Ssh

Hardware-backed SSH keys end to end: YubiKey, PIV, software alternatives, and where SSH CAs fit in

A working guide to using a YubiKey for SSH on a real Linux fleet — the four knobs (resident, touch, PIN, agent), a four-mode policy for root and Ansible, software-only alternatives, and where SSH CAs fit in.

May 9, 2026 · 19 min

SSH Tunnel Magic: Your SSH Already Is Tailscale

SSH punching for everyone who only knows ssh user@host — how -D replaces a corporate VPN, -R replaces a mesh VPN for NAT’d boxes, and -L forwards Unix sockets. 3 flags, 3 bonuses, 1 man page.

April 24, 2026 · 5 min