Posts

Authentification SSH par certificat avec Hashicorp Vault

Je suppose que pour vous connecter via SSH, vous avez l’habitude de copier votre clef sur vos serveurs. C’est ok pour vos serveurs persos mais si vous avez tout un parc de serveurs et d’utlisateurs à gérer, cela peut vite devenir problématique. Vous pouvez bien sûr utiliser un outil comme ansible pour pousser les clefs publiques de vos utilisateurs, j’ai écrit un rôle pour ça et qui prend également en compte l’authentification 2FA mais ce n’est pas le sujet....

<span title='2022-10-05 00:00:01 +0000 UTC'>October 5, 2022</span>&nbsp;·&nbsp;8 min&nbsp;·&nbsp;JC

Red Hat docker images

The problem So you are trying to use RedHat official docker images, also called UBI for Universal Base Images in your CI/CD and try to install some packages. Sometimes it works: $ docker run -it --rm redhat/ubi9:latest [root@6afe7431c74f /]# dnf install nginx Updating Subscription Management repositories. Unable to read consumer identity Subscription Manager is operating in container mode. This system is not registered with an entitlement server. You can use subscription-manager to register....

<span title='2022-08-07 00:00:01 +0000 UTC'>August 7, 2022</span>&nbsp;·&nbsp;2 min&nbsp;·&nbsp;JC

GPG Memo for passbolt

I use for this memo a temporary gpg homedir named gpg-tmp mkdir gpg-tmp Since 3.6.0 version, passbolt can use Elliptic ed25519 GPG keys. We will see how to silently create both RSA/ECC GPG keys Create RSA key with passphrase gpg --homedir gpg-tmp --batch --no-tty --gen-key <<EOF Key-Type: rsa Key-Length: 4096 Key-Usage: sign,cert Subkey-Type: rsa Subkey-Length: 4096 SubKey-Usage: encrypt Name-Real: John Doe Name-Email: john@doe.com Expire-Date: 0 Passphrase: a-strong-passphrase %commit EOF Create RSA key without passphrase gpg --homedir gpg-tmp --batch --no-tty --gen-key <<EOF Key-Type: rsa Key-Length: 4096 Key-Usage: sign,cert Subkey-Type: rsa Subkey-Length: 4096 SubKey-Usage: encrypt Name-Real: John Doe Name-Email: john@doe....

<span title='2022-07-11 00:00:01 +0000 UTC'>July 11, 2022</span>&nbsp;·&nbsp;2 min&nbsp;·&nbsp;JC

How to setup podman in rootless mode on Debian 11

Podman ? Podman is a daemonless container engine for developing, managing, and running Open Container Initiative (OCI) containers and container images on your Linux System. Podman provides a Docker-compatible command line front end that can simply alias the Docker cli, alias docker=podman. You can know more on their website. If you want to use podman / podman-compose in place of docker / docker-compose on Debian, you are reading the right how-to :-)...

<span title='2022-06-23 00:00:01 +0000 UTC'>June 23, 2022</span>&nbsp;·&nbsp;4 min&nbsp;·&nbsp;JC

How to install packages on Red Hat

The problem Hey ! You have just installed a new Red Hat OS and you would like to start to play with but you are stuck with packages installation: $ sudo dnf install nginx Last metadata expiration check: 0:00:10 ago on Thu 23 Jun 2022 08:08:59 AM UTC. No match for argument: nginx Error: Unable to find a match: nginx $ sudo dnf install mariadb Last metadata expiration check: 0:00:26 ago on Thu 23 Jun 2022 08:08:59 AM UTC....

<span title='2022-06-23 00:00:00 +0000 UTC'>June 23, 2022</span>&nbsp;·&nbsp;3 min&nbsp;·&nbsp;JC