Almost every developer ends up using a VPN for work sooner or later. Apart from figuring out how to authenticate, it’s seemingly a simple matter. VPNs—usually associated with privacy—can unfortunately be a source of serious privacy leaks just as easily. Let’s talk about what we may want to check after connecting to a corporate VPN.
Sometimes I need to access my files on my servers using SSH/SCP from a not fully trusted device and/or application (think: a smartphone). Usually I would create a new SSH key pair so that I can easily revoke these credentials later if such need arises. But what if the used application doesn’t support SSH keys or we do not want to use them for some reason?
There is a trick supposedly used by sysadmins in the olden days,
before sudo was around. I assume you’re at least aware of the
/etc/passwd file that contains the basic information about all the
system users. Information such as the username, historically hash of
the password1, the user and group ID (UID and GID). It looks like
this: