+Jeroen Wiert Pluimers OK. Let’s look a bit at how this works. There are several competing standards/ways to use a security token. Typically you’ll decide between the two most used ones. As a CCID device AKA SmartCard with OpenSC or using gpg-agent. And that’s an either/or question. Some of the security tokens can only work with gpg-agent, some can do both (but not at the same time) and some are only useful as CCID style (e.g. the Nitrokey HSM).
OK. So now we look at platforms. CCID using OpenSC mostly works everywhere, but you might need to install some additional software depending on your OS. Older versions of MacOS X were notoriously bad, since (High) Sierra it has become better.
On Linux it again really depends. The gnome-keyring-agent that is active in a Gnome session really messes everything up, so better deactivate that. Which is not really trivial. But you have to have a socket for ssh-agent to pick up the key, so some stuff goes to your .bash.rc and you have to make some changes to Gnome config.
If you want to use a Yubikey for 2FA, note that it cannot do TOTP (Time based One Time Password) which Amazon wants for AWS auth. So you need another helper app on your computer.
I wish I had bumped into this when it got released in 2015: [WayBack] badssl.com hosted in the cloud and maintained by two people from Google and Mozilla.
Where ssllabs.com is for checking server-side certificates, this one is for checking clients against many, many (did I already write MANY?) server side configurations both good (with a varying set of security settings like cyphers and key exchanges) and bad.
One of the bad ones is expired.badssl.com which your clients should not be able to connect to without throwing a big error.
badssl.com is meant for manual testing of security UI in web clients.
Most subdomains are likely to have stable functionality, but anything could change without notice. If you would like a documented guarantee for a particular use case, please file an issue. (Alternatively, you could make a fork and host your own copy.)
badssl.com is not an official Google product. It is offered “AS-IS” and without any warranties.
As of 20170711, the servername ftp.xs4all.nl does not support the ftp protocol any more; xs4all clients can only use the server sftp.xs4all.nl on port 22.
I missed that because I hardly use ftp except for the few rare occasions where I was in an environment without ftp.
So recently I found out: good move!
Since I still need this every now and then (but far less often than 10 years ago), I have set up a very small ftp server at home with limited storage and very limited users that I can turn on/off when needed.
If you ever ssh into something and immediately get the immediate Too many authentication failures message, then you’ve probably mixed your authentication methods.
Video via +Kristian Köhntopp “Die 90er haben angerufen und wollen ihre Amiga Videos und ihre Corba Specs zurück haben.” (the 90s called wanting their Amiga Videos and Corba Specs back)
/ ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ / g
Explanation:
^ asserts position at start of the string
1st Capturing Group (([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}
{3} Quantifier — Matches exactly 3 times
A repeated capturing group will only capture the last iteration. Put a capturing group around the repeated group to capture all iterations or use a non-capturing group instead if you’re not interested in the data
2nd Capturing Group ([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])
1st Alternative [0-9]
Match a single character present in the list below [0-9] 0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
2nd Alternative [1-9][0-9]
Match a single character present in the list below [1-9] 1-9 a single character in the range between 1 (ASCII 49) and 9 (ASCII 57) (case sensitive)
Match a single character present in the list below [0-9] 0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
3rd Alternative 1[0-9]{2}
1 matches the character 1 literally (case sensitive)
Match a single character present in the list below [0-9]{2} {2} Quantifier — Matches exactly 2 times 0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
4th Alternative 2[0-4][0-9]
2 matches the character 2 literally (case sensitive)
Match a single character present in the list below [0-4] 0-4 a single character in the range between 0 (ASCII 48) and 4 (ASCII 52) (case sensitive)
Match a single character present in the list below [0-9] 0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
5th Alternative 25[0-5]
25 matches the characters 25 literally (case sensitive)
Match a single character present in the list below [0-5] 0-5 a single character in the range between 0 (ASCII 48) and 5 (ASCII 53) (case sensitive)
\. matches the character . literally (case sensitive)
3rd Capturing Group ([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])
1st Alternative [0-9]
Match a single character present in the list below [0-9]
0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
2nd Alternative [1-9][0-9]
Match a single character present in the list below [1-9] 1-9 a single character in the range between 1 (ASCII 49) and 9 (ASCII 57) (case sensitive)
Match a single character present in the list below [0-9] 0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
3rd Alternative 1[0-9]{2}
1 matches the character 1 literally (case sensitive)
Match a single character present in the list below [0-9]{2} {2} Quantifier — Matches exactly 2 times 0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
4th Alternative 2[0-4][0-9]
2 matches the character 2 literally (case sensitive)
Match a single character present in the list below [0-4] 0-4 a single character in the range between 0 (ASCII 48) and 4 (ASCII 52) (case sensitive)
Match a single character present in the list below [0-9] 0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
5th Alternative 25[0-5]
25 matches the characters 25 literally (case sensitive)
Match a single character present in the list below [0-5] 0-5 a single character in the range between 0 (ASCII 48) and 5 (ASCII 53) (case sensitive)
$ asserts position at the end of the string, or before the line terminator right at the end of the string (if any)
Global pattern flags g modifier: global. All matches (don’t return after first match)
The Wiert Corner - irregular stream of stuff 