key

Allow Key Access for user in SSH

January 16, 2022 by Ulysses

Allow shared key access only for one user in SSH.

Disable the password authentication for one user in your SSH config. Edit /etc/ssh/sshd_config.

Match User username
  PasswordAuthentication no

Restart the SSH service.

service ssh restart

Copy user’s public key to the destination server’s authorized file in ~/.ssh/authorized_keys.

ssh-rsa AAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx <-- public key goes on for miles

Back on your client, login via SSH. User will not be prompted for password since public key is already authorized on server.

ssh username@server

GCP Activate Service Account

December 10, 2021 by Ulysses

How to activate a GCP service account for other users in Linux.

First generate a key for the service account. Save as key.json.

$ gcloud auth activate-service-account [ACCOUNT] --key-file=key.json

Once authenticated, you should be able to check if service account is active.

$ gcloud config list

A better option without needing a key.

gcloud config set core/account service-account@project-id.iam.gserviceaccount.com

If you have multiple AWS accounts, you can setup a customer-managed KMS (key management service) in the AWS Key Management Service, to secure requests or services between the two AWS accounts. The customer-managed KMS key is tied to an identity such as an IAM user or role. In addition to users and roles, other AWS accounts can be added to grant access. KMS can be symmetric or asymmetric. It’s symmetric be default. To grant access to the other account, you need to add the AWS Account Id to the key. It’s 12 digit number unique to each AWS account.

Once a key is created, the valid key ID can be used in a AWS SDK to access resources from the other AWS account.

EFS Encryption

December 3, 2020 by Ulysses

If you have an existing EFS that’s unencrypted, you can encrypt it be creating a snapshot using AWS Backup, and then restoring the file system to a new EFS with encryption. If you choose to restore in a directory in the same file system, it will not be encrypted. It has to be a new EFS. In addition, you’ll be asked to select which encryption key to use. The default key will work, unless you have your own.

SCP with a Key

October 22, 2020 by Ulysses

SCP is a secure copy utility in Linux. You’ll need access to your system. In this example, a pem key is used to authenticate to a host. SCP copies filename.ext to the home directory of ec2-user. It’s important to add the target directory, otherwise it will not work.

Here’s how to use SCP with a key from local to server.

scp -i key.pem filename.ext user@server:/home/user

From server to local. Run the command from local machine.

scp user@server:/home/user/file.txt /local/directory

Copy SSH Key to Server

June 16, 2020 by Ulysses

Here’s the command to copy a secret key to a remote server.

ssh-copy-id user@servername

This assumes you already generated a key.

AWS CLI Add User

December 4, 2019 by Ulysses

Here’s how to add an AWS user using the CLI.

aws iam create-user --user-name john.doe \
--tags Key='Name',Value='John Doe' Key='Role',Value='Admin'

Create an access key for the user.

aws iam create-access-key --user-name john.doe

GCP Create Service Account Key

September 22, 2019 by Ulysses

Here’s how to create a key for the GCP Service Account.

Create Key.

gcloud iam service-accounts keys create ~/key.json \
  --iam-account service-name@project-id.iam.gserviceaccount.com

Activate Key

gcloud auth activate-service-account service-name@project-id.iam.gserviceaccount.com \
--key-file=key.json

Revoke Key.

gcloud auth revoke service-account@project-id.iam.gserviceaccount.com

Delete Key

gcloud iam service-accounts keys delete key-id \
    --iam-account service-name@project-id.iam.gserviceaccount.com