Upgrading the TPM in HP Small Form Factor PCs for use in Linux
I’ve recently bought a few Small Form Factor PCs on eBay to use as part of my backup setup. Its hard to beat the price - I’ve gotten 4 core, 16GB machines with 250G NVMe SSDs for around $50 - $60 shipped. For one of these machines, I wanted to use the TPM to seal my SSH keys, and had to upgrade it from TPM 1.2 to 2.0. These are my notes on how to do that.
read more...
Tags: linux security ssh gpm thrift
I’ve recently bought a few Small Form Factor PCs on eBay to use as part of my backup setup. Its hard to beat the price - I’ve gotten 4 core, 16GB machines with 250G NVMe SSDs for around $50 - $60 shipped. For one of these machines, I wanted to use the TPM to seal my SSH keys, and had to upgrade it from TPM 1.2 to 2.0. These are my notes on how to do that.
read more...
Tags: linux security ssh gpm thrift
Consolidated Guide to Using Yubikeys with Linux
Passwords are terrible, but Yubikeys are awesome, especially for reducing the number of passwords you need to remember and the risk of those passwords being stolen. After a fair amount of experimentation, I’ve landed on the following setup to make the most use of my Yubikeys: LUKS full disk encryption Local Linux login and sudo SSH keys for remote login Remote sudo over SSH GPG private key storage AWS CLI authentication Encrypted email with Thunderbird Using Yubikey-backed keys with Git/Github You’ll also naturally get browser-based U2F support, without having to do any extra work.
read more...
Tags: yubikey linux security u2f gpg ssh
Passwords are terrible, but Yubikeys are awesome, especially for reducing the number of passwords you need to remember and the risk of those passwords being stolen. After a fair amount of experimentation, I’ve landed on the following setup to make the most use of my Yubikeys: LUKS full disk encryption Local Linux login and sudo SSH keys for remote login Remote sudo over SSH GPG private key storage AWS CLI authentication Encrypted email with Thunderbird Using Yubikey-backed keys with Git/Github You’ll also naturally get browser-based U2F support, without having to do any extra work.
read more...
Tags: yubikey linux security u2f gpg ssh
Using a Yubikey and GPG for SSH authentication
Overview I wanted a way to secure my SSH private key on a hardware token, so I configured a Yubikey to store the key. This is an overview of the the steps I took to do this. Install required software GPG If you don’t already have GPG installed, you can get it from https://gnupg.org or install it via your favorite package manager. To install it via Homebrew: $ brew install gpg2 Pinentry (for Mac) We’ll also want to install a suitable pinentry program to use when authenticating to a remote server.
read more...
Tags: yubikey gpg ssh linux macos
Overview I wanted a way to secure my SSH private key on a hardware token, so I configured a Yubikey to store the key. This is an overview of the the steps I took to do this. Install required software GPG If you don’t already have GPG installed, you can get it from https://gnupg.org or install it via your favorite package manager. To install it via Homebrew: $ brew install gpg2 Pinentry (for Mac) We’ll also want to install a suitable pinentry program to use when authenticating to a remote server.
read more...
Tags: yubikey gpg ssh linux macos