Recently, I wrote about the dynamic resolution of upstream servers in
nginx which was achieved by quite an intrusive patch to the core nginx module.
The patch was invented a while ago and was working very well up until recent
nginx versions were released.
With the release of nginx 1.10 it was noticed that the patch crashes some
workers under heavy load and this was unacceptable for the production load,
hence a new approach was implemented.
The beauty of the new solution is that it is non-intrusive and works with any
services that communicate via sockets.
A while ago in the Transparent SSH host-jumping (Advanced) post I
described a technique on how one could jump quite effortlessly through a chain
of intermediate hosts. However, there was a catch: the user names and ports
across the whole chain should be the same and there was no easy way to change
Given that I recently paid quite a lot of attention to the ProxyCommand
directive I decided to look into the implementation of the helper script that
will allow one to tweak parameters for the hosts in the chain.
I was involved in the creation of the sshephalopod project, which was an
attempt to build an enterprise level authentication framework for SSH
authentication using the SSH CA feature.
The project is based on a wrapper script that signs a user via a SAML identity
provider and gets user’s public key signed for the further usage.
In one of the discussions I pointed out that such a wrapper script is not good
for the end user experience and I proposed to provide the users with an excerpt
for their ssh config file, so the functionality of sshephalopod would be
time 5 min.