Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 1 year ago.
Improve this question
Github now support authentication via an OpenSSH certificate: https://github.blog/2019-08-14-ssh-certificate-authentication-for-github-enterprise-cloud/.
However, I cannot find any recomendations for a certificate authority to manage these SSH certificates.
There seem to be numerous options surrounding certificate management for servers and productions environments, e.g. BLESS, CASSH etc.
What would you recommend for managing SSH certificates for developers to access Github?
In an ideal world, this would allow for custom configuration by developer. It would be able to interact with an existing active directory to authenticate users attempting to create certificates and it would be a managed service.
I work at smallstep and we have an open source certificate authority that can issue SSH certificates. We also have a hosted product that does single sign-on for SSH (along with auto-provisioning of posix users, SSH and sudo access control, and audit logging). Both the open source and productized versions allow you to connect certificate issuance to your single sign-on provider using OAuth OIDC. See this youtube video for an example of the end-user experience. It's pretty rad.
We're about to drop some new functionality in the open source CA that will allow you to add the login#github.com extension to SSH certificates which should be the last piece you need for your use case. This blog post is a good place to start if you want to try the SSH CA while you wait for that issue to close (which should happen very soon now). We're also integrating this into our hosted SSO for SSH product if you want the additional features offered there, or if you just don't want to run a CA yourself.
I'll try to remember to swing by with an update once everything is released. In the meantime if you (or anyone else who reads this) is interested I'd love to hear your feedback. I'm mike at smallstep's domain name.
We just launched support for GitHub Certificates in our fully managed EZSSH product We use your AAD identity to create a short term certificate, you can learn more about it in our GitHub blog post.
If your organization runs an internal secure web server, if you want to encrypt emails that are exchanged within your organization, or if you use digital certificates to authenticate employees onto the VPN, then you can setup and act as your own Certificate Authority (CA) and issue your own digital certificates for internal use.
Search the internet for the "Open Source Certificate Authority
or "Certificate Authority" software to find relevant out of the box solutions.
See also Certificate Authority explained in more details.
For GitHub support for SSH certificate authorities it is available with GitHub Enterprise Cloud and GitHub Enterprise Server 2.19+.
More details: https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/about-ssh-certificate-authorities
https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/managing-your-organizations-ssh-certificate-authorities
Related
I want to know is it possible to access my client Active Directory from my cloud application which is developed in C#. If yes then please provide the solution
Assuming required network connectivity is available, yes. What "required network connectivity" entails depends on the actual access mechanism being used. As an example, accessing Active Directory via secure LDAP requires TCP port 636 be open from the source to the domain controller.
Since it's not always feasible/practical/"a good idea" to open ports between cloud hosting sources and Active Directory domain controllers, you can look into ADFS (Active Directory Federation Services) which is a federated identify framework you can expose to the Internet and then use from within client applications (and we've got a good number of third party vendors that support authentication and directory data retrieval through ADFS as well).
As to the solution -- there are examples all over the Internet. Search here, search Github, search the Internet in general.
I belong to a team of several people, divided throughout the world.
We are building software for a certain platform, lets call it "Platform S". To develop for this platform there are 2 resources that are necessary. One is the SDK, which can be installed only using certain installer, that connects directly with the Platform S centrail server, and install it in out machine. The other resource is the developer website, where people post their questions and doubts about the SDK and hardware it operates on itself.
The problem comes that to connect to these resources, both the forums and to download/update the SDK, I need to have always the same IP address.
To solve this problem, I initially created a server with a fixed IP and installed proxy software in it, so that we could configure our local machines to connect to the proxy, and all have the same IP address.
Of course, to avoid that this proxy were used with nefarious purposes by hackers, and others, I protected the proxy with a password. When accessing the forums, this was no problem, as the browser opened a small dialogue window, to ask me for the user and password. But the installer that is in charge of installing/updating the SDK does not offer me this dialogue window. The last time, I disabled the password for a while, since SDK updating is not a task that one does that often, but after just a couple hours, I already got a notice from my server provider to warn me that the server was being used for malicious purposes. So that meant that this solution was not appropiate.
What approach could I take to solve my problem? Is the proxy idea the wrong way to go?
Case
I own a singular VPS hosting account at Hostgator and also a shaired hosting account. This question is mostly intended to gain knowledge, so I would so much appreciate a good explanation than a how-to.
I truly apolagise for mentioning their name but I had to say it so that someone who knows has the required information to help me.
With any type of their accounts, an SSH login is provided but, only with VPS Hosting root access to the same is available.
What I want to do
I want to create a private tunnel to encrypt my browsing data between external servers and my home PC so that my ISP cannot modify or read the data that belong to me.
Question
If I have SSH supported by provider on the server side, does it mean that I have SOCKS5 too?
What else is needed for me to set-up my secure tunnel to find way out using my existing web server account?
If SOCKS5 doesnt come for shaired hosting servers for free or if its not possible, how can one use Socks5 with such servers and establish a secure connection?
SSH supports creating a SOCKS tunnel with the -D option. See http://wiki.vpslink.com/Instant_SOCKS_Proxy_over_SSH for for more details on how to use it. But, this will only be a SOCKS4, not a SOCKS5 tunnel, which means that DNS lookups still will be done outside the tunnel.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Situation:
I've been given SSH access to a server running LAMP (Redhat) and the brief is to migrate files and database from current live server to this new development server for testing.
Further this SSH access is contained within a Protected Workspace, so basically I have to access this companies internal network and then I can access the server there through SSH.
Issue:
SSH - WTF?? :- In the murky world of media agency smoke and mirrors alas I'm not allowed to admit weakness and it appears that I won't have access to my familiar tools (filezilla + sequelpro)
I managed to logon to the server yesterday with Putty though have no idea how to achieve the mission:
Create a database
Import data to that database
Upload files
Set permission on files and folders
At what address will I be able to view the website?
Is there a kind soul out there who can point me in the right direction?
Thanks.
What's the problem with FileZilla? If its available on the server - run it, SSH has nothing to do with that. You'll probably want to have X server running on your computer though, and set up port forwarding in Putty to allow applications running through SSH to connect to it.
SSH is what it is: secured shell connection. Once you gained access through SSH you can do everything you could do using local console.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have a couple of personal web-based projects in the pipeline, and am unable to chose how to host them.
I have questions in the area of domain names and actual file hosting (which I believe are separate topics, though many companies provide both).
Domain Names
I have a domain name registered with Freeparking.co.uk, but they don't offer the kinds of services I think I need. Can I just transfer the domain name to somewhere else? Apart from anything the only thing they do is to host a page with a full-page frame on it, which I configure a URL for. Basic URL hiding, but that means that people can't bookmark specific pages in my websites.
Hosting
I wish to host ASP.NET applications (plural) using SQL Server 2005. What are the steps to choosing a hosting environment, and how do I connect the domain name to the hosting environment?
Domain names are best kept separate from the hosting. Decent domain registrars let you freely define name severs, which in then give the IP address for the domain. Typically (but not necessarily) these name servers are provided by the hosting company. So, the steps are:
Choose the hosting provider (sorry, I have don't recommendations on ASP hosting providers).
Configure the name servers so that at least the A record of yourdomain.com points to the ip of your server (this is often automatically done by the hosting company).
Configure your domain name at the registrar so that it refers to the the above mentioned name servers.
Also the domain name registrar can provide the name server stuff, or you can use for example EveryDNS.
your domain name is just an IP address in their Name Server which drives Domain Name System - DNS. Check that Freeparking actually do NameServer stuff.
You can choose what ever host that meets your requirements.
your host will have there own DNS system (ie the IP address of the server that will be your web application host).
Ask Freeparking to point your Domain Name the name at the new IP.
I needed the same ASP.Net and SQL and went for DiscountASP.net (although they are in the US), excellent service so far =>
They also do the email side too. The MX part of your domain name.