Skip to content

Instantly share code, notes, and snippets.

View kimminss0's full-sized avatar

Minseo Kim kimminss0

20 followers · 15 following
View GitHub Profile
@arianvp
arianvp / SSH_MACOS_SECURE_ENCLAVES.md
Last active March 4, 2026 14:54
Native Secure Enclaved backed ssh keys on MacOS

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

@BertanT
BertanT / guide_macskeyinstaller.md
Last active February 26, 2026 19:32
macOS OpenSSH Client Patcher for Hardware Security Key Support (ED25519-SK With YubiKey Etc.)

🔐 macOS OpenSSH Patcher for Hardware Security Keys

Supports ED25519-SK with Yubikey and other FIDO2 hardware security keys!

🤔 Discussion

Despite being compiled to support hardware security keys that take advantage of the FIDO2 protocol, the built-in OpenSSH client on macOS Sonoma and above lacks the middleware/library to support these devices. To keep using the built-in client - which is often the most stable and secure method for SSH connections - we need to compile the Security Key Provider from OpenSSH source and tell the macOS client about it ourselves.

This script does all of that for you on both Apple Silicon and Intel Mac computers!

The script installs openssl and libfido2 along with the required build tools from Homebrew. It then clones the latest main branch of OpenSSH Portable and builds from it the Security Key Provider library: sk-libfido2.dylib. It finally moves the built library to /usr/local/lib/, modifies ~/.zshenv to expor

@partikus
partikus / README.md
Created November 13, 2023 06:45 — forked from lmb/README.md
macOS: use ssh-agent from homebrew

This recipe allows you to use the ssh-agent from homebrew with the auto generated SSH_AUTH_SOCK in /private/tmp. It works because disabling com.openssh.ssh-agent doesn't stop launchd from allocating SSH_AUTH_SOCK. com.homebrew.ssh-agent spawns a shell to remove the socket and then execute the homebrew ssh-agent.

  1. Install openssh from homebrew
  2. Disable the built in macOS agent: launchctl disable gui/$UID/com.openssh.ssh-agent
  3. Copy com.homebrew.ssh-agent.plist into ~/Library/LaunchAgents
  4. Enable the new agent: launchctl bootstrap gui/$UID com.homebrew.ssh-agent.plist
  5. Ensure that the correct agent is running:
@thelastlin
thelastlin / libsk-libfido2_BUILD_FROM_OPENSSH.md
Last active March 2, 2026 22:27
Build libsk-libfido2.so from OpenSSH-portable

Tested on macOS Sonoma Developer beta 2 (23A5276g)

Build libsk-libfido2.so

Prerequisite

  1. Download openssh-portable source code, install libcrypto, libfido2;
  2. Configure openssh-portable build system by ./configure # [options].

Apply patch

@fschiettecatte
fschiettecatte / Samba_MacOS.md
Last active February 28, 2026 21:28
Setting up SAMBA for Linux / MacOS

Setting up Samba for Linux / MacOS

I recently (re)switched from using Netatalk to Samba for file access from macOS (15.x) to linux (AlmaLinux 9.x).

Obviously the Samba is a great resource, on the Samba Wiki the Configure Samba to Work Better with Mac OS X was invaluable for setting up the /etc/samba/smb.conf file, and the vfs fruit man page contains documentation for all the options.

Here is the /etc/samba/smb.conf file I use:

# See smb.conf.example for a more detailed config file or
@daemonhorn
daemonhorn / freebsd_yubikey_authentication.md
Last active March 4, 2026 02:27
Setting up yubikey/solo2 for piv, fido, and gpg on FreeBSD (Firefox, Chromium, PAM, SSH, and GnuPG)

Overview

How to configure FreeBSD and applicable applications to work with Yubikey for authentication. This serves as my work-in-progress documentation of the configuration knobs needed to make this work properly.

  • FreeBSD ssh with piv smartcard slot on Yubikey (pkcs11 via libykcs11.so)
  • FreeBSD ssh with fido support on Yubikey
  • FreeBSD Firefox/Chromium with fido + webauthn support on Yubikey
  • FreeBSD local console and gdm authentication using pam on Yubikey
  • FreeBSD official YubiKey tools

Latest Tested FreeBSD versions

  • FreeBSD 13.2 Testing (Aug 2023)
  • FreeBSD stable/13 Testing (Aug 2023) with OpenSSH_9.3p2
@theodric
theodric / kvm-passthrough-notes
Last active August 25, 2025 14:58
Notes on device passthrough configuration for KVM hosts
2024-12-05: I have moved this information to a git repo which includes BIOS screenshots.
Please go here for all future updates:
https://github.com/theodric/kvm-vfio-notes
---------------------
Notes on getting KVM VFIO working on my hardware:
- CPU: Ryzen 7 5700G
- MB: Biostar B550T-SILVER
- Host GFX: Ryzen 7 5700G iGPU
@n1zyy
n1zyy / time.apple.com.md
Last active February 3, 2026 13:36
Apple NTP servers

Apple runs a fleet of stratum 1 NTP servers at time.apple.com. In my experience, ntpd/chronyd are very happy with them.

It looks like, instead of doing anycast, they maybe use DNS to steer you to the closest one.

time.apple.com is a CNAME for time-osx.g.aaplimg.com. Querying a handful of DNS servers, I've identified the following locations:

IP Hostname Location
17.253.2.125 usdal4-ntp-001.aaplimg.com. Dallas
@htr3n
htr3n / macos-ramdisk.md
Last active February 9, 2026 19:13
Creating RAM disk in macOS

Built-in

diskutil erasevolume HFS+ 'RAM Disk' `hdiutil attach -nobrowse -nomount ram://XXXXX`

where XXXXX is the size of the RAM disk in terms of memory blocks.

Notes:

@qoomon
qoomon / conventional-commits-cheatsheet.md
Last active March 5, 2026 07:30
Conventional Commits Cheatsheet