daemonhorn

Overview

This guide covers using both PIV smartcard and FIDO2 features of your Yubikey, SoloKey(v2), and Windows Hello for SSH authentication in a secure and portable manner. FIDO2 support works with YubiKey, SoloKey(v2), and Windows Hello(biometric:face, biometric:fingerprint, secure-element/pin) with OpenSSH as a relatively new feature which requires updated client and server versions. PIV support has been around with PKCS#11 for many years in the OpenSSH codebase, and is considered a more stable and ubiquitous solution when an applicable PKCS#11 library is available for your platform.

Windows Yubikey for ssh via PIV

Example below assumes that you have a piv key already generated in a yubikey slot the way you want. If you need to generate a new one, read the excellent documentation here: https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html and https://support.yubico.com/hc/en-us/articles/360021606180-Using-YubiKey-PIV-with-Windows-native-SSH-client

• This explains basic con

ZlodeiBaal

sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-pip gcc
sudo apt-get install -y python3-opencv
sudo apt-get install -y python3-numpy
sudo apt-get install git
sudo apt-get install wget
sudo apt-get install python3-setuptools
wget https://github.com/rockchip-linux/rknpu2/raw/master/runtime/RK356X/Linux/librknn_api/aarch64/librknnrt.so
sudo mv librknnrt.so /usr/lib/librknnrt.so
git clone https://github.com/rockchip-linux/rknn-toolkit2.git

reanim8ed

Using A Yubikey For SSH Authentication

Intro

Why do we need this?

Answer is simple – Security! Alternatives include storing private keys directly on a workstation – which makes them poorly protected in multitude of attacks. A better option is to use encrypted usb key but leaving inserted and unsealed usb key for a long time is insecure, while inserting it and removing it back and forth all the time is tedious.

YubiKey suits much better for this purpose by making your SSH keys much more secure while maintaining a great user experience.

What is Yubikey

YubiKey is a hardware security key which provides Universal 2nd Factor (U2F) cryptographic tokens through a USB and/or NFC interface. This means you have to explicitly authorize a new SSH session by tapping the YubiKey. The private SSH key should be useless to a malicious user who does not have access to the physical YubiKey on which the second private key is stored.

plembo

Add a bridge interface to Ubuntu desktop using nmcli

Had to do this for some advanced networking with KVM, and couldn't figure out how to do it using the Nework Manager gui. Did find an article later that showed how to do it with nmtui, but it's so much easier to record what you did when using the cli.

In the examples below "eth0" is the name of my physical interface. By default on Ubuntu and most distributions that will almost certainly be different, for example: "eno1", "ens1", or "enp2s0".

To see what everything looks like before starting:

martinsam16

Activate wsl2

dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
wsl --set-default-version 2

Install and Configure Ubuntu

phiresky

You can scale a SQLite database to multiple GByte in size and many concurrent readers by applying the below optimizations.

Run these every time you connect to the db

(some are applied permanently, but others are reset on new connection)

pragma journal_mode = WAL;

Instead of writing directly to the db file, write to a write-ahead-log instead and regularily commit the changes. Allows multiple concurrent readers, and can significantly improve performance.

andreibosco

Setting up Yubikey with SSH and Git on Windows 10 + Powershell

Based on the following guides:

• https://worklifenotes.com/2019/07/05/yubikey-for-ssh-on-windows-complete-walkthrough/
• https://scatteredcode.net/signing-git-commits-using-yubikey-on-windows/
• https://bhavik.io/2019/02/02/yubikey-git-ssh.html

Install dependencies

• Install Gpg4win
• Install PuTTY

greenmoss

#!/usr/bin/env bash
# This script renews letsecnrypt SSL certificates using Cloudflare dns-1 renewal
# It assumes you are using Mailcow
set -euo pipefail

# REQUIRED set these:
[email protected]
your_domain=mail.your.domain # only tested with single domain
cloudflare_ini_path=/root/.cloudflare # add your Cloudflare file here, called cloudflare.ini

mohanpedala

Table of Contents

• set -e, -u, -x, -o pipefail
• set -e
• set -x
• set -u
• set -o pipefail
• Setting IFS
• Original Reference

set -e, -u, -x, -o pipefail

ubergesundheit

systemd Service Unit for Traefik

Adapted from caddy systemd Service Unit

The provided file should work with systemd version 219 or later. It might work with earlier versions. The easiest way to check your systemd version is to run systemctl --version.

Instructions

We will assume the following: