Wireguard Access Server

For years, I’ve relied on SSH as the gateway into my LAN from the outside world. I figure that, as far as services I could place on “the front-line” go, it’s pretty solid. It sure beats publicly exposed RDP right?! My usual setup is to configure Linux and OpenSSH Server on a Separate VM or RaspberryPi, and forward inbound SSH requests to that machine. I prohibit password-based logins in /etc/ssh/sshd_config and also install and configure DuoSecurity’s PAM module as an additional layer when logging in from the outside world over SSH. [Read More]

GPG/SSH with the YubiKey 5

Yubico just announced the new YubiKey 5 and of course I needed to buy one! This gave me a great opportunity to update my somewhat popular GPG/SSH with YubiKey guide. The YubiKey 5 includes support for: Universal Second Factor (U2F) - FIDO & FIDO 2! (nothing uses FIDO 2 but I had to have it ;) CCID Smart Card: RSA (and now ECC) / OpenPGP NFC (starting to be supported by some iOS apps) This guide walks through: [Read More]