ShadowOfTheDay

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

Install osxfuse:

brew cask install osxfuse

Reboot your Mac.
Install ntfs-3g:

Install

Modify index.txt with your output path and proxy info
Use Text Builder to build configuration for Surge: $ text-builder -index /path/to/index.txt Or run $ sh build-all to build all your index files.
Import configuration via AirDrop/iTunes/Dropbox/iCloud

本人不提供任何保证和技术支持，使用者自负风险。
There are no guarantees, no any support. Use it at your own risk.

	#!/bin/sh
	#check if the script is already running
	PID=$$
	SCRIPT="$(basename $0)"
	TMPDIR="/tmp"
	MONITORPIDFILE="$TMPDIR/$SCRIPT-$$.nftmonitorpid"
	MONITORFIFO="$TMPDIR/$SCRIPT-$$.nftmonitorfifo"
	mkfifo "$MONITORFIFO"

	# Extract all ipset names from MWAN3

	#!/bin/bash

	start_ssredir() {
	# ss-libev 3.3.5+ support `-T` option
	(ss-redir -s SS_IP -p SS_PORT -m SS_METHOD -k SS_PASSWD -b 127.0.0.1 -l 60080 --no-delay -u -T -v </dev/null &>>/var/log/ss-redir.log &)
	}

	stop_ssredir() {
	kill -9 $(pidof ss-redir) &>/dev/null
	}

	http://ott.fj.chinamobile.com/PLTV/88888888/224/3221225800/index.m3u8，CCTV2高清
	http://ott.fj.chinamobile.com/PLTV/88888888/224/3221225801/index.m3u8，NEWTV超级综艺
	http://ott.fj.chinamobile.com/PLTV/88888888/224/3221225802/index.m3u8，CCTV4
	http://ott.fj.chinamobile.com/PLTV/88888888/224/3221225803/index.m3u8，NEWTV超级体育
	http://ott.fj.chinamobile.com/PLTV/88888888/224/3221225804/index.m3u8，NEWTV超级电影
	http://ott.fj.chinamobile.com/PLTV/88888888/224/3221225805/index.m3u8，CCTV7
	http://ott.fj.chinamobile.com/PLTV/88888888/224/3221225806/index.m3u8，NEWTV超级电视剧
	http://ott.fj.chinamobile.com/PLTV/88888888/224/3221225812/index.m3u8，CCTV1
	http://ott.fj.chinamobile.com/PLTV/88888888/224/3221225813/index.m3u8，CGTN
	http://ott.fj.chinamobile.com/PLTV/88888888/224/3221225814/index.m3u8，CCTV10高清

	# 你可以从该 URL 下载这个配置文件: http://surge.run/config-example/ios.conf
	# 用编辑器编辑后，再通过 iTunes, URL, AirDrop 或者 iCloud Drive 复制回 iOS 设备
	# Version 2.0

	[General]
	# 日志等级: warning, notify, info, verbose (默认值: notify)
	loglevel = notify
	# 跳过某个域名或者 IP 段，这些目标主机将不会由 Surge Proxy 处理。(在 macOS
	# 版本中，如果启用了 Set as System Proxy, 那么这些值会被写入到系统网络代理
	# 设置中.)

	[General]
	loglevel = notify
	skip-proxy = 127.0.0.1, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, localhost, *.local, ::ffff:0:0:0:0/1, ::ffff:128:0:0:0/1
	bypass-tun = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12

	# dns-server = 119.29.29.29,223.5.5.5,114.114.115.115
	# external-controller-access = PASSWORD@0.0.0.0:6155
	# ipv6 = true

	// REMEMBER TO CHANGE THE external-controller-access' PASSWORD

	#!/bin/sh

	uci batch << EOF
	add network switch_vlan
	set network.@switch_vlan[-1].device='switch0'
	set network.@switch_vlan[-1].ports='1t 5t'
	set network.@switch_vlan[-1].vlan='2'

	set network.guest='interface'
	set network.guest.type='bridge'