Public Key Infrastructure – How do I securely store others' SSH keys?

This is not an actual programming question, but please listen to me. I am creating a deployment tool. With my application, other users can deploy their own application on their own servers. (just like forge.laravel.com),

The following are the use cases for this particular question

  1. I need to store every public SSH key of my user because I need to put this key in each of the servers provided. So that users without manual permissions can log in to their servers via ssh.
  2. Also, I need to authorize the SSH key of my applications (ie the public key of my server) on the customer's server so that I can execute commands on my user's server on its behalf.
  3. I need to generate a new key on the newly deployed customer server and authorize it in the client's github / gitlab so I do not have to enter a username or password when pushing / pulling from the server.

Let's come to the question of where and how to keep these keys (safe). can I save them to a specific directory on my server? This makes me think that my server can be a big target for hackers, because if it is able to hack, it will open doors to a lot of servers.

What steps can I take to make this setup safer?

Considering Application Case 2, does it make a difference if I generate separate keys for separate customers?

[WTS]DataPacket.net High Speed ​​Dedicated Server + Free Server Administration!

Since 2001 the best hosting at the best price!

DataPacket.netThe mission is simple, we offer the best hosting at the best price. Price, service and support come first. Our customers come first and you will see that this is reflected in every service we deliver. We are an experienced and professional technology partner you can count on.

Developed by DataPacket, Intel Core Servers have been developed for a variety of applications and provide you with a dedicated server at an unbeatable price. Powerful components with a small profile and low power consumption are offered by DataPacketCheap dedicated server:

DServer (4 GB) 29.95 USD / month
Free server administration
Set up within 24 hours
Intel Core (2C / 4T) 2.9 GHz
500 GB hard drive
4 GB RAM
Private network with 1000 Mbit / s
100 Mbps public network
Unmeasured bandwidth
== >> Buy now!

DServer (8 GB) 39.95 USD / month
Free server administration
Set up within 24 hours
Intel Core (2C / 4T) 2.9 GHz
500 GB hard drive
8 GB RAM
Private network with 1000 Mbit / s
100 Mbps public network
Unmeasured bandwidth
== >> Buy now!

DServer (SSD) 49.95 USD / month
Free server administration
Set up within 24 hours
Intel Core (2C / 4T) 2.9 GHz
320 GB hard drive – 240 GB SSD
8 – 16 GB RAM
Private network with 1000 Mbit / s
100 Mbps public network
Unmeasured bandwidth
== >> Buy now!

Why choose us?

Bare-metal cloud servers– A bare metal cloud server is a dedicated server with a cloud management layer. Part of the memory and hard drive is reserved for cloud management tools, deployment and operating system templates.
Cheap dedicated server– If you choose DataPacket, you get the best hosting at the best price! We offer affordable hosting packages for dedicated servers that fit into any budget and are quickly and reliably equipped with top features.
Cloud management tools– Manage your infrastructure by adding or removing servers as needed, reloading the operating system, setting up firewall rules, restarting servers, or monitoring your usage. With the cloud management tools from DataPacket, you can take the pilot's seat!
Instant Dedicated Server– An advantage of a bare-metal server (apart from the low price) is the deployment process. The setup will be started immediately after receipt of payment. Your server is ready to use within minutes of receiving your payment.

Do you offer a free trial?
We provide a 30-day money back guarantee if you are not satisfied with our service.

If you have any questions, please contact us:
Phone:+1 (407) 995-6628
Mail:service @ datapacket.net
Address:401 E 1st Street # 1868 – 0080
Sanford, FL 32772
United States
OrTICKET TRANSFER!

,

HostKoala – 40% OFF LIFETIME – 11 Locations – Public Uptime Page – From $ 3 / year – Full Version

host Koala is a Malaysia-based web hosting company that has offered reliable and affordable shared hosting since 2010.

WEB HOSTING TALK SPECIAL 40% DISCOUNT FOR LIFE

On all our plans we grant 40% lifelong discount. Just use the coupon code wht40 during the ordering process. With this voucher you receive a lifelong discount of 40%!

Properties :

  • cpanel Switchboard
  • Litespeed Web server & LSCache
  • Several PHP versions (PHP 5.x to 7.x)
  • Softaculous 1-Click Script Installer (install WordPress, OpenCart, Prestashop, Drupal, Joomla, phpBB, Dolphin in one click)
  • Daily backups (Jet Backup) accessible from cPanel
  • CloudLinux OS (CentOS)
  • Live chat (9-10 am + 8 pm GMT)
  • 99.9% Server Uptime (Link: Uptime Page) Or a refund of 2400%.
  • 45-day money-back guarantee
  • Unlimited MySQL databases, subdomains
  • Encrypt free unlimited SSL SSL Certificates / SSL Certificates
  • Eleven locations : Las Vegas, Atlanta, New York, Canada, London (UK), Netherlands, France, Germany, Luxembourg (Offshore), Singapore (ASIA), Sydney (Australia)
  • High server limits – Most hosts specify disk I / O at 1-5 MB / s, we specify hard disk I / O at 25-30 MB / s. Check our limits here

standard plan (Regular Price: $ 5 / year – Now only $ 3 / year with voucher WHT40)
Hard disk space: 1 GB Pure SSD
Bandwidth: 100 GB monthly bandwidth
Host a domain
Order now : https://www.hostkoala.com/pricing.html

Middle plan (Regular Price: $ 10 / year – Now only $ 6 / year with voucher WHT40)
Hard disk space: 3 GB Pure SSD
Bandwidth: 300 GB monthly bandwidth
Host THREE domains
Order now : https://www.hostkoala.com/pricing.html

Premium Plan (Regular Price: $ 5 / year – Now only $ 12 / year with voucher WHT40)
Hard disk space: 5 GB Pure SSD
Bandwidth: 500 GB monthly bandwidth
Host unlimited domains
Order now : https://www.hostkoala.com/pricing.html

Business Plan (Regular Price: $ 5 / month – Now only $ 3 / month with voucher WHT40)
Hard disk space: 10 GB Pure SSD
Bandwidth: 1000 GB monthly bandwidth
Host unlimited domains
Order now : https://www.hostkoala.com/pricing.html

That's what customers say about us:
Trust pilot
host Advice
host Search
Facebook

Do you have anymore questions?

Do not hesitate to send us a support e-mail to support@hostkoala.com, OR visit our site to chat with our live chat support

Generate or extract a public certificate and a public key

Goal: Achieve mutual two-way authentication

Can someone help me understand how to generate a public key and a public certificate so that I can share this with my clients so that they can connect to my server?

Things I have for my server (tibco ems)
CA-signed root intermediate and chain certificate
Private key

Things I want for my client (Java application)

A p12 file that contains a public key and public certificate of my server so that they can connect to my server

Server: Apache Linux Server
Application tibco ems (server)

Networking – Access to IIS Web servers from the public is not possible

For 4 days I'm trying to get my IIS web server up and running! I can internally through the internal static IP 192. ###. #. Access the website from various devices on the network. I have set up a setup port forwarding on my Verizon router to forward all incoming requests from the external public to the internal port 80 on the Windows 10 desktop where my IIS server resides. I have completely disabled all firewall settings and antivirus applications / processes under Windows 10. Even though all these doors have been opened, I can still access the website every time using the URL http: // public-ip-address: port # I have received the message "This page can not be reached". I have tried it both with the IE and with the Chrome browser. But none of them works. In public, I have no problem accessing other web servers connected to the same Verizon router used to send and receive communications over port 80. So there is either a problem with Windows 10 or the setup of my IIS server. It may also be that the router has problems with forwarding the port. I only advise. I dont know. It has been 4 days and countless hours, but I still can not find any clue why this is happening. Could someone help me who has undergone a similar situation ?! Thanks for all your help!

Screenshots of my settings:
Port-forwarding
Port bond

[WTS] Cost-effective VPS hosting + high availability and low prices: DataPacket.net | 24/7 support!

Since 2001 the best hosting at the best price!

DataPacket.netThe mission is simple, we offer the best hosting at the best price. Price, service and support come first. Our customers come first and you will see that this is reflected in every service we deliver. We are an experienced and professional technology partner you can count on.

The DataPacket VPS hosting Platform offers dedicated server functionality, control and security. Reliable VPS hosting with total reliability, free VPS management (over $ 100 / month), guaranteed uptime, and a 30-day, no-risk money-back guarantee:

VServer (1 GB) 7.95 USD / month
Free server administration
Set up within 24 hours
KVM hypervisor
1 Intel Xeon CPU core
50 GB SSD
1 GB RAM
Private network with 1000 Mbit / s
100 Mbps public network
500 GB monthly transfer
== >> Buy now!

VServer (2 GB) 14.95 USD / month

Free server administration
Set up within 24 hours
KVM hypervisor
2 Intel Xeon CPU cores
100 GB SSD
2 GB RAM
Private network with 1000 Mbit / s
100 Mbps public network
1500 GB monthly transfer
== >> Buy now!

VServer (4 GB) 21.95 USD / month

Free server administration
Set up within 24 hours
KVM hypervisor
4 Intel Xeon CPU cores
200 GB SSD
4 GB RAM
Private network with 1000 Mbit / s
100 Mbps public network
3000 GB monthly transfer
== >> Buy now!

(Pay your bill annually and get two months for free!)

Why choose us?

1) Solutions and services – DataPacket can create a strategic solution that fits your budget with a range of products. Guaranteed reliability, performance and ease of use.
2) recognitions and awards – DataPacket is consistently recognized for its innovation in products, services and supplies to help grow its customer business.
3) Award winning 24/7 support – Get world-class customer support from DataPacket. Leading technology experts are here to help.
4) Global cloud footprint – DataPacket is a cutting-edge technology and 100% cloud-based. The company has a comprehensive global IP network and data centers.

If you have any questions, please contact us:
Phone: +1 (407) 995-6628
Mail: service @ datapacket.net
Address: 401 E 1st Street # 1868 – 0080
Sanford, FL 32772
United States
Or TICKET TRANSFER!

,

Separate Witness – Find the sender's public key in SegWit Transaction

The public key you mentioned is indeed the sender's key and was used to derive the P2SH address (P2PKH): 35yfMa3CRBiWny8DFdb4tUu9fn7fcdvVp9, The way in which a P2SH address (P2PKH) is derived is as follows:

1. witness_script = hash160 (pub_key) #this is equal to & # 39; 4b9d2d3dd1174ad656754a0c664e7a129b131f3b & # 39;
2. witness_version = 0x00 # current SegWit version
3. scriptSig = witness + OP_DATA (0x14) + witness_script
#Above is equal to & # 39; 00144b9d2d3dd1174ad656754a0c664e7a129b131f3b & # 39; and is displayed in scriptSig in Explorer.
# 0x14 instructs the script to write the next 20 bytes to the stack
4. public_address = hash160 (scriptSig)
5. bitcoin_address = base58check (public_address) # with the prefix 0x05
Result = 35yfMa3CRBiWny8DFdb4tUu9fn7fcdvVp9

Native SegWit transactions work by locking an output scriptPubKey: version + OP_DATA (bytes to transfer) + witness_script, For older customers, it looks like everyone could issue a transaction because there is no opcode that confirms anything. To use the lower fees for SegWit transactions while being compatible with wallet software that SegWit does not know, we use the scriptPubKey as the script and create a P2SH lock script out of it. The lock script is thus: OP_HASH160 OP_EQUAL, (The public_address convention is the same as the one I mentioned while deriving the above address.) A customer can send you bitcoins without updating their wallet software to be SegWit-enabled. However, if you spend the bitcoins, you can use the lower fees of SegWit.

Now to check when this issue is issued in a transaction: Older clients checking the transaction look at only those scriptSig, take his has160, check with that public address and consider this transaction as valid. Newer customers will find that the scriptSig is in itself a SegWit and looks in the witness part of the transaction for signatures. There, the clients make sure that the hash160 of the public key matches the witness_script, and the signature then matches the public key if it is signed with the transaction as a message. The signature message digest is described in BIP 143.

Wallet Recovery – How can Trezor recover all public keys from different blockchains?

Trezor follows (and helped design) BIP44.

BIP44 describes how a single mnemon can be used to create individual keychains for different blockchains and how multiple accounts can work within those keychains.

This is not a foolproof system. If you deviate from the expectations of BIP 44 (for example, if you use addresses that go beyond the 20-address gap limit), the automatic recovery software can not find all the addresses used, as most companies and exchanges address without assuming that they will be used consecutively.

For some purses this is a safe assumption that Trezor makes.

Transactions – Find the sender's public key in the Segwit block

How can I get the sender's public key in a Segwit transaction?

Example: https://www.blockchain.com/btc/tx/3179d18d6f36fa77b88909496535485d8188d96b79d295843789a9e0ff6c3e6a

I like to analyze the witness share as in

02: 2 articles follow

47: 0x47 = 71 bytes (signature)

304402201cf8db0c4afc164970ec4397327fe9b1dd9b7ff4a9093f94e554d624b5ffdcb702202848072c17f2f2bcce16b8d7cb2efdad87bc6c942b79f44b79f1f1f1f1c

21: 0x21 = 33 bytes (the pubkey)

02384052a5ecde83bf8ee7ed77f378edb58aa65de22c4e91af87eee68015b9d509: the actual pubkey

But this pubkey is Not the public key of the sender. It's probably the pubkey of a Segwit (or something like that) …

How exactly is this signature composed and which pubkey is that? And more importantly, how can I get the sender's public key (which in this example belongs to 35yfMa3CRBiWny8DFdb4tUu9fn7fcdvVp9)?

Thanks for all the hints

Privacy – If you use a shared / public VPN, can other users with the same IP address log in to your accounts?

I know that browsers use cookies. For example, if I log in to Facebook on a public computer and forget to log out, the next person opening a new browser can switch to my account.

This works the same way for shared VPNs, especially sites that are not https? Can someone on the same VPN network tap your traffic and cookies to gain access to your private accounts?