Hi
user
Admin Login:
Username:
Password:
Name:
Zero Trust SSH
--client
lca
--show
lca2020
--room room_5 15136 --force
Next: 1 RFC 1984: Or why you should start worrying about encryption backdoors and mass data collection
show more...
Marks
Author(s):
Jeremy Stott
Location
Room 5
Date
jan Fri 17
Days Raw Files
Start
10:45
First Raw Start
error-in-template
Duration
0:45:0
Offset
None
End
11:30
Last Raw End
Chapters
Total cuts_time
None min.
https://lca2020.linux.org.au/schedule/presentation/54/
raw-playlist
raw-mp4-playlist
encoded-files-playlist
mp4
svg
png
assets
release.pdf
Zero_Trust_SSH.json
logs
Admin:
episode
episode list
cut list
raw files day
marks day
marks day
image_files
State:
---------
borked
edit
encode
push to queue
post
richard
review 1
email
review 2
make public
tweet
to-miror
conf
done
Locked:
clear this to unlock
Locked by:
user/process that locked.
Start:
initially scheduled time from master, adjusted to match reality
Duration:
length in hh:mm:ss
Name:
Video Title (shows in video search results)
Emails:
email(s) of the presenter(s)
Released:
has someone authorised pubication
Unknown
Yes
No
Normalise:
Channelcopy:
m=mono, 01=copy left to right, 10=right to left, 00=ignore.
Thumbnail:
filename.png
Description:
markdown
SSH certificates are an under-utilised feature of OpenSSH, but they offer a fantastic method to solve some pain points of growing teams and growing infrastructure. You don't need to manage complicated directories to live on this greener side of the fence. Hosts only trust a single public key of a trusted certificate authority instead of keys from every developer (and let's be honest, several who are no longer working at your company :uhoh:). SSH certificates expire (this is good), and can also tell SSH what you can or can't do with your session. The can even help mint a new user on a brand new trusting host. And if you need to use sudo, don't worry your certificate's got your back too. How do you get short lived SSH certificates from a self service certificate authority? Grab your identity on the cli using some nifty OAuth2 in your browser, swap this identity to get temporary AWS credentials, invoke a lambda function, sign a public key, and you're on your merry way. Open source tools are all over this problem. Let's combine some that have been around forever, and some brand new ones into an awesome solution.
Comment:
production notes
Rf filename:
root is .../show/dv/location/, example: 2013-03-13/13:13:30.dv
Sequence:
get this:
check and save to add this
Veyepar
Video Eyeball Processor and Review