Posts
-
SSH Multiplexing
SSH multiplexing is the ability to combine multiple SSH sessions over one TCP connection. Instead of opening a new TCP stream for each new SSH connection, it uses the existing socket. Then, each session after that passes over the socket instead of opening a new connection. This is not only faster, but reduces the number of open TCP streams from your host!
Continue Reading... -
Disposable, Reproducible Environments with Vagrant
Even if you haven’t used Vagrant, I’m sure you’ve still heard about it. Vagrant is one of the most popular Hashicorp products. It provides an abstraction over virtualization software, using VirtualBox by default. Vagrant creates your development machines by cloning base boxes. You can download these from the public repository or import one from a local file. You can also package and publish your own base boxes. Vagrant can provision your boxes, either on first boot or on demand. I love this tool, and use it with Puppet for a ton of my development, I can’t recommend it enough.
Continue Reading... -
Getting Started with Jekyll and GitHub Pages
Are you are creating your personal site, but don’t want to commit to purchasing a new host to serve it from? Not to worry: GitHub has your back! Using GitHub Pages, you can host your static site for free! This is a great alternative to a shared web host, allowing you to deploy your site with a mere git push. This makes it perfect for open source projects or startups on a lean budget. But what can I do with a static site?! GitHub supports Jekyll, giving your static site the flexibility a “dynamic” site might have.
Continue Reading... -
Modifying Existing Resources in Terraform
The crew over at Hashicorp recently pushed out the latest revision of Terraform, v0.7! It features a bunch of excellent features I’ve been hanging on for and can’t wait to play around with.
Continue Reading... -
Using an SSH Bastion Host
A bastion host, also known as a jumpbox, is a machine whose sole purpose is to provide a secure entryway to your private network. This allows you to restrict network access to your internal services to only the bastion host, rejecting or dropping packets which do not originate from the bastion host. Not only does this allow you to reduce your visible attack surface, it also allows you to better allocate resources to securing your network, as you can put more effort into securing or auditing the jumpbox. This machine acts as a choke point, maintaining record of internal network access and providing a single machine to revoke access from in the event of compromise. Now you can go crazy with all the security tools and techniques you like without dealing with as large of a hassle! Set a non-standard SSH port, lock down that port with fwknop, use a OTP with Google authenticator, and more!
Continue Reading...