I think the original sed-based Tetris game you were looking for is sedtris, which did take a bit of digging to find. https://github.com/uuner/sedtris
I will definitely have to see what all Happy Dance does. I thought I configured SSH pretty well, but always good to have input from experts. Paul Boniol On Wed, Aug 12, 2015 at 1:23 AM, _NSAKEY <[email protected]> wrote: > Regarding filippo.io, I can now type intelligently about why it didn't > know who I was. The github project in question (whosthere) does not even > check for ED25519 keys. Simply doing "grep -R ed25519" in the project's > main directory revealed that. There are, however, a bunch of hits for "rsa" > and "ecdsa." Obviously, support would be easy enough to add, but this guy > didn't bother doing so. Security through obscurity for the win. > > As for SSH hardening, the original project is here: > https://github.com/NSAKEY/happy-dance The one you linked to is (As of > this writing) 5 commits behind. We got distracted by the magic of sedtris > and didn't go back to it, but the Cliff's Notes version is that happy-dance > automates the steps laid out in stribika's Secure Secure Shell guide. A fun > bit of trivia: A client config that's been hardened with happy-dance's is > unable to negotiate a key exchange algos with whoami.filippo.io. > > Back to sedtris... > > > On Tuesday, August 11, 2015 at 9:44:24 PM UTC-5, Andrew McElroy wrote: >> >> We started off with a discussion of this recent project. >> >> https://blog.filippo.io/ssh-whoami-filippo-io/ >> <https://www.google.com/url?q=https%3A%2F%2Fblog.filippo.io%2Fssh-whoami-filippo-io%2F&sa=D&sntz=1&usg=AFQjCNGpG4qLn4-6uwKYzfs6abDDZnTQAw> >> >> It can read your ssh keys you present and determine who you are. >> It does this because if you have a github account the following works( >> for public keys): >> >> https://github.com/REPLACE_WITH_YOUR_GITHUB_HANDLE.keys >> >> This is an article why this may be bad. >> https://blog.benjojo.co.uk/post/auditing-github-users-keys >> >> https://github.com/FiloSottile/whosthere >> >> reminder that if you generated your ssh keys between 2007-2008 on >> debian, consider cycling. >> https://github.com/g0tmi1k/debian-ssh >> >> http://www.metasploit.com/ >> >> More ssh hardening. >> https://github.com/oittaa/happy-dance >> >> saw a pull request for happy-dance that used awk a bit. >> I pointed out that sed and awk are very powerful: >> >> >> http://www.unix.com/shell-programming-and-scripting/174525-tetris-game-based-shell-script-new-algorithm.html >> >> while we were on the topic of of obscure programming feats. >> http://www.ioccc.org/years-spoiler.html >> >> essentially docker in bash. >> https://github.com/p8952/bocker >> >> >> We this talked about how to make NLUG better. >> > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
