sigmoid.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A social space for people researching, working with, or just interested in AI!

Server stats:

605
active users

#Yubikey

1 post1 participant0 posts today

Interesting discovery using #Bitwarden#VaultWarden on #Ubuntu Desktop with #YubiKey Bio

There are 4 #Linux client options: Flatpak and Snap (both with full support), plus AppImage and .deb (no auto-updates).

Today I found that browser integration in #Firefox with biometric unlock only works for me via #AppImage and .deb.

#Flatpak and #Snap claim full support, but browser integration doesn’t work yet in my case.

Still, happy with #Bitwarden — the AppImage and .deb versions work great! 👌

With USB/IP, I can now use my YubiKey remotely via SSH in the same way as I was sitting in front of my machine. Both in early boot stage (initrd); unlocking LUKS encrypted filesystem, and in booted system stage; signing git commits and authenticate to GitHub. Great! But what about using FIDO2/WebAuthn via RDP to log in to web services? USB redirection is not supported for xrdp. Is there any workarounds coming up to for example redirect WebAuthn from one machine to another?

I'm betting the answer here is "this isn't possible" but if anyone knows how to tell OpenSSH that when it's enumerating pubkeys it should check which of the two known authentication dongles is actually plugged into the computer, and only prompt me to unlock the SK key that belongs to that dongle, not both of them, please tell me how.

Does anyone have experience with either #Yubikey, #Nitrokey or any other hardware security token for both #MFA/#2FA as well as #encryption via #PGP/#GPG or #SMIME?

In particular, I am looking at the Nitrokey 3A NFC. As far as I can tell, Yubico only sells #MFA tokens(?), unless the YubiKey 5 FIPS Series can hold encryption keys as well?

Both price and open hardware aspect definitely speak for Nitrokey, but I do not know anyone who owns such a token... Anyone who I can talk to?

shop.nitrokey.comNitrokey 3A NFC

TIL that Pure Storage issues YubiKeys branded with their logo!

(eBay, not my listing:)

ebay.com/itm/135898756327

Interesting: Just over the side of the logo, the phrase "NO NFC" is seen (not sure if an add-on label, or part of the logo). NFC-enabled keys ship with NFC disabled by default until first power-up (and can be re-disabled in ykman -R / --restrict option):

yubico.com/getting-started/

... so I'm not sure if this means NFC is permanently disabled, but it seems likely. Will update when I get one.

So, #passkey question:

Is it possible that a web site that has been supporting YubiKeys for a while would automatically support Safari’s and 1Password’s passkeys, by means of it being webauthn in both cases, or at least appear to support them, even if it fails later?

That would explain some of the ignorance of customer service agents when you point out how their passkey implementation is broken.

Replied in thread

@Linux there are 3 big options you forgot that I know of which too ain't under #Cloudact aka. have no subsidiary/office/parent company in the #USA:

And for #PasswordManagers, there's also #Enpass for those that don't like #KeePassXC / #KeepPassDX / #KeePass and for organizations there's even #Passbolt as a centrally manageable solution. All of these allow #SelfCustody & #SelfHosting on-premise.