On 22.07.2015 09:48, Stefan G. Weichinger wrote: > btw I have 2 keys at hand already, thanks. > I am considering to get some of the tiny nano-keys for my thinkpads.
learning and testing goes on. As I try setting this up with 2 keys on 3 physical machines, with 2 distros (fedora and gentoo) and 5 installations ... this gets quite complex ;-) (customer servers not counted ... sure) I try to put all my steps into a separate ansible playbook to automate it. This should be a boildown of dozens of howtos and blog entries I read and sourced over the last weeks. For example I set up local authentication via challenge-response today: to login to my system you need to have a correct password AND one of my yubikeys has to be plugged into the box. This leads to thinking about what kind of protection this provides and which it does not ... but it raises the overall level. (for laptops: a Neo-N plugged in all time? convenient .. but .. ? ) One has to think of a emergency routine how to access the own system if the key gets lost etc etc - In general I have to say that "playing" with Yubi-Keys and using LastPass helped me to think about several weak points in my overall setup.
