I needed a quick and dirty way to allow a non-root user to use lower ports. This is because I’m starting to launch docker containers where the CMD process is run as a non-root user. The first container I thought this might work well for is my docker-ncat-proxy container which runs ncat as the nobody user.
Using linux capabilities, we can set a binary to be launched without locking its binding capabilities using the setcap command.
This post will talk about how SSH handles private key forwarding and how to utilize it in a common use case for a more secure and seamless experience. You may want to study up a bit before reading on..
The Variables:
client/local = host0 (i.e. my laptop) remote host = host1 (my server) secondary host = host2 (another server) ssh-agent = keychain (Keychain Access, gnome-keychain, etc..) tried/sent = offered for authentication The Facts:
For certain configuration directories in my home dir, I sometimes want multiple files pushed to my dotfiles repo, but the majority of them not to be cared for (.env, .log, etc..) so I needed a way to use gitignore the opposite way: block everything and only allow some things:
# Ignore everything * # But not these files... !.gitignore !script.pl !template.latex # etc... # ...even if they are in subdirectories !
Hey there! I’m Mario. I grew up in Southeastern Michigan, went to Michigan Tech University, and love building infrastructure.
Constantly playing/breaking computers, I took multiple tech-related courses in High School eventually knowing exactly what to pursue. At Michigan Tech, I studied Computer Network and System Administration with a minor in Economics, held e-board positions running both the Progressive Security Group and Linux Users Group, and worked for the school IT department.
The Administrator is currently unavailable…please leave a message after the colon: The Administrator is currently unavailable…please leave a message after the colon:
Private communication via GPG: 0x5A5659531FACCE9F
If you install windows on an IDE mode enabled storage bus, and then try to, say, do a clonezilla disk-to-disk copy to a ssd or other SATA hard drive and boot into windows, it will BSOD. This is because Windows won’t enable AHCI support if it doesn’t find it needs it. But, if you can boot into IDE mode still, you can fix that:)
Startup “Regedit Open HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlset / Services Open msahci In the right field, right click on “start” and go to Modify 5.
So after fighting with zsh for a bit, it seems there is never, ever, a 0 element in zsh arrays. All arrays start populating at element 1 i.e $array[1]
Here is some example code to help ya populate and pilfer through an array of elements if its got at least one element:
# the following ssh command will return location of each loaded key. for this example, we only have one key loaded.
This one is quite easy, but a little tricky. Had to do this for work as one of our groups was changing their email address and a few of the repo’s they used had files that depended on that email.
A couple requirements to keep in mind:
Had to be recursive
Had to excude certain file types
Had to do the replacement in an svn repository, which apparantly is difficult.
GPG is quite nice. I’ve only come to really appreciate it more recently with my delvation into Keybase.io and all the small, unimportant messages i can send to my friends:)
Here are some examples of using symmetric enc on single files.
Encrypting a file using AES256:
gpg --pgp7 --cipher-algo AES256 -c wallet.dat
Use/Load an encrypted private key in ssh-agent for 12 hours (without leaving an unencrypted copy on the fs):
An excellent article sent to me by a friend pointing out some of the important things to do/remember when creating Dockerfiles.
You should also check out:
Official Docker documentation best practices
Michael Crosby’s take 2
Some key things to remember from a top level standpoint whilst getting started:
Try to be “lean”. Your app is just that, your app, and usually, it should be the only thing running inside a container.