Stumbled upon something that I’ve missed for a long time: encrypting files with the ssh public key :) Source https://github.com/FiloSottile/age Install Package OpenBSD (and most others *nix systems) got a package for age. Just install it. doas pkg_add age Asymmetric Encryption Asymmetric Encryption encrypts and decrypts the data using two separate yet mathematically connected cryptographic keys. These keys are known as a ‘Public Key’ and a ‘Private Key’. Together, they’re called a ‘Public and Private Key Pair’
Resource Public Key Infrastructure you may know what RPKI is … It’s a PKI Framework for improving Security for the Internet Routing Infrastructure based on BGP. As a HomeUser or Small/Medium Size Company, you normally don’t have a Full BGP Table and multipe Upstream Providers. You have one Internet Router or Firewall and you get a Default Route from your ISP. With OpenBGPD and the current rpki extensions, you “just” need a Full BGP Feed and then, you can filter all invalid ROA’s and keep your Routing (and Internet Access) more Secure.
ssh-audit is a tool for ssh server auditing. Features SSH1 and SSH2 protocol server support; grab banner, recognize device or software and operating system, detect compression; gather key-exchange, host-key, encryption and message authentication code algorithms; output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc); output algorithm recommendations (append or remove based on recognized software version); output security information (related issues, assigned CVE list, etc); analyze SSH version compatibility based on algorithm information;
like ssh and secure keys ? Generate Secure Key ssh-keygen -o -a 100 -t ed25519 -C "MyFamousComment" ssh-keygen -o -a 100 -t ed25519 -C "`whoami` `hostname`" ssh-keygen -o -a 100 -t ed25519 -C "`whoami` `hostname` `date \"+%Y-%m-%d\"`" ssh-keygen -o -a 100 -t ed25519 -C "`whoami` `hostname` `date \"+%Y-%m-%d %H:%M\"`" What’s ed25519 ? Wikipedia about Curve25519 Distribute Key ssh-copy-id user@remote-server-ip-or-dns-name Connect to Remote Connect to Remove without Agent Forwarding (use this unless you know what you’re dooing …)