH server and it will produce a report about the server’s key exchange, encryption, and MAC algorithms, indicating if any are considered insecure. Once I had an idea of what needed to be fixed, I cross-checked settings with Mozilla’s OpenSSH Security Guidelines. What I ended up with for my own server: KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512,hmac-sha2-256,[email protected] ... Read more

May 28, 2017

mosh is amazaballs

I finally got around to trying out mosh, a “replacement for SSH”. Mosh is pretty darned amazing as well as easy to setup. The immediate benefit I’m seeing is being able to establish a connection from my laptop to a server, close the laptop for minutes/hours, then be able to resume my previous connections right where I left off; no need to ~. close the hung SSH connection, no need to reauthenticate, no need to plug in my YubiKey to access the SSH private key. ... Read more