That’s awesome!
- 0 Posts
- 9 Comments
Joined 2 years ago
Cake day: July 6th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Fair enough;
Do a dry run for a CLIENT key, make sure you have the libfido2 middleware installed and working; Ensure you have set your sshd_config file properly with no-touch-required
From the documentation " Note: not all tokens support disabling the touch requirement." so do a test client side before banging your head on it.
Can you explain to me the workflow you have envisioned for the host identity key in /etc/ssh being keyed of a FIDO2 secure element? You plug a secure element into a server?
Sounds like you want something like a HSM that integrates into your sshd to pull the certificates. Even then you have the chicken and egg problem, how do you identify the hardware to the HSM? You need some trusted boot environment, and now your down into vender specific implementations to “trust” the booted hardware.
KVM, QEMU are the most common solutions here
https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html
I followed this guide and works fine for me, macos client.
0·17 days agoPop it into a different machine and use a tool like dban to wipe it.
Openstack has a huge ecosystem
3:2:1 - Cattle not pets - If your data is backed up in multiple sites, the death of one site shouldn’t overwhelm you, and give you time to recover.
If your primary site drives are getting above their designed lifetime, rotate them out, sure - but they could be used as part of the backup architecture else where (like a live offsite sync location with enough tolerance for 2 disk failures to account for the age).
3 copies of your data; 2 types of media; 1 copy offsite.
Kde connect is also a option