ssh SSH Agent Forwarding Vulnerability and Alternative Forwarding ssh-agents trades security for convenience. Proxying is not as simple as forwarding but does not, at first blush, expose as much of your network.
KeePass Manage Many Keys with SSH Config and KeePass Simply put, managing a ton of keys is a serious pain. If you've never really delved into the myriad ways to beef up your settings, this is a good place to start.
Sensible SSH with Ansible Sensible SSH with Ansible: An Ansible Primer This post serves as an Ansible primer. It looks at each component of an Ansible playbook with plenty of examples.
Let's Encrypt from Start to Finish Let's Encrypt from Start to Finish: Automating Renewals This post looks at several different ways to automate cert renewal. I tried to cater to everyone by including cron and systemd options. If you don't have your server set up to send emails, you might want to do that first.
Let's Encrypt from Start to Finish Let's Encrypt from Start to Finish: Generating and Testing a Cert This post wraps up (most of) the server config and puts it to use. It covers my approach to generating a cert, and provides some useful openssl commands for verification. Most of the work here is simply shuffling files around.
Let's Encrypt from Start to Finish Let's Encrypt from Start to Finish: Useful Headers This post looks a collection of useful security headers. I've tried to explain what each one does, where it can be helpful, and where it might bite you. None of these are absolutely necessary; if nothing else I strongly recommend using HSTS.
Let's Encrypt from Start to Finish Let's Encrypt from Start to Finish: Tuning with OpenSSL This post sets up all the backend security logic (minus headers). I've tried to provide an explanation of each component and good values to use (or the means to create your own). If you don't have OpenSSL, most of this is meaningless.
Let's Encrypt from Start to Finish Let's Encrypt From Start to Finish: First Steps This post is a catch-all for items that aren't closely related to the other major tasks. It covers good resources, certbot installation, and my approach to reusing Let's Encrypt config.
Let's Encrypt from Start to Finish Let's Encrypt from Start to Finish: Overview This post begins with the sad state of affairs that is the current US internet landscape but quickly moves on to more interesting topics like background information on HTTP, HTTPS, HSTS, Let's Encrypt, and `certbot`.
certbot The certbot Hook API Hopefully this is useful to someone else. I got confused by the language change from renew to deploy hooks and spent some time ripping the code apart to see how
Sensible SSH with Ansible Sensible SSH with Ansible: Vagrant Setup This post looks at how to quickly and easily mimick common environments in Vagrant. If you're using a different tool, feel comfortable with Vagrant multi-machine setups, or plan on running Vagrant from a pleasant operating system, you can probably skip this post.
Sensible SSH with Ansible Sensible SSH with Ansible: Overview As the first post in the series, this will provide a roadmap for the series and a brief overview of the tools involved.
