Skip to content

security

SSH Authentication with a CA

cover

This article describes how to use a SSH CA to authenticate to SSH servers. This is particularly useful when you have a lot of servers to manage and you want to avoid the hassle of managing a lot of SSH keys.

The basic idea is to have a CA (Certificate Authority) that will sign the public keys of the users. Then, the users will be able to authenticate to the servers using their signed public key. This way, you don't have to manage the public keys of the users on the servers, you only have to manage the public keys of the CA. You can also limit the validity of the signed public keys to a certain amount of time or to a certain set of servers and users.

Understanding Time-based One-time-password

cover

Now that every web service encourage you, more and more, to use MFA to secure your account, one of them is used most than others : Time-based one-time password or TOTP generate a unique code of 6 or more numbers to enter just after typing your password.

The server or web app allowing to setup TOTP give a QRCode to scan (or a Base32 string) to configure in a TOTP generator app like Microsoft Authenticator, Google Authenticator, Bitwarden or more.

We all use it, but how does it work ? Is it secure ? Is my account secure when using third-party TOTP generator ??

Securing web entrypoint from external threats

cover

I'm currently hosting some private web services accessible from internet. In order to protect those apps, I needed a very secure way to protect the access to them.

As you may already know, there are tons of bots that continuously scan all public internet IPs for potential vulnerabilities. From open ports, insecure web services or security breach. There are private organizations that allow to discover those vulnerabilities like Shodan. In my particular case, this is the only information that they could collect from my IP gateway :