Safer SSH agent forwarding

ssh-agent is a program to hold in memory the private keys used by SSH for public-key authentication. When the agent is running, ssh forwards to it the signature requests from the server. The agent performs the private key operations and returns the results to ssh. It is useful if you keep your private keys encrypted on disk and you don’t want to type the password at each connection. Keeping the agent secure is critical: someone able to communicate with the agent can authenticate on your behalf on remote servers.

ssh also provides the ability to forward the agent to a remote server. From this remote server, you can authenticate to another server using your local agent, without copying your private key on the intermediate server. As stated in the manual page, this is dangerous!

Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent’s UNIX-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent. A safer alternative Continue reading

Headcount: Firings, Hirings, and Retirings — March 2020

Cisco, Hitachi cut hundreds of jobs; Nokia CEO walked the plank; AT&T slashed jobs; plus the...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

CEX (Code EXpress) 10. Creating user functions.

Hello my friend,

So far you have learned the most vital tools to start writing your code in Python such as Python’s variables, lists, dictionary data constructions and code flow control for, while and if. Today you will see how to join them all together to create a user defined functions to make your Python’s code cleaner and less error-prone.

Network automation training – boost your career

Don’t wait to be kicked out of IT business. Join our network automation training to secure your job in future. Come to NetDevOps side.

How does the training differ from this blog post series? Here you get the basics and learn some programming concepts in general, whereas in the training you get comprehensive set of knowledge with the detailed examples how to use Python for the network and IT automation. You need both.

What are we going to do today?

User-defined functions is a reusable parts of the Python’s code, which allow you create some processing once in your code and then call it multiple types anywhere you need. So you will learn:

  • Why it is useful to create user-defined functions
  • How to create the user-defined functions and use them Continue reading

Making File URLs Work Again in Firefox

At some point in the last year or so—I don’t know exactly when it happened—Firefox, along with most of the other major browsers, stopped working with file:// URLs. This is a shame, because I like using Markdown for presentations (at least, when it’s a presentation where I don’t need to collaborate with others). However, using this sort of approach generally requires support for file:// URLs (or requires running a local web server). In this post, I’ll show you how to make file:// URLs work again in Firefox.

I tested this procedure using Firefox 74 on Ubuntu, but it should work on any platform on which Firefox is supported. Note that the locations of the user.js file will vary from OS to OS; see this MozillaZine Knowledge Base entry for more details.

Here’s the process I followed:

  1. Create the user.js file (it doesn’t exist by default) in the correct location for your Firefox profile. (Refer to the MozillaZine KB article linked above for exactly where that is on your OS.)

  2. In the user.js, add these entries:

    // Allow file:// links
user_pref("capability.policy.policynames", "localfilelinks");
user_pref("capability.policy.localfilelinks.sites", "file://");
user_pref("capability.policy.localfilelinks.checkloaduri. Continue reading

Amateur radio digital voice

It’s a mess.

This post is my attempt at a summary of amateur radio digital voice modes, and what I think of them.

I’m not an expert, so if you have more experience then your opinion is likely more valid than mine. But hopefully at least I’m getting the facts right. Please correct me where I’m mistaken.

Analog and digital voice

In the beginning there was only analog. Traditionally on HF you used SSB, and on VHF/UHF you use FM. Analog works, and while yes there are different modes, radios tend to support all of them, or at least the common ones (e.g. most VHF/UHF radios don’t support SSB, because most traffic there is FM). Usually HT traffic is VHF/UHF FM, and for SSB while there is LSB and USB, radios will support both.

But analog isn’t perfect. By going digital we can send metadata such as call signs, positions, and even pictures and files. And for audio quality digital will get rid of the static of analog noise. Digital works better for longer distances, uses less spectrum, and retains voice clarity much longer.

Yes, there’s a sharp cliff when digital voice modes can no longer Continue reading

Versa CMO Stakes Claim in Competitive SD-WAN Market

Wood is no stranger to the SD-WAN market. He joined Versa’s executive team in February after a...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

The Serverlist: Built with Workers, Single-Tenant Architecture, and more!

The Serverlist: Built with Workers, Single-Tenant Architecture, and more!

Check out our fourteenth edition of The Serverlist below. Get the latest scoop on the serverless space, get your hands dirty with new developer tutorials, engage in conversations with other serverless developers, and find upcoming meetups and conferences to attend.

Sign up below to have The Serverlist sent directly to your mailbox.

UPDATE: How enterprise networking is changing with a work-at-home workforce

As the coronavirus spreads, public and private companies as well as government entities are requiring employees to work from home, putting unforeseen strain on all manner of networking technologies and causing bandwidth and security concerns.  What follows is a round-up of news and traffic updates that Network World will update as needed to help keep up with the ever-changing situation.  Check back frequently!UPDATE 4.10 The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) on April 8 released new guidance on how remote government workers and potentially others should address network security.  The “interim Trusted Internet Connections (TIC) 3.0 guidance to aid agencies in securing their network and cloud environments.” CISA wrote: “While this prior work has been invaluable in securing federal networks and information, the program must adapt to modern architectures and frameworks for government IT resource utilization. Accordingly, OMB’s [Office of Management and Budget] memorandum provides an enhanced approach for implementing the TIC initiative that provides agencies with increased flexibility to use modern security capabilities.”To read this article in full, please click here

Installing MultiMarkdown 6 on Ubuntu 19.10

Markdown is a core part of many of my workflows. For quite a while, I’ve used Fletcher Penny’s MultiMarkdown processor (available on GitHub) on my various systems. Fletcher offers binary builds for Windows and macOS, but not a Linux binary. Three years ago, I wrote a post on how to compile MultiMarkdown 6 for a Fedora-based system. In this post, I’ll share how to compile it on an Ubuntu-based system.

Just as in the Fedora post, I used Vagrant with the Libvirt provider to spin up a temporary build VM.

In this clean build VM, I perform the following steps to build a multimarkdown binary:

  1. Install the necessary packages with this command:

    sudo apt install gcc make cmake git build-essential

  2. Clone the source code repository:

    git clone https://github.com/fletcher/MultiMarkdown-6

  3. Switch into the directory where the repository was cloned and run these commands to build the binary:

    make
cd build
make

  4. Once the second make command is done, you’re left with a multimarkdown binary. Copy that to the host system (scp works fine). Use vagrant destroy to clean up the temporary build VM once you’ve copied the binary to your host system.

And with that, you’re good to go!

Hyperscalers Crystallize 5G, Edge Strategies

“As the 5G edge unfolds, we’ll start to see more of a marriage between the telcos and...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Daily Roundup: AT&T Sees 700% SD-WAN Surge

AT&T saw a 700% SD-WAN surge; VMware, FBI warned of cybercriminals targeting teleworkers; and...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

BiB091: Rancher Open Source K8s Management Releases 2.4

Rancher has announced version 2.4, which might seem like...meh...no big deal. Companies publish incremental software releases all the time. Well, Rancher 2.4 is interesting because it indicates where Kubernetes is heading. That is...Kubernetes everywhere, running production workloads. In your data center. At the edge. In the public cloud.

The post BiB091: Rancher Open Source K8s Management Releases 2.4 appeared first on Packet Pushers.

Terraform an HA-VPN between GCP and Cisco

Doing Infrastucture-as-Code (IaC) with Ansible has given me a headache – so I’ve recently been playing around with Terraform as an alternative to Ansible for certain tasks that require Cloud IaaS interactions. The goal of this blog post is to build an HA-VPN solution between GCP and an on-premises Cisco IOS-XE device (CSR) using Terraform. […]

The post Terraform an HA-VPN between GCP and Cisco appeared first on Overlaid.

Heavy Networking 510: Take A Modern Approach To SD-WAN And Networking With Fortinet (Sponsored)

On today's sponsored show, we dig into Fortinet's portfolio, including SD-WAN and its security fabric. We discuss customer use cases, examine how the fabric works, and explore how Foritnet integrates its own and third-party security tools to enhance visibility and automation. Our guest is Stephen Watkins, Director and Principal Security Architect at Fortinet.

Heavy Networking 510: Take A Modern Approach To SD-WAN And Networking With Fortinet (Sponsored)

On today's sponsored show, we dig into Fortinet's portfolio, including SD-WAN and its security fabric. We discuss customer use cases, examine how the fabric works, and explore how Foritnet integrates its own and third-party security tools to enhance visibility and automation. Our guest is Stephen Watkins, Director and Principal Security Architect at Fortinet.

The post Heavy Networking 510: Take A Modern Approach To SD-WAN And Networking With Fortinet (Sponsored) appeared first on Packet Pushers.

VMware: What to Do When Cybercriminals Hunt Your Company in Your Home

The worse-case scenario is “whether your entire brand will be used to attack your customers,”...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Join our new Docker Desktop Developer Preview Program!

Docker Desktop is getting ready to celebrate its fourth birthday in June this year. We have come a long way from our first version and have big plans of what we would like to do next. As part of our future plans we are going to be kicking off a new early access program for Docker Desktop called Docker Desktop Developer Preview and we need your help!

What is this Program about and what are the benefits?

This program is for a small number of heavy Docker Desktop users who want to interact with the Docker team and impact the future of Docker Desktop for millions of users around the world.

As a member of this group we will be working with you to look at and experiment with our new features. You will get direct access to the people who are building Docker Desktop everyday. You will meet with our engineering team, product manager and community leads, to share your feedback, tell us what is working in our new features and how we could improve, and also help us really dig in when something doesn’t work quite right. 

On top of that, you will have a chance to Continue reading

1 1,020 1,021 1,022 1,023 1,024 3,874