MacDuff Engineering

Enabling contained, passwordless sftp from NX-OS switches to a Linux server Note: This post is barely note-to-self grade documentation. Pulled together long after originally implemented, it may be missing necessary commands or information. Hopefully this is enough to be able to reproduce the concepts if ever useful elsewhere, but not likely to work as-is without experimentation, research, and validation. Goal Allow switches to push (e.g. config backups, à la tftp, but with connection security) and pull (e.g. OS image files) to and from a linux server. Notable characteristics of this solution Makes use of standard linux ugo permission heirarchy Switches use ssh public key authentication for sftp connnections Ssh daemon configuration and linux group membership allows switches to: Read and write from a common directory Have all their public keys in a single file on the server not each switch with its own ~/.ssh/authorized_keys Which in turn means no need for unique home directories Only h...

On Starting a Blog Why a blog? For practice writing. In particular, to practice releasing written communication that I do not feel is perfect—or fully right, maybe even sometimes good enough. Also, as a place to put long-form ideas—stuff that is too long, or obscure, for social media platforms. Expectations Target audience Me. Mostly. If I write something up, and think it would be useful to someone, I might share a link to that article with that person. And anyone else that finds their way to it and (hopefully) finds something useful. Content Varied. I may get to writing up some thoughts on God, and what Jesus has done for me. I might write about World Vision, and the incredible work God is doing through them—community development; WAter Sanitation and Hygiene; humanitarian crisis response. Maybe some thoughts on/from foster care (if I can suitably anonymize them). Definitely tech stuff Project or task writeups “Bookmarks” with notes-to-self Links to stuff I am working on or with Long ...