Re: [57north-discuss] [57north-announce] 2018-03-13 Grey Open Tueday
Hi, anyone home? Just downstairs, phone is ringing out. Cheers Andy On Tue, 13 Mar 2018, 11:05 Robert McWilliam, wrote: > On Tue, 13 Mar 2018, at 10:02, Dave Hibberd wrote: > > If you're coming in, feel free to reply and tell us all what you're > > planning to do! > > > > I'm actually at home this week so will be along this evening. > > I think I'll be butchering some USB cables. > > Robert > > Robert McWilliam r...@allmail.netargh.technology > > May your headphones snag on ever door handle. > 57North Hacklab Ltd. is a company registered in Scotland (No. SC470230). > 57North and 57North Hacklab are trading names of 57North Hacklab Ltd. > ___ > 57north-announce mailing list > 57north-annou...@lists.57north.co > http://lists.57north.co/listinfo/57north-announce ___ 57north-discuss mailing list 57north-discuss@lists.57north.co http://lists.57north.co/listinfo/57north-discuss
Re: [57north-discuss] [57north-announce] 2018-03-13 Grey Open Tueday
On Tue, 13 Mar 2018, at 10:02, Dave Hibberd wrote: > If you're coming in, feel free to reply and tell us all what you're > planning to do! > I'm actually at home this week so will be along this evening. I think I'll be butchering some USB cables. Robert Robert McWilliam r...@allmail.netargh.technology May your headphones snag on ever door handle. ___ 57north-discuss mailing list 57north-discuss@lists.57north.co http://lists.57north.co/listinfo/57north-discuss
Re: [57north-discuss] [57north-announce] 2018-03-13 Grey Open Tueday
> Could you share how you gpg'd up your yubikey? > > - [tj] Aye. Other people may want context: I have moved my Debian signing GPG key to a yubikey for portability and convenience. Because I have an 'Authentication key' in place, I can use my yubikey as a travelling SSH authenticator too - I can use the device to ssh to my build server, build Debian packages and sign them on my local machine using the signing key stored on the yubikey. Useful reading is: https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/ https://github.com/drduh/YubiKey-Guide https://www.yubico.com/support/knowledge-base/categories/articles/use-yubikey-openpgp/ https://wiki.debian.org/Smartcards/YubiKey4#OpenPGP I leaned on the DrDuh, ESEV, and Debian links most. Important things I did/lessons learned: Backed up my entire .gnupg directory before I started. I have that buried away somewhere secure in case this all turns out to be a catastrophically shit idea. I have recorded my admin pin and user pin in my password store using a different GPG key for encryption. If you want to use the SSH Authentication feature, ensure you have the correct subkeys. As far as I can tell, the Yubikey has 3 slots for keys. 1x Master, 2x Subkeys to fulfill the following roles: * Signature * Encryption * Authentication If you haven't already, generate keys following*: https://github.com/drduh/YubiKey-Guide#create-subkeys There is ongoing anxiety regarding the security of cryptographic generation of numbers on yubikeys, so probably do this on your PC. Also, keys generated on yubikeys are hard (impossible?) to get off. You want to keep your life portable. Act with caution following the guide here - I have not (yet) published the Authentication key on keyservers as I'm not sure how the gnupg-agent generates the ssh key. I want to read up on that /before/ I potentially give folks easy access to my private bits. Configure the yubikey, then smartcard settings: https://github.com/drduh/YubiKey-Guide#configure-yubikey In the 'configure smartcard' section of Drduh guide, https://github.com/drduh/YubiKey-Guide#configure-smartcard, I didn't notice it was the admin pin I was setting first, and had to fanny about with unblocking and resetting pins. Don't do this. Read and consider what you are doing to minimise time wasted. Use a unique pin, for each and it must be at least 8 numbers long. The admin pin allows for control over the device configuration. The user pin provides 2FA (the button on the device must be pressed /and/ the pin must be entered). I transferrred the keys using key2card as mentioned in the drduh guide: https://github.com/drduh/YubiKey-Guide#transfer-keys For SSH authentication, by default the yubikey will not wait for you to touch it to authenticate. I dislike this as it means any rogue program/user can use it to authenticate with $server in my terminal history. To require touch input for each approval, I used this script: https://github.com/a-dma/yubitouch But if you have the yubikey manager installed, follow https://github.com/drduh/YubiKey-Guide#requiring-touch-to-authenticate It takes a little while to recognise the flashes the yubikey is doing - sometimes I don't realise till after the operation has failed it actually wanted my input. Keep an eye on it and learn to understand the "I'm busy being edited" blink and the "I want you to touch me" blink -- Hibby d...@vehibberd.com MM3ZRZ ___ 57north-discuss mailing list 57north-discuss@lists.57north.co http://lists.57north.co/listinfo/57north-discuss
Re: [57north-discuss] [57north-announce] 2018-03-13 Grey Open Tueday
On 13/03/18 10:02, Dave Hibberd wrote: > [...] > If you're coming in, feel free to reply and tell us all what you're > planning to do! > > I shall be in for about 7ish. I'll be showing off my first test builds of > Debian Hamradio Blend Live image, working on the next one, talking about > having one of my GPG keys on a yubikey, sending a few emails and dossing > around happily. Hi, Hibby. I'm down in Norwich on a course this week, so I won't be in tonight. Bye, Tony. -- Minke Informatics Limited, Registered in Scotland - Company No. SC419028 Registered Office: 3 Donview, Bridge of Alford, AB33 8QJ, Scotland (UK) tel. +44(0)19755 63548http://minke-informatics.co.uk mob. +44(0)7985 078324mailto:tony.tra...@minke-informatics.co.uk ___ 57north-discuss mailing list 57north-discuss@lists.57north.co http://lists.57north.co/listinfo/57north-discuss
Re: [57north-discuss] [57north-announce] 2018-03-13 Grey Open Tueday
On Tue, Mar 13, 2018 at 10:02:37AM +, Dave Hibberd wrote: > After the terror, chaos and wild weather caused by my being busy and > not having time to send the email last week, all has returned to a > steady state of calm and productivity. > > For those of you not in the know, Tuesday evenings are open to anyone > who wishes to come to 57North, Aberdeen's Hackerspace[1]! We get up to > a range of activities on Tuesday nights, including but not limited to > social contact, programming, manufacturing weird things and consuming > sugary treats. We usually begin at about 7, but sometimes someone > will be in earlier. If you're unsure, ask in IRC[2]! > > If you're new, I'd suggest you bring a laptop, and perhaps a project > you want to work on. > > If you're coming in, feel free to reply and tell us all what you're > planning to do! > > I shall be in for about 7ish. I'll be showing off my first test builds > of Debian Hamradio Blend Live image, working on the next one, talking > about having one of my GPG keys on a yubikey, sending a few emails and > dossing around happily. I won't be in I have to try and bank some sleep before a whirlwind of hackathons and meetings at the IETF next week. Could you share how you gpg'd up your yubikey? - [tj] ___ 57north-discuss mailing list 57north-discuss@lists.57north.co http://lists.57north.co/listinfo/57north-discuss