Thank you for taking the time To make an instructional video however please be careful, a SIM swap attack doesn’t involve cloning someone’s SIM but rather porting out their phone # once you have sufficient details.
I don't get it, why does ssh-keygen command triggers touching the Yubikey? Was this setup this way beforehand? You are generating the key on your linux and not on your Yubikey, so what's Yubikey's involvement in this?
Many people recommend having two keys in case one goes missing. Is there a way to get one *-sk key working with two yubikeys or a way to configure ssh config to somehow pick the right key from ssh-agent depending on which yubikey is present?
You can't get one *-sk key working with two Yubikeys, as this cipher is basically normal U2F but you sign into your server instead of Google. The key handle in the client is derived from the secret on the key, which you can't change. The only way I can imagine this working (without having to tap the key more than once) is by: (a) using the i flag to select which key you want to use for each SSH command (b) set up more than one IdentityFile in your SSH config file, start with the one you use most often, the second as a backup, etc. the client should also have the public key that is stored on the server so it should be able to verify whether the response is correct and cycle through them if the first one fails.
You should run a Cardano staking pool, Wolfgang. You have the server skills and you wouldn't have problems to attract new delegators. Seriously you should consider it.
Number one you need two keys. Number two you should have a master key and a sub key. Number three if you have a Mac this is going to be a real pain for anybody that doesn’t know a command line. Four the yubikey manual and all the data out there is so outdated. If anybody buys one of these and doesn’t know what they’re doing. It’s gonna do them more harm than good. Believe that. But least you made money on clicks You’d be better off showing people how to use USB ports instead. You can store your SSH keys off-line point DSS agent to recognize hardware USB keys. I do understand the power of having a hardware solution. However I also understand being locked out of accounts thinking that you’re secure because you didn’t know what you were doing. My two cents anyway
Its cool Wolfgang was featured on Linode's channel. Awesome video!
You are awesome. Thanks for sharing your technical knowledge with us. It's very helpful to aspiring tech workers.
Great idea for 2FA using yubikey.
Thank you for taking the time
To make an instructional video however please be careful, a SIM swap attack doesn’t involve cloning someone’s SIM but rather porting out their phone # once you have sufficient details.
I don't get it, why does ssh-keygen command triggers touching the Yubikey? Was this setup this way beforehand? You are generating the key on your linux and not on your Yubikey, so what's Yubikey's involvement in this?
Excellent video! Thank you.
I would like to use the yubikey, but 50€ is too expensive for me. Is there a cheaper alternative available?
Any key which supports u2f :)
There is Solo which is open source and produced in Europe. I haven’t tried it but it’s cheaper than YubiKey solokeys.com
The yubikey security key costs around 20€, but lacks some features, maybe that is a good alternative for you
sehr gutes video.. man hört gerne zu 👍🏼
Great video, ty
Many people recommend having two keys in case one goes missing. Is there a way to get one *-sk key working with two yubikeys or a way to configure ssh config to somehow pick the right key from ssh-agent depending on which yubikey is present?
You can't get one *-sk key working with two Yubikeys, as this cipher is basically normal U2F but you sign into your server instead of Google. The key handle in the client is derived from the secret on the key, which you can't change.
The only way I can imagine this working (without having to tap the key more than once) is by:
(a) using the i flag to select which key you want to use for each SSH command
(b) set up more than one IdentityFile in your SSH config file, start with the one you use most often, the second as a backup, etc. the client should also have the public key that is stored on the server so it should be able to verify whether the response is correct and cycle through them if the first one fails.
allowing root password-based authentication for the first time sounds like a bad idea? why not use ssh key?
Aegis from F-droid for android would be better choice.
👀
hmm.
You should run a Cardano staking pool, Wolfgang. You have the server skills and you wouldn't have problems to attract new delegators.
Seriously you should consider it.
Number one you need two keys. Number two you should have a master key and a sub key. Number three if you have a Mac this is going to be a real pain for anybody that doesn’t know a command line. Four the yubikey manual and all the data out there is so outdated. If anybody buys one of these and doesn’t know what they’re doing. It’s gonna do them more harm than good. Believe that. But least you made money on clicks
You’d be better off showing people how to use USB ports instead. You can store your SSH keys off-line point DSS agent to recognize hardware USB keys. I do understand the power of having a hardware solution. However I also understand being locked out of accounts thinking that you’re secure because you didn’t know what you were doing. My two cents anyway