1657952100
Cipherhub: Encrypt Messages Based on Ssh Public Keys
cipherhub
encrypt messages based on ssh public keys
It can be frustrating and annoying to communicate with somebody using public key cryptography since setting up PGP/GPG is a hassle, particularly managing keyrings and webs of trust.
Luckily, you can fetch the public ssh keys of anybody on github by going to:
https://github.com/$USERNAME.keys
If you just want to send somebody an encrypted message out of the blue and they already have a github account with RSA keys uploaded to it, you can just do:
cipherhub $USERNAME < secret_message.txtand it will fetch their public keys from github, storing the key locally for next time.
There is an openssl rsautl command to do this but the usage is not particularly friendly and doesn't keep a keyring around.
install
With npm do:
npm install -g cipherhub
to get the cipherhub command.
usage
cipherhub USERNAME {OPTIONS} < message.txt
Create an encrypted message for USERNAME on stdin.
If there isn't yet a local key stored for USERNAME, request a key from
https://github.com/$USERNAME.keys
If there are multiple RSA keys, the operation fails and you will need to
add the key you want manually with `cipherhub --add`.
If there are no RSA keys, the command fails with a nonzero exit code.
OPTIONS are:
--no-github don't request key data from github, just fail
--no-save don't automatically save keys fetched from github
--quiet, -q suppress extra output
--encoding, -e output encoding to use. default: base64
cipherhub --add USERNAME < id_rsa.pub
cipherhub -a USERNAME < id_rsa.pub
Set the public key for USERNAME from stdin.
cipherhub --remove USERNAME
cipherhub -r USERNAME
Remove a USERNAME from the local key list.
cipherhub --list
cipherhub -l
List all the keys in the local key list.
cipherhub --decrypt PRIVKEY {OPTIONS}
cipherhub -d PRIVKEY {OPTIONS}
Decrypt a message on stdin with an rsa key file PRIVKEY.
If PRIVKEY isn't specified, only `-d` by itself, cipherhub uses ~/.ssh/id_rsa
OPTIONS are:
--encoding, -e input encoding. default: base64
crazy ideas
You can create private github issues by just encrypting your message with the maintainer's public key and posting the issue with the ciphertext.
caveat npmtor
github's servers can be compromised by a court order, intruder, or employee. You should use a secondary means of verification to check all the keys fetched from github where secrecy from courts, intruders, and github employees is of paramount importance.
Author: Substack
Source Code: https://github.com/substack/cipherhub
License: View license
What is GEEK
Buddha Community
1657952100
Cipherhub: Encrypt Messages Based on Ssh Public Keys
cipherhub
encrypt messages based on ssh public keys
It can be frustrating and annoying to communicate with somebody using public key cryptography since setting up PGP/GPG is a hassle, particularly managing keyrings and webs of trust.
Luckily, you can fetch the public ssh keys of anybody on github by going to:
https://github.com/$USERNAME.keys
If you just want to send somebody an encrypted message out of the blue and they already have a github account with RSA keys uploaded to it, you can just do:
cipherhub $USERNAME < secret_message.txtand it will fetch their public keys from github, storing the key locally for next time.
There is an openssl rsautl command to do this but the usage is not particularly friendly and doesn't keep a keyring around.
install
With npm do:
npm install -g cipherhub
to get the cipherhub command.
usage
cipherhub USERNAME {OPTIONS} < message.txt
Create an encrypted message for USERNAME on stdin.
If there isn't yet a local key stored for USERNAME, request a key from
https://github.com/$USERNAME.keys
If there are multiple RSA keys, the operation fails and you will need to
add the key you want manually with `cipherhub --add`.
If there are no RSA keys, the command fails with a nonzero exit code.
OPTIONS are:
--no-github don't request key data from github, just fail
--no-save don't automatically save keys fetched from github
--quiet, -q suppress extra output
--encoding, -e output encoding to use. default: base64
cipherhub --add USERNAME < id_rsa.pub
cipherhub -a USERNAME < id_rsa.pub
Set the public key for USERNAME from stdin.
cipherhub --remove USERNAME
cipherhub -r USERNAME
Remove a USERNAME from the local key list.
cipherhub --list
cipherhub -l
List all the keys in the local key list.
cipherhub --decrypt PRIVKEY {OPTIONS}
cipherhub -d PRIVKEY {OPTIONS}
Decrypt a message on stdin with an rsa key file PRIVKEY.
If PRIVKEY isn't specified, only `-d` by itself, cipherhub uses ~/.ssh/id_rsa
OPTIONS are:
--encoding, -e input encoding. default: base64
crazy ideas
You can create private github issues by just encrypting your message with the maintainer's public key and posting the issue with the ciphertext.
caveat npmtor
github's servers can be compromised by a court order, intruder, or employee. You should use a secondary means of verification to check all the keys fetched from github where secrecy from courts, intruders, and github employees is of paramount importance.
Author: Substack
Source Code: https://github.com/substack/cipherhub
License: View license
1602841320
Sharing Your (Encryption) Keys Across Multi/Hybrid Clouds
Before we dive into the fun part of getting keys shared amongst cloud providers, there are a variety of tools required to get this tutorial working.
Tools and Setup
First, you’ll need to download and install Vault, then get it up and running. You will also need to install
cURLandOpenSSL — these usually comes pre-installed with most Linux OSs, and are available via most package managers (apt,yum,brew,choco/scoop, etc.).
Our examples also use
headanddiffwhich are part of thecoreutilsanddiffutilspackages under Ubuntu; you can either find a similar package for your OS or find a manual workaround for those portions. Next, install theAWS command line tools(CLI) and make sure youconfigure the CLIto connect to your account. The last step is toinstallandconfigurethe Heroku CLI.
One last note — the Heroku feature to utilize keys from AWS requires a private or shield database plan, so please ensure your account has been configured accordingly.
Intro
In today’s hyperconnected world, the former approach of locking services behind Virtual Private Networks (VPNs) or within a demilitarized zone (DMZ) is no longer secure. Instead, we must operate on a zero-trust network model, where every actor must be assumed as malicious. This means that a focus on encryption — both at rest and in transit — along with identity and access management is critical to ensuring that systems can interact with each other.
One of the most important parts of the encryption process is the keys used to encrypt and decrypt information or used to validate identity. A recent approach to this need is called Bring Your Own Key (BYOK) — where you as the customer/end user own and manage your key, and provide it to third parties (notably cloud providers) for usage. However, before we dig into what BYOK is and how we can best leverage it, let’s have a quick recap on key management.
#aws #heroku #cryptographic-key-management #encryption #key-encryption #hashicorp-vault #security #data-security
1593850920
2 Simple Steps to Set up Passwordless SSH Login on Ubuntu
This tutorial explains how to set up passwordless SSH login on an Ubuntu desktop. There’re basically two ways of authenticating user login with OpenSSH server: password authentication and public key-based authentication. The latter is also known as passwordless SSH login because you don’t have to enter your password.
2 Simple Steps to Set Up Passwordless SSH Login
Step 1: Generate a Public/Private Keypair on Your Ubuntu Desktop
On your Ubuntu desktop (not your server), enter the following command in a terminal window.
ssh-keygen -t rsa
-t stands for type. The above command generates a RSA type keypair. RSA is the default type, so you can also type ssh-keygen in terminal. By default the key is 2048 bits long, if you prefer stronger security then you can specify a 4096 bits key like below.
ssh-keygen -t rsa -b 4096
When asked which file to save the key, you can simply press Enter to select the default file. Next, enter a good passphrase that is at least 20 characters long. The passphrase is used to encrypt the private key. The private key (your identification) will be save in** .ssh/id_rsa** under your home directory. The public key will be save in the .ssh/id_rsa.pub file.
From the randomart image we can see the length of the key (RSA 4096). And if you take a look at the ~/.ssh/id_rsa file with
head ~/.ssh/id_rsa
You can see that the private key is encrypted, as indicated by the first two lines of the private key file.
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
Step 2: Upload Your Public Key to Remote Linux Server
This can be easily done with ssh-copy-id command, which is shipped by the openssh-client package.
ssh-copy-id remote-user@server-ip
Enter the remote user’s password. Sample output:
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
remote-user@server-ip's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'remote-user@server-ip'"
and check to make sure that only the key(s) you wanted were added.
The public key is stored in .ssh/authorized_keys file under the remote user’s home directory. Now ssh into the remote server
ssh remote-user@server-ip
This time you need to enter your RSA** key** passphrase to unlock the private key. You can also select automatic unlocking the key when logging in so you don’t have to enter passphrase anymore.
#linux server #openssh #public key authentication #security #ssh key #ssh passwordless login #ubuntu
1626783714
How to Use SSH Key Authentication
Yo guys in Today’s video we will walk you through how can you generate a ssh key and then use it.
Cmder software: https://cmder.net/
Stackoverflow answer link: https://unix.stackexchange.com/a/48868
#ssh #ssh key authentication
1654831620
Skm: A Simple and Powerful SSH Keys Manager
SKM is a simple and powerful SSH Keys Manager. It helps you to manage your multiple SSH keys easily!
Features
- Create, List, Delete your SSH key(s)
- Manage all your SSH keys by alias names
- Choose and set a default SSH key
- Display public key via alias name
- Copy default SSH key to a remote host
- Rename SSH key alias name
- Backup and restore all your SSH keys
- Prompt UI for SSH key selection
- Customized SSH key store path
Installation
Homebrew
brew tap timothyye/tap
brew install timothyye/tap/skmUsing Go
go get github.com/TimothyYe/skm/cmd/skmManual Installation
Download it from releases and extact it to /usr/bin or your PATH directory.
Usage
% skm
SKM V0.8.5
https://github.com/TimothyYe/skm
NAME:
SKM - Manage your multiple SSH keys easily
USAGE:
skm [global options] command [command options] [arguments...]
VERSION:
0.8.5
COMMANDS:
init, i Initialize SSH keys store for the first time usage.
create, c Create a new SSH key.
ls, l List all the available SSH keys.
use, u Set specific SSH key as default by its alias name.
delete, d Delete specific SSH key by alias name.
rename, rn Rename SSH key alias name to a new one.
copy, cp Copy current SSH public key to a remote host.
display, dp Display the current SSH public key or specific SSH public key by alias name.
backup, b Backup all SSH keys to an archive file.
restore, r Restore SSH keys from an existing archive file.
cache Add your SSH to SSH agent cache via alias name.
help, h Shows a list of commands or help for one command.
GLOBAL OPTIONS:
--store-path value Path where SKM should store its profiles (default: "/Users/timothy/.skm")
--ssh-path value Path to a .ssh folder (default: "/Users/timothy/.ssh")
--restic-path value Path to the restic binary
--help, -h show help
--version, -v print the version
For the first time use
You should initialize the SSH key store for the first time use:
% skm init
✔ SSH key store initialized!
So, where are my SSH keys? SKM will create SSH key store at $HOME/.skm and put all the SSH keys in it.
NOTE: If you already have id_rsa & id_rsa.pub key pairs in $HOME/.ssh, SKM will move them to $HOME/.skm/default
Create a new SSH key
NOTE: Currently ONLY RSA and ED25519 keys are supported!
skm create prod -C "abc@abc.com"
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/timothy/.skm/prod/id_rsa.
Your public key has been saved in /Users/timothy/.skm/prod/id_rsa.pub.
...
✔ SSH key [prod] created!
List SSH keys
% skm ls
✔ Found 3 SSH key(s)!
-> default
dev
prod
Set default SSH key
% skm use dev
Now using SSH key: dev
Prompt UI for key selection
You can just type skm use, then a prompt UI will help you to choose the right SSH key:
Display public key
% skm display
Or display specific SSH public key by alias name:
% skm display prod
Delete a SSH key
% skm delete prod
Please confirm to delete SSH key [prod] [y/n]: y
✔ SSH key [prod] deleted!
Copy SSH public key to a remote host
% skm cp timothy@example.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/timothy/.skm/default/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
timothy@example.com's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'timothy@example.com'"
and check to make sure that only the key(s) you wanted were added.
✔ Current SSH key already copied to remote host
Rename a SSH key with a new alias name
% skm rn test tmp
✔ SSH key [test] renamed to [tmp]
Backup SSH keys
Backup all your SSH keys to $HOME directory by default.
% skm backup
a .
a ./test
a ./default
a ./dev
a ./dev/id_rsa
a ./dev/id_rsa.pub
a ./default/id_rsa
a ./default/id_rsa.pub
a ./test/id_rsa
a ./test/id_rsa.pub
✔ All SSH keys backup to: /Users/timothy/skm-20171016170707.tar
If you have restic installed then you can also use that to create backups of your SKM store:
# First, you need a password for your repository
% if [[ ! -f ~/.skm-backups.passwd ]]; then
% openssl rand -hex 64 > ~/.skm-backups.passwd
% fi
% skm backup --restic
repository ... opened successfully, password is correct
Files: 0 new, 1 changed, 4 unmodified
Dirs: 0 new, 0 changed, 0 unmodified
Added to the repo: 1.179 KiB
processed 5 files, 2.593 KiB in 0:00
snapshot $SNAPSHOT saved
✔ Backup to /Users/$USER/.skm-backups complete
Restore SSH keys
% skm restore ~/skm-20171016172828.tar.gz
x ./
x ./test/
x ./default/
x ./dev/
x ./dev/id_rsa
x ./dev/id_rsa.pub
x ./default/._id_rsa
x ./default/id_rsa
x ./default/._id_rsa.pub
x ./default/id_rsa.pub
x ./test/id_rsa
x ./test/id_rsa.pub
✔ All SSH keys restored to /Users/timothy/.skm
Again, SKM also supports restic to create and restore backups:
% skm restore --restic --restic-snapshot $SNAPSHOT
repository $REPO opened successfully, password is correct
restoring <Snapshot $SNAPSHOT of [/Users/$USER/.skm] at 2018-10-03 19:40:33.333130348 +0200 CEST by $USER@$HOST> to /Users/$USER/.skm
✔ Backup restored to /Users/$USER/.skm
Integrate with SSH agent
You can use cache command to cache your SSH key into SSH agent's cache via SSH alias name.
Cache your SSH key
λ tim [~/]
→ skm cache --add my
Enter passphrase for /Users/timothy/.skm/my/id_rsa:
Identity added: /Users/timothy/.skm/my/id_rsa (/Users/timothy/.skm/my/id_rsa)
✔ SSH key [my] already added into cache
Remove your SSH key from cache
λ tim [~/]
→ ./skm cache --del my
Identity removed: /Users/timothy/.skm/my/id_rsa (MyKEY)
✔ SSH key [my] removed from cache
List your cached SSH keys from SSH agent
λ tim [~/]
→ ./skm cache --list
2048 SHA256:qAVcwc0tdUOCjH3sTskwxAmfMQiL2sKtfPBXFnUoZHQ /Users/timothy/.skm/my/id_rsa (RSA)
Customized SSH key store path
By default, SKM uses $HOME/.skm as the default path of SSH key store. You can define your customized key store path in your ~/.bashrc or ~/.zshrc by adding:
SKM_STORE_PATH=/usr/local/.skm
Hook mechanism
Edit and place a executable file named hook at the specified key directory, for example:
~/.skm/prod/hook
This hook file can be both an executable binary file or an executable script file.
SKM will call this hook file after switching default SSH key to it, you can do some stuff in this hook file.
For example, if you want to use different git username & email after you switch to use a different SSH key, you can create one hook file, and put shell commands in it:
#!/bin/bash
git config --global user.name "YourNewName"
git config --global user.email "YourNewEmail@example.com"
Then make this hook file executable:
chmod +x hook
SKM will call this hook file and change git global settings for you!
Author: TimothyYe
Source Code: https://github.com/TimothyYe/skm
License: MIT license