daemonhorn

Overview

This guide covers using both PIV smartcard and FIDO2 features of your Yubikey, SoloKey(v2), and Windows Hello for SSH authentication in a secure and portable manner. FIDO2 support works with YubiKey, SoloKey(v2), and Windows Hello(biometric:face, biometric:fingerprint, secure-element/pin) with OpenSSH as a relatively new feature which requires updated client and server versions. PIV support has been around with PKCS#11 for many years in the OpenSSH codebase, and is considered a more stable and ubiquitous solution when an applicable PKCS#11 library is available for your platform.

Windows Yubikey for ssh via PIV

Example below assumes that you have a piv key already generated in a yubikey slot the way you want. If you need to generate a new one, read the excellent documentation here: https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html and https://support.yubico.com/hc/en-us/articles/360021606180-Using-YubiKey-PIV-with-Windows-native-SSH-client

• This explains basic con

ZlodeiBaal

sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-pip gcc
sudo apt-get install -y python3-opencv
sudo apt-get install -y python3-numpy
sudo apt-get install git
sudo apt-get install wget
sudo apt-get install python3-setuptools
wget https://github.com/rockchip-linux/rknpu2/raw/master/runtime/RK356X/Linux/librknn_api/aarch64/librknnrt.so
sudo mv librknnrt.so /usr/lib/librknnrt.so
git clone https://github.com/rockchip-linux/rknn-toolkit2.git

reanim8ed

Using A Yubikey For SSH Authentication

Intro

Why do we need this?

Answer is simple – Security! Alternatives include storing private keys directly on a workstation – which makes them poorly protected in multitude of attacks. A better option is to use encrypted usb key but leaving inserted and unsealed usb key for a long time is insecure, while inserting it and removing it back and forth all the time is tedious.

YubiKey suits much better for this purpose by making your SSH keys much more secure while maintaining a great user experience.

What is Yubikey

YubiKey is a hardware security key which provides Universal 2nd Factor (U2F) cryptographic tokens through a USB and/or NFC interface. This means you have to explicitly authorize a new SSH session by tapping the YubiKey. The private SSH key should be useless to a malicious user who does not have access to the physical YubiKey on which the second private key is stored.

plembo

Add a bridge interface to Ubuntu desktop using nmcli

Had to do this for some advanced networking with KVM, and couldn't figure out how to do it using the Nework Manager gui. Did find an article later that showed how to do it with nmtui, but it's so much easier to record what you did when using the cli.

In the examples below "eth0" is the name of my physical interface. By default on Ubuntu and most distributions that will almost certainly be different, for example: "eno1", "ens1", or "enp2s0".

To see what everything looks like before starting:

martinsam16

Activate wsl2

dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
wsl --set-default-version 2

Install and Configure Ubuntu

phiresky

You can scale a SQLite database to multiple GByte in size and many concurrent readers by applying the below optimizations.

Run these every time you connect to the db

(some are applied permanently, but others are reset on new connection)

pragma journal_mode = WAL;

Instead of writing directly to the db file, write to a write-ahead-log instead and regularily commit the changes. Allows multiple concurrent readers, and can significantly improve performance.

andreibosco

Setting up Yubikey with SSH and Git on Windows 10 + Powershell

Based on the following guides:

• https://worklifenotes.com/2019/07/05/yubikey-for-ssh-on-windows-complete-walkthrough/
• https://scatteredcode.net/signing-git-commits-using-yubikey-on-windows/
• https://bhavik.io/2019/02/02/yubikey-git-ssh.html

Install dependencies

• Install Gpg4win
• Install PuTTY

ubergesundheit

systemd Service Unit for Traefik

Adapted from caddy systemd Service Unit

The provided file should work with systemd version 219 or later. It might work with earlier versions. The easiest way to check your systemd version is to run systemctl --version.

Instructions

We will assume the following:

skarllot

Install

• Enable Windows Feature named '.NET Framework 3.5 (includes .NET 2.0 and 3.0)'.
• .NET Compact Framework 3.5 Redistributable: https://www.microsoft.com/en-us/download/details.aspx?id=65
• Power Toys for .NET Compact Framework 3.5: https://www.microsoft.com/en-us/download/details.aspx?id=13442

Force MSBuild support

• Copy files and directories from 'C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\*' to 'C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5';
• Copy files from 'C:\Program Files (x86)\Microsoft.NET\SDK\CompactFramework\v3.5\Debugger\BCL\*' to 'C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5\Profile\CompactFramework' directory;
• Create 'RedistList' directory inside created 'CompactFramework' directory;
• Create 'FrameworkList.xml' inside 'RedistList' directory and type the following:

jmarolf

Advanced

editorconfig name	possible values
dotnet_sort_system_directives_first	true , false

Indentation Options

editorconfig name	possible values
csharp_indent_block_contents	true , false
csharp_indent_braces	true , false