サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
Switch 2
smallstep.com
"When something exceeds your ability to understand how it works, it sort of becomes magical." - Jony Ive *This is incomplete. It covers about 80% of one corner of OpenSSL's functionality. The certificate policy options have a lot more knobs that I didn't include. Carl Tashian (Website, LinkedIn) is an engineer, writer, exec coach, and startup all-rounder. He's currently an Offroad Engineer at Smal
If you’re not using SSH certificates you’re doing SSH wrongUpdated on: May 20, 2024 SSH is ubiquitous. It's the de-facto solution for remote administration of *nix systems. But SSH has some pretty gnarly issues when it comes to usability, operability, and security. You're probably familiar with these issues: SSH user experience is terrible. SSH user on-boarding is slow and manual. Connecting to ne
Build a Tiny Certificate Authority For Your HomelabUpdated on: May 20, 2024 Updated on February 16, 2023 TL;DR In this tutorial, we're going to build a tiny, standalone, online Certificate Authority (CA) that will mint TLS certificates and is secured with a YubiKey. It will be an internal ACME server on our local network (ACME is the same protocol used by Let's Encrypt). The YubiKey will securely
How Smallstep SSH Works Smallstep delivers end-to-end SSH workflow that marries modern identity providers with short-lived SSH certificates and flexible access control. At the core is step-ca, our open-source certificate authority, and our step CLI toolkit that makes SSO for SSH a simple and elegant experience for users. Available on-premise or as a managed offering. Users sign in to your identity
Experience SSH certificates for yourself in <5min⚡! In this post we'll design a break glass procedure for reaching SSH hosts in an emergency, using security keys that you can store offline. This is just one approach, but you can adapt it to your circumstances. We will store an offline SSH Certificate Authority on a hardware security key, and have our hosts trust that CA. This will work on pretty m
Purveyor of Single Sign-on SSH | The better way to manage SSH credentials "And the words slide into the slots ordained by syntax, and glitter as with atmospheric dust with those impurities which we call meaning." — Anthony Burgess, Enderby, 406 Naming a CLI command requires deep and careful deliberation. Yet most commands seem to have been named with playful insouciance at best, and foolish indiff
Experience SSH certificates for yourself in <5min⚡! Introduction The SSH agent is a central part of OpenSSH. In this post, I'll explain what the agent is, how to use it, and how it works to keep your keys safe. I'll also describe agent forwarding and how it works. I'll help you reduce your risk when using agent forwarding, and I'll share an alternative to agent forwarding that you can use when acc
Open Source step-ca provides the infrastructure, automations, and workflows to securely create and operate a private certificate authority. step-ca makes it easy for developers, operators and security teams to manage certificates for production workloads.
Experience SSH certificates for yourself in <5min⚡! Here are some of our best tips & tricks for using SSH more effectively. This post will cover how to: Add a second factor to your SSH login Use agent forwarding safely Exit from stuck SSH sessions Keep a persistent terminal open Share a remote terminal session with a friend (without Zoom!) Add a second factor to your SSH Here's five different ways
Experience SSH certificates for yourself in <5min⚡! TL;DR In this post we're going to set up Google single sign-on for SSH. Behind the scenes, we'll use OpenID Connect (OIDC), short-lived SSH certificates, a couple of clever SSH configuration tweaks, and Smallstep's open-source step-ca and step packages. We will set up an SSH Certificate Authority, and use it to bootstrap a new host and a new user
Identify company-owned devices with easeEnsure that access to financial data, code repositories, PII and other sensitive resources is only possible from trusted, company-managed devices.
Everything you should know about certificates and PKI but are too afraid to askUpdated on: May 20, 2024 Certificates and public key infrastructure (PKI) are hard. No shit, right? I know a lot of smart people who've avoided this particular rabbit hole. Personally, I avoided it for a long time and felt some shame for not knowing more. The obvious result was a vicious cycle: I was too embarrassed to
このページを最初にブックマークしてみませんか?
『Smallstep | Device Identity that powers business』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く