From e702b2085f87680d294608cd272c8fcb672f35ab Mon Sep 17 00:00:00 2001 From: Ihar Hancharenka Date: Wed, 23 Aug 2023 23:01:16 +0300 Subject: [PATCH] m --- .../azure/{ => identity}/managed-identity.txt | 0 devops/cloud/azure/sdk/java/identity.txt | 65 +++++++++++++++++++ os/shells/ssh/docs/articles.txt | 5 -- os/shells/ssh/docs/presentations.txt | 12 ---- pl/py/docs/books.txt | 3 + {os/shells => security}/ssh/autossh.txt | 0 {os/shells => security}/ssh/awesome.txt | 0 {os/shells => security}/ssh/cfg/aliases.txt | 0 {os/shells => security}/ssh/cfg/cfg.txt | 0 .../ssh/cfg/presentations.txt | 0 .../ssh/clients/easyssh.txt | 0 security/ssh/docs/articles.txt | 4 ++ security/ssh/docs/books.txt | 3 + .../ssh/docs/cheatsheets.txt | 0 {os/shells => security}/ssh/docs/courses.txt | 0 {os/shells => security}/ssh/docs/guides.txt | 0 security/ssh/docs/presentations.txt | 11 +++- {os/shells => security}/ssh/docs/qa.txt | 0 .../ssh/features/dir-permissions.txt | 0 .../ssh/features/key-rotation.txt | 0 .../ssh/rcman/ssh-connect.txt | 0 {os/shells => security}/ssh/rcman/sshrc.txt | 0 {os/shells => security}/ssh/server/inst.txt | 0 {os/shells => security}/ssh/ssh.txt | 26 ++------ {os/shells => security}/ssh/tools/assh.txt | 0 {os/shells => security}/ssh/tools/sshpass.txt | 0 {os/shells => security}/ssh/xxh.txt | 0 27 files changed, 89 insertions(+), 40 deletions(-) rename devops/cloud/azure/{ => identity}/managed-identity.txt (100%) delete mode 100644 os/shells/ssh/docs/articles.txt delete mode 100644 os/shells/ssh/docs/presentations.txt rename {os/shells => security}/ssh/autossh.txt (100%) rename {os/shells => security}/ssh/awesome.txt (100%) rename {os/shells => security}/ssh/cfg/aliases.txt (100%) rename {os/shells => security}/ssh/cfg/cfg.txt (100%) rename {os/shells => security}/ssh/cfg/presentations.txt (100%) rename {os/shells => security}/ssh/clients/easyssh.txt (100%) create mode 100644 security/ssh/docs/books.txt rename {os/shells => security}/ssh/docs/cheatsheets.txt (100%) rename {os/shells => security}/ssh/docs/courses.txt (100%) rename {os/shells => security}/ssh/docs/guides.txt (100%) rename {os/shells => security}/ssh/docs/qa.txt (100%) rename {os/shells => security}/ssh/features/dir-permissions.txt (100%) rename {os/shells => security}/ssh/features/key-rotation.txt (100%) rename {os/shells => security}/ssh/rcman/ssh-connect.txt (100%) rename {os/shells => security}/ssh/rcman/sshrc.txt (100%) rename {os/shells => security}/ssh/server/inst.txt (100%) rename {os/shells => security}/ssh/ssh.txt (64%) rename {os/shells => security}/ssh/tools/assh.txt (100%) rename {os/shells => security}/ssh/tools/sshpass.txt (100%) rename {os/shells => security}/ssh/xxh.txt (100%) diff --git a/devops/cloud/azure/managed-identity.txt b/devops/cloud/azure/identity/managed-identity.txt similarity index 100% rename from devops/cloud/azure/managed-identity.txt rename to devops/cloud/azure/identity/managed-identity.txt diff --git a/devops/cloud/azure/sdk/java/identity.txt b/devops/cloud/azure/sdk/java/identity.txt index bdf18a245..5525f0752 100644 --- a/devops/cloud/azure/sdk/java/identity.txt +++ b/devops/cloud/azure/sdk/java/identity.txt @@ -29,6 +29,71 @@ private ArrayList getCredentialsChain() { return output; } +private static final class AuthenticatedImpl implements Authenticated { + private final HttpPipeline httpPipeline; + private final ResourceManager.Authenticated resourceManagerAuthenticated; + private AuthorizationManager authorizationManager; + private String tenantId; + private String subscriptionId; + private final AzureEnvironment environment; + + private AuthenticatedImpl(HttpPipeline httpPipeline, AzureProfile profile) { + // !!! + this.resourceManagerAuthenticated = ResourceManager.authenticate(httpPipeline, profile); + ... + } + ... +} +!!! +IdentityClient.authenticateWith... +??? ManagedIdentityCredential::getToken, ... + + +az account get-access-token --output json --resource https://management.core.windows.net/ + +IdentityClientBase + AccessToken getTokenFromAzureCLIAuthentication(StringBuilder azCommand) { + ... + Map objectMap = SERIALIZER_ADAPTER.deserialize(processOutput, Map.class, + SerializerEncoding.JSON); + String accessToken = objectMap.get("accessToken"); + String time = objectMap.get("expiresOn"); + String timeToSecond = time.substring(0, time.indexOf(".")); + String timeJoinedWithT = String.join("T", timeToSecond.split(" ")); + OffsetDateTime expiresOn = LocalDateTime.parse(timeJoinedWithT, DateTimeFormatter.ISO_LOCAL_DATE_TIME) + .atZone(ZoneId.systemDefault()) + .toOffsetDateTime().withOffsetSameInstant(ZoneOffset.UTC); + token = new AccessToken(accessToken, expiresOn); + ... + } + +sdk/core/azure-core/src/main/java/com/azure/core/credential/SimpleTokenCache.java +64: } else if (cache == null || cache.isExpired()) { +112: } else if (cache != null && !cache.isExpired()) { + +sdk/core/azure-core/src/main/java/com/azure/core/implementation/AccessTokenCache.java +!!! this.tokenSupplierSync = () -> tokenCredential.getTokenSync(this.tokenRequestContext); + +sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredential.java + getTokenSync +sdk/identity/azure-identity/src/main/java/com/azure/identity/EnvironmentCredential.java + https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory + ClientSecretCredential + ClientCertificateCredential + UsernamePasswordCredential +sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java + !!! need clientId of user-assigned managed identity + * @param clientId the client id of user assigned identity or app registration (when working with AKS pod-identity). + + + +ExpringTask + tokenCache.fetchFreshToken + getTokenRefresher + Supplier tokenRefresher = tokenRefreshOptions.getTokenRefresherSync(); + +CommunicationTokenRefreshOptions ?? never created + managed ids https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/ diff --git a/os/shells/ssh/docs/articles.txt b/os/shells/ssh/docs/articles.txt deleted file mode 100644 index 853ae3ef2..000000000 --- a/os/shells/ssh/docs/articles.txt +++ /dev/null @@ -1,5 +0,0 @@ -2021 -https://linoxide.com/ssh-commands-in-linux-with-usage-examples/ -https://www.tecmint.com/ssh-security-best-practices/ -2018 -https://habr.com/post/425637/ diff --git a/os/shells/ssh/docs/presentations.txt b/os/shells/ssh/docs/presentations.txt deleted file mode 100644 index 4b63e79b1..000000000 --- a/os/shells/ssh/docs/presentations.txt +++ /dev/null @@ -1,12 +0,0 @@ -2022 -LearnLinuxTV - Getting Started with OpenSSH Key Management of 23:30 - https://www.youtube.com/watch?v=GxRu35fy-oY -2020 -LearnLinuxTV - OpenSSH Full Guide - Everything you need to get started! of 1:27:59 - https://www.youtube.com/watch?v=YS5Zh7KExvE -2019 -LearnLinuxTV - 3 Important Tweaks for Improving OpenSSH Security on Your Cloud Instance of 39:01 - https://www.youtube.com/watch?v=xVW1fGRlRkE -2015 -Gotbletu - Remote Desktop Software - https://www.youtube.com/playlist?list=PLqv94xWU9zZ2v9wasSAH6Qo_icOPimwn1 diff --git a/pl/py/docs/books.txt b/pl/py/docs/books.txt index 55ce32cd2..91e820ffb 100644 --- a/pl/py/docs/books.txt +++ b/pl/py/docs/books.txt @@ -93,6 +93,9 @@ Hillard - Practices of the Python Pro 25154F9C11E4A5E20CFB9FDF07160D79 2019 Danjou - Serious Python + 876F4597C2CCEAF18633898EEE4ABDAD + B80553F48DA6D3643A5B9874D1C90AB8 + 9CBE93B588D4CD54CD120C02A7945A9D Fedorov - Python Programming ru Kapil - Clean Python B3FE71F8C3E248D927B19A6628E3BD62 diff --git a/os/shells/ssh/autossh.txt b/security/ssh/autossh.txt similarity index 100% rename from os/shells/ssh/autossh.txt rename to security/ssh/autossh.txt diff --git a/os/shells/ssh/awesome.txt b/security/ssh/awesome.txt similarity index 100% rename from os/shells/ssh/awesome.txt rename to security/ssh/awesome.txt diff --git a/os/shells/ssh/cfg/aliases.txt b/security/ssh/cfg/aliases.txt similarity index 100% rename from os/shells/ssh/cfg/aliases.txt rename to security/ssh/cfg/aliases.txt diff --git a/os/shells/ssh/cfg/cfg.txt b/security/ssh/cfg/cfg.txt similarity index 100% rename from os/shells/ssh/cfg/cfg.txt rename to security/ssh/cfg/cfg.txt diff --git a/os/shells/ssh/cfg/presentations.txt b/security/ssh/cfg/presentations.txt similarity index 100% rename from os/shells/ssh/cfg/presentations.txt rename to security/ssh/cfg/presentations.txt diff --git a/os/shells/ssh/clients/easyssh.txt b/security/ssh/clients/easyssh.txt similarity index 100% rename from os/shells/ssh/clients/easyssh.txt rename to security/ssh/clients/easyssh.txt diff --git a/security/ssh/docs/articles.txt b/security/ssh/docs/articles.txt index 031106dbd..d876cd1eb 100644 --- a/security/ssh/docs/articles.txt +++ b/security/ssh/docs/articles.txt @@ -1,9 +1,13 @@ 2023 https://www.stationx.net/ssh-commands-cheat-sheet/ ! cool +2021 +https://linoxide.com/ssh-commands-in-linux-with-usage-examples/ +https://www.tecmint.com/ssh-security-best-practices/ 2022 https://habr.com/ru/company/ruvds/blog/676596/ 2019 https://proglib.io/p/ssh-tunnels/ 2018 https://habr.com/post/425637/ +http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/ diff --git a/security/ssh/docs/books.txt b/security/ssh/docs/books.txt new file mode 100644 index 000000000..1f8428dc5 --- /dev/null +++ b/security/ssh/docs/books.txt @@ -0,0 +1,3 @@ +2005 +Barrett - SSH The Secure Shell 2nd ed + 961787C66EF4F3856D42BA250F3E58C9 diff --git a/os/shells/ssh/docs/cheatsheets.txt b/security/ssh/docs/cheatsheets.txt similarity index 100% rename from os/shells/ssh/docs/cheatsheets.txt rename to security/ssh/docs/cheatsheets.txt diff --git a/os/shells/ssh/docs/courses.txt b/security/ssh/docs/courses.txt similarity index 100% rename from os/shells/ssh/docs/courses.txt rename to security/ssh/docs/courses.txt diff --git a/os/shells/ssh/docs/guides.txt b/security/ssh/docs/guides.txt similarity index 100% rename from os/shells/ssh/docs/guides.txt rename to security/ssh/docs/guides.txt diff --git a/security/ssh/docs/presentations.txt b/security/ssh/docs/presentations.txt index 3d7914a5c..4b63e79b1 100644 --- a/security/ssh/docs/presentations.txt +++ b/security/ssh/docs/presentations.txt @@ -1,3 +1,12 @@ -2021 +2022 +LearnLinuxTV - Getting Started with OpenSSH Key Management of 23:30 + https://www.youtube.com/watch?v=GxRu35fy-oY +2020 LearnLinuxTV - OpenSSH Full Guide - Everything you need to get started! of 1:27:59 https://www.youtube.com/watch?v=YS5Zh7KExvE +2019 +LearnLinuxTV - 3 Important Tweaks for Improving OpenSSH Security on Your Cloud Instance of 39:01 + https://www.youtube.com/watch?v=xVW1fGRlRkE +2015 +Gotbletu - Remote Desktop Software + https://www.youtube.com/playlist?list=PLqv94xWU9zZ2v9wasSAH6Qo_icOPimwn1 diff --git a/os/shells/ssh/docs/qa.txt b/security/ssh/docs/qa.txt similarity index 100% rename from os/shells/ssh/docs/qa.txt rename to security/ssh/docs/qa.txt diff --git a/os/shells/ssh/features/dir-permissions.txt b/security/ssh/features/dir-permissions.txt similarity index 100% rename from os/shells/ssh/features/dir-permissions.txt rename to security/ssh/features/dir-permissions.txt diff --git a/os/shells/ssh/features/key-rotation.txt b/security/ssh/features/key-rotation.txt similarity index 100% rename from os/shells/ssh/features/key-rotation.txt rename to security/ssh/features/key-rotation.txt diff --git a/os/shells/ssh/rcman/ssh-connect.txt b/security/ssh/rcman/ssh-connect.txt similarity index 100% rename from os/shells/ssh/rcman/ssh-connect.txt rename to security/ssh/rcman/ssh-connect.txt diff --git a/os/shells/ssh/rcman/sshrc.txt b/security/ssh/rcman/sshrc.txt similarity index 100% rename from os/shells/ssh/rcman/sshrc.txt rename to security/ssh/rcman/sshrc.txt diff --git a/os/shells/ssh/server/inst.txt b/security/ssh/server/inst.txt similarity index 100% rename from os/shells/ssh/server/inst.txt rename to security/ssh/server/inst.txt diff --git a/os/shells/ssh/ssh.txt b/security/ssh/ssh.txt similarity index 64% rename from os/shells/ssh/ssh.txt rename to security/ssh/ssh.txt index 8b056f05b..324013987 100644 --- a/os/shells/ssh/ssh.txt +++ b/security/ssh/ssh.txt @@ -1,29 +1,14 @@ -https://wiki.archlinux.org/index.php/SSH_keys - -http://www.ibm.com/developerworks/library/l-keyc/ -http://www.ibm.com/developerworks/library/l-keyc2/ -http://www.ibm.com/developerworks/library/l-keyc3/ - -http://serverfault.com/questions/241588/how-to-automate-ssh-login-with-password - -http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/ - -ssh-copy-id -i ~/.ssh/id_rsa.pub user@host - - -ssh-keygen ... -ssh-copy-id @ --> ~/.ssh/authorized_keys - github ssh: https://help.github.com/articles/generating-ssh-keys/ https://help.github.com/articles/working-with-ssh-key-passphrases/ http://superuser.com/questions/441854/git-ssh-agent-not-working - +https://wiki.archlinux.org/index.php/SSH_keys ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -f will generate with a pvt-key and .pub with a pub-key - +ssh-copy-id @ +-> ~/.ssh/authorized_keys +ssh-copy-id -i ~/.ssh/id_rsa.pub user@host PVT KEYS: sudo chmod 0500 ~/.shh/id_rsa @@ -31,9 +16,6 @@ sudo chmod 0500 ~/.shh/id_rsa Multiple keys: http://stackoverflow.com/questions/10455974/setting-up-ssh-keys-for-gibhub -Legacy: -http://www.openssh.com/legacy.html - Password-protect key: https://help.github.com/articles/working-with-ssh-key-passphrases/ ssh-keygen -p -f /path-to/key-file diff --git a/os/shells/ssh/tools/assh.txt b/security/ssh/tools/assh.txt similarity index 100% rename from os/shells/ssh/tools/assh.txt rename to security/ssh/tools/assh.txt diff --git a/os/shells/ssh/tools/sshpass.txt b/security/ssh/tools/sshpass.txt similarity index 100% rename from os/shells/ssh/tools/sshpass.txt rename to security/ssh/tools/sshpass.txt diff --git a/os/shells/ssh/xxh.txt b/security/ssh/xxh.txt similarity index 100% rename from os/shells/ssh/xxh.txt rename to security/ssh/xxh.txt