cmc cmc

I hereby claim:

I am cmc on github.
I am cmccsec (https://keybase.io/cmccsec) on keybase.
I have a public key whose fingerprint is 9CC9 F1A8 39AD FA13 CC44 927D 972D 9418 25A3 8832

To claim this, I am signing this object:

I hereby claim:

I am cmccsec on github.
I am cmccsec (https://keybase.io/cmccsec) on keybase.
I have a public key whose fingerprint is DDDF 2043 76B1 2992 CF53 FE08 6CA2 02FD 2703 7BAF

To claim this, I am signing this object:

I hereby claim:

I am cmc87 on github.
I am cmccsec (https://keybase.io/cmccsec) on keybase.
I have a public key whose fingerprint is DDDF 2043 76B1 2992 CF53 FE08 6CA2 02FD 2703 7BAF

To claim this, I am signing this object:

	### I use HSM backed SSH certs and so can you. [why?: keys can be stolen, certs expire!]

	1. Get a YubiHSM2 @ https://www.yubico.com/products/hardware-security-module/
	2. Follow this: https://github.com/YubicoLabs/yubihsm-ssh-tool [ Yes, you're going to have to install all the other yubico stuff too, yubico-connector, etc, ..] on your issuing machine, or airgapped machine.
	3. Be content that you can now sign certificates with the HSM on the issuer/airgapped machine.
	3. Update /etc/ssh/sshd_config on remote server to add:
	TrustedUserCAKeys /etc/ssh/ca.pub
	AuthorizedPrincipalsFile /etc/ssh/auth_principals/%u
	4. Add principals here:
	ex:

	import logging
	import os
	import requests
	import sys
	import time

	ROOT = logging.getLogger()
	ROOT.setLevel(logging.DEBUG)
	HANDLER = logging.StreamHandler(sys.stdout)
	HANDLER.setLevel(logging.DEBUG)