Upgrading the TPM in HP Small Form Factor PCs for use in Linux
I’ve recently bought a few Small Form Factor PCs on eBay to use as part of my backup setup. Its hard to beat the price - I’ve gotten 4 core, 16GB machines with 250G NVMe SSDs for around $50 - $60 shipped. For one of these machines, I wanted to use the TPM to seal my SSH keys, and had to upgrade it from TPM 1.2 to 2.0. These are my notes on how to do that.
read more...
Tags: linux security ssh gpm thrift
I’ve recently bought a few Small Form Factor PCs on eBay to use as part of my backup setup. Its hard to beat the price - I’ve gotten 4 core, 16GB machines with 250G NVMe SSDs for around $50 - $60 shipped. For one of these machines, I wanted to use the TPM to seal my SSH keys, and had to upgrade it from TPM 1.2 to 2.0. These are my notes on how to do that.
read more...
Tags: linux security ssh gpm thrift
Consolidated Guide to Using Yubikeys with Linux
Passwords are terrible, but Yubikeys are awesome, especially for reducing the number of passwords you need to remember and the risk of those passwords being stolen. After a fair amount of experimentation, I’ve landed on the following setup to make the most use of my Yubikeys: LUKS full disk encryption Local Linux login and sudo SSH keys for remote login Remote sudo over SSH GPG private key storage AWS CLI authentication Encrypted email with Thunderbird Using Yubikey-backed keys with Git/Github You’ll also naturally get browser-based U2F support, without having to do any extra work.
read more...
Tags: yubikey linux security u2f gpg ssh
Passwords are terrible, but Yubikeys are awesome, especially for reducing the number of passwords you need to remember and the risk of those passwords being stolen. After a fair amount of experimentation, I’ve landed on the following setup to make the most use of my Yubikeys: LUKS full disk encryption Local Linux login and sudo SSH keys for remote login Remote sudo over SSH GPG private key storage AWS CLI authentication Encrypted email with Thunderbird Using Yubikey-backed keys with Git/Github You’ll also naturally get browser-based U2F support, without having to do any extra work.
read more...
Tags: yubikey linux security u2f gpg ssh