Configuring YubiKey for GPG and U2F

Here is a little walkthrough on how to get started with the YubiKey and GPG. After following this guide you will have a secure setup using a YubiKey containing your GPG keys as well as an authentication key that could be used for SSH. Moreover the configured YubiKey will also be capable of U2F and managing a password store (for examples, … Continue reading Configuring YubiKey for GPG and U2F

OpenSSH jump-host and file-transfer

This article was inspired by a previous post on my personal blog: https://www.freeture.ch/?p=815 Intro OpenSSH is a great tool, everybody knows that (even Microsoft). It's commonly used to securely take control or copy a bunch of files to or from remote machines. Another common scenario is to have a machine between two networks that acts as … Continue reading OpenSSH jump-host and file-transfer

OpenSSH hardening for cloud machine – Two-factor authentication – part 2

I enthusiastically use two-factor authentication whenever possible because static passwords aren't the best mechanism to mitigate risk... Traditional passwords are vulnerable to social engineering, key-loggers, malwares and—especially as computers become ever faster—to cracking. With many popular websites providing two-factor authentication (TFA, T-FA or 2FA), why shouldn't you add two-factor authentication to OpenSSH that run on the … Continue reading OpenSSH hardening for cloud machine – Two-factor authentication – part 2

OpenSSH hardening for cloud machine – part 1

SSH is often required to access Linux machines that run on the Cloud infrastructure. SSH is perfect to keep confidentiality and integrity of data exchanged between two networks and systems. However, this service exposes a new attack surface  that could be exploited by a threat agent. The aim of this post is to provide tips on how to … Continue reading OpenSSH hardening for cloud machine – part 1

Softraid and crypto for OpenBSD 5.3/5.4

DISCLAIMER: This how-to must be taken as is, it should not replace the official documentation and is not meant to do so. It may be useful as these features are quite new and not heavily documented on the net. OpenBSD supports booting from a raid volume since version 5.3. Before that, the way to have … Continue reading Softraid and crypto for OpenBSD 5.3/5.4

LaCie RuggedSafe under GNU/Linux

The RuggedSafe from LaCie is basically an encrypted external hard drive that uses 128 bit AES hardware encryption to protect your data. Your fingerprint is the key that is used to decrypt the content of the disk. It means that if your hard disk is stolen or lost, theoretically nobody can access your data. It's a … Continue reading LaCie RuggedSafe under GNU/Linux