That 1Password has a separate SSH key type! https://developer.1password.com/docs/ssh/manage-keys/
Also, that make has a MAKEFLAGS variable that can be used in recursive calls to make: see
https://earthly.dev/blog/make-flags/. This also means you can set -r, which eliminates default rules and file actions.
That you can have too many SSH keys :)
When I got
Received disconnect from 256.256.256.256 port 22:2: too many authentication failures
I found the following: https://www.tecmint.com/fix-ssh-too-many-authentication-failures-error/ which advocated adding
Host *
IdentitiesOnly yes
to reduce the number of tried keys
That Bitbucket pipelines has pipeline-specific SSH keys available at the path $BITBUCKET_SSH_KEY_FILE.
See https://support.atlassian.com/bitbucket-cloud/docs/variables-and-secrets/
Also, git rev-parse --show-git-dir yields a relative path to the .git dir for that repo.
how to setup passwordless SSH login:
ssh-copy-id $(whoami)@${other_host}
https://linuxize.com/post/how-to-setup-passwordless-ssh-login/
how to change a ubuntu machine’s computer’s hostname:
echo "new-hostname" > sudo tee /etc/hostname;
sudo sed -i 's/old-hostname/new-hostname/1' /etc/hosts;
sudo hosname 'new-hostname'; # <- for changes to take effect prior to reboot
h/t https://www.howtogeek.com/197934/how-to-change-your-hostname-computer-name-on-ubuntu-linux/
That sometimes ssh sessions with x-forwarding don’t unlock the GNOME “login” keyring. This can lead to “Cannot create an item in a locked collection” errors. The way to fix the problem is to:
printf "password: "
read -s password
printf "%s" "$password" | gnome-keyring-daemon --replace --unlock
That zsh completions in /usr/share/zsh/vendor-completions must start with a _ in order to work, e.g. /usr/share/zsh/vendor-completions/_rg. Not sure why, though.
While you can use the same SSH key for both authentication and signing, NIST recommends you shouldn’t: https://gist.github.com/ChristopherA/3d6a2f39c4b623a1a287b3fb7e0aa05b
git config commit.gpgSign true
git config tag.gpgSign true
git config gpg.format ssh
git config user.signingKey 'ssh-ed25519 AAAA...xyz'
That to verify git SSH commit signatures locally, you need to
git config gpg.ssh.allowedSignersFile $PATH_TO_ALLOWED_SIGNERS_FILE
The signers file will be in the form
user@email.com namespace="git" ssh-ed25519 AAA...jhq user@email.com
Once that’s set up. you can run
git log --show-signature
To verify signatures locally. Alternately, you can run
git log --format="signed:%G? fingerprint:%GF key:%GK"
See https://git-scm.com/docs/git-log#Documentation/git-log.txt-emGGem for more signature-related log format directives.
That setting the SSH_ASKPASS environment variable to point to an executable will cause ssh to use the stdout from that program to supply a password, if required.
This is useful for scripts that need to run non-interactively.
See https://www.man7.org/linux/man-pages/man1/ssh.1.html#:~:text=SSH%5FASKPASS