arianvp

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

RichardBronosky

#!/bin/bash

# curl -sL https://gist.githubusercontent.com/RichardBronosky/31660eb4b0f0ba5e673b9bc3c9148a70/raw/touchid_sudo.sh | bash
# This script is ready to copy-paste in whole, or just the line above (without the leading #)

# Use TouchID for sudo on modern MacBook Pro machines
# This script adds a single line to the top of the PAM configuration for sudo
# See: https://apple.stackexchange.com/q/259093/41827 for more info.

touchid_sudo(){

Aethylred

This is the manual process for enrolling a host running SUSE/SLE 12 SP2 with FreeIPA.

The following reference documentation was used to create this process:

• An outdated guide on Enrolling a SUSE machine with FreeIPA
• The  Manual FreeIPA guide from the RedHat documentation.

I do not recommend using yast to set this up, however it is useful to check if the configuration is valid. SUSE/SLE has all the required packages to use FreeIPA but does not have the conveinent ipa-client tools, such as ipa-client-install.

Pre-Requisites