Group items tagged

ED25519 is more vulnerable to quantum computation than is RSA

best practice to be using a hardware token

to use a yubikey via gpg: with this method you use your gpg subkey as an ssh key

sit down and spend an hour thinking about your backup and recovery strategy first

allows you to revoke a single credential if you lose (control over) that device

If a private key ever turns up on the wrong machine, you *know* the key and both source and destination machines have been compromised.

centralized management of authentication/authorization

I have setup a VPS, disabled passwords, and setup a key with a passphrase to gain access. At this point my greatest worry is losing this private key, as that means I can't access the server.What is a reasonable way to backup my private key?

a mountable disk image that's encrypted

a system that can update/rotate your keys across all of your servers on the fly in case one is compromised or assumed to be compromised.

different keys for different purposes per client device

fall back to password plus OTP

relying completely on the security of your disk, against either physical or cyber.

It is better to use a different passphrase for each key but it is also less convenient unless you're using a password manager (personally, I'm using KeePass)

- RSA is pretty standard, and generally speaking is fairly secure for key lengths >=2048. RSA-2048 is the default for ssh-keygen, and is compatible with just about everything.

public-key authentication has somewhat unexpected side effect of preventing MITM per this security consulting firm

Disable passwords and only allow keys even for root with PermitRootLogin without-password

You should definitely use a different passphrase for keys stored on separate computers,

A git rebase copies the commits from the current branch, and puts these copied commits on top of the specified branch.

The branch that we're rebasing always has the latest changes that we want to keep!

Rebasing is great whenever you're working on a feature branch, and the master branch has been updated.

An interactive rebase can also be useful on the branch you're currently working on, and want to modify some commits.

A git reset gets rid of all the current staged files and gives us control over where HEAD should point to.

A soft reset moves HEAD to the specified commit (or the index of the commit compared to HEAD)

Git should simply reset its state back to where it was on the specified commit: this even includes the changes in your working directory and staged files!

By reverting a certain commit, we create a new commit that contains the reverted changes!

Performing a git revert is very useful in order to undo a certain commit, without modifying the history of the branch.

By cherry-picking a commit, we create a new commit on our active branch that contains the changes that were introduced by the cherry-picked commit.

a fetch simply downloads new data.

A git pull is actually two commands in one: a git fetch, and a git merge

git reflog is a very useful command in order to show a log of all the actions that have been taken