aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/README.md (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix broken 'SSH agent forwarding' internal linksWill Stephenson2024-03-251-3/+3
|
* Remove NEO (discontinued in 2018), sort troubleshootingdrduh2024-03-241-9/+7
|
* Update LUKS link, make commands consistent, more passphrase guidancedrduh2024-03-241-49/+67
|
* Optional hardening section, additional validation stepsdrduh2024-03-241-159/+160
|
* Fix typo in date commandWill Stephenson2024-03-191-1/+1
|
* Add command-line passphrase templatedrduh2024-03-171-1/+9
|
* Replace mkdir commandsdrduh2024-03-171-1/+17
|
* Install yubikey-manager directly on Debiandrduh2024-03-171-39/+5
|
* Simplify and automate fdisk commandsdrduh2024-03-171-112/+92
|
* Stick with 6/8 digit PINsdrduh2024-03-171-17/+12
|
* Remove obsolete stuff, clean up introdrduh2024-03-171-19/+11
|
* Move keyserver instructions to later, more batch commandsdrduh2024-03-171-82/+74
|
* Automate PIN and card operationsdrduh2024-03-161-120/+88
|
* Simplify instructions, reduce manual labordrduh2024-03-161-1137/+548
|
* Merge pull request #423 from Xronophobe/fix/quick-add-key-with-fprdrduh2024-03-111-4/+5
|\ | | | | update gpg --quick-add-key commands
| * update gpg --quick-add-key commandsCsanad Beres2024-03-071-4/+5
| | | | | | | | it seems to be only accepting fingerprints and rejecting key ID-s
* | formatting fixdrduh2024-03-101-2/+2
| |
* | Workaround for Authenticate key issuedrduh2024-03-101-8/+8
|/
* few more standard termsdrduh2024-02-121-5/+5
|
* typodrduh2024-02-121-1/+1
|
* few more style nitsdrduh2024-02-121-15/+9
|
* explicit keytocard instructionsdrduh2024-02-121-34/+13
|
* simplify batch instructionsdrduh2024-02-121-30/+12
|
* standard names for subkeysdrduh2024-02-121-51/+56
|
* remove yubikey as rngdrduh2024-02-121-11/+0
|
* remove multiple hostsdrduh2024-02-121-102/+39
|
* more grammardrduh2024-02-111-45/+19
|
* few more cleanupsdrduh2024-02-111-42/+112
|
* simplify console output, use generic infodrduh2024-02-111-477/+203
|
* more grammar and formattingdrduh2024-02-111-127/+118
|
* grammar and styledrduh2024-02-111-195/+149
|
* grammar and standardize storage terminologydrduh2024-02-111-141/+156
|
* standardize Certify/Subkeys, easier command copy, organize linksdrduh2024-02-111-424/+409
|
* Merge pull request #416 from Paraphraser/20240210-disable-ccid-masterdrduh2024-02-111-1/+21
|\ | | | | add step to set `disable-ccid` in `scdaemon.conf`
| * fix rookie mistakePhill Kelley2024-02-111-1/+1
| | | | | | | | | | | | | | | | | | | | Add a one-liner that works. Then think about the context and decide to recommend a rearrangement. And then muck up the consequential adjustment of the original one-liner. I think I got a badge for that in the scouts. Well spotted. Sorry. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
| * add step to set `disable-ccid` in `scdaemon.conf`Phill Kelley2024-02-101-1/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue #404 reports "GPG acts like my YubiKey isn't plugged in". With GnuPG 2.3 and later, the system can get into a loop where it prompts for insertion of a YubiKey even though that YubiKey is already connected. The solution for this is to set `disable-ccid` in `~/.gnupg/scdaemon.conf`. Testing suggests setting `disable-ccid` does not interfere with earlier versions of GnuPG (eg 2.2.27 on Debian Bullseye or 2.2.40 on Debian Bookworm). This problem has also been mentioned in #277 and #256. Including a step in the Guide to set `disable-ccid` may help minimise recurrence. Also takes the opportunity to ensure `~/.gnupg` directory exists on a new system before downloading `gpg.conf`. References: * Ludovic Rousseau - [GnuPG and PC/SC conflicts](https://ludovicrousseau.blogspot.com/2019/06/gnupg-and-pcsc-conflicts.html) * GnuPG.org: - [Scdaemon Options](https://www.gnupg.org/documentation/manuals/gnupg/Scdaemon-Options.html#index-disable_002dccid) * YubiCo: - [Resolving GPG's CCID conflicts](https://support.yubico.com/hc/en-us/articles/4819584884124-Resolving-GPG-s-CCID-conflicts) - [Troubleshooting Issues with GPG](https://support.yubico.com/hc/en-us/articles/360013714479-Troubleshooting-Issues-with-GPG) * Closed issues: - [277 pcscd: Error Reader Exclusive](https://github.com/drduh/YubiKey-Guide/issues/277) - [256 Update scdaemon.conf for gnupg 2.3 with MacOS (and possibly others)](https://github.com/drduh/YubiKey-Guide/issues/256) Fixes #404 Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
* | Merge pull request #408 from jpickwell/patch-1drduh2024-02-101-3/+3
|\ \ | | | | | | Quote Debian Live ISO URL, and add $ to AWK RegExp.
| * | Update README.mdJordan Pickwell2024-01-041-3/+3
| |/ | | | | | | | | Quote ISO URL, and add `$` RegExp end-of-string anchor to return only the ISO file and none of the other entries that contain `xfce.iso`. This avoids unnecessary cURL errors.
* | Merge pull request #411 from motiejus/motiejus-flakedrduh2024-02-101-208/+21
|\ \ | | | | | | NixOS Live Image: convert to a flake
| * | NixOS Live Image: convert to a flakeMotiejus Jakštys2024-02-041-208/+21
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now `nixpkgs` will be pointing to a specific release, which has a much smaller chance to unexpectedly break. Currently 23.11. The next one will be 24.05, 24.11, etc. NixOS *releases* receive security updates, but packages are upgraded conservatively, thus don't generally break. As a result, we should need to worry about NixOS upgrades every 6-12 months. The upgrade means "bump the version number and try to build it". If it breaks, it will generally break only then. Less reactive, more proactive surprises. `flake.nix` was written by @thomaseizinger in https://github.com/drduh/YubiKey-Guide/issues/406. Changes from the original: - change Gnome to xfce. Now it loads with 384MB of RAM and works well with the simplest graphics (hello qemu). - less nasty workaround for hopenpgp-tools. Fixed upstream (https://github.com/NixOS/nixpkgs/pull/279117). - do not default `copytoram`, user can select this option in the bootloader. Here is how to test it: ``` $ nix run .#nixosConfigurations.yubikeyLive.x86_64-linux.config.system.build.vm ``` *Note for the maintainer*: it would be great if you could occasionally run `nix flake update --commit-lock-file`, *especially* after updating github.com/drduh/config.git. Fixes #406 Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
* / Update link to genuine device check infoColin Grady2024-01-251-1/+1
|/
* Fix deprecated boot.cleanTmpDir for boot.tmp.cleanOnBootWest2023-10-211-1/+1
|
* Update debian versiondrduh2023-10-151-5/+9
|
* Remove ancient keyserversdrduh2023-10-151-10/+11
|
* Merge pull request #386 from Xronophobe/docs/update-debian-12-livedrduh2023-10-151-0/+22
|\ | | | | add notes for installing #Required Software on Debian 12
| * add note for installing yubikey-manager on Debian 12Csanad Beres2023-08-181-0/+3
| |
| * add note on installing hopenpgp-tools on Debian 12Csanad Beres2023-08-181-0/+19
| |
* | Merge pull request #387 from dkarlovi/patch-1drduh2023-10-151-1/+13
|\ \ | | | | | | fix: add an explicit example about publishing the pubkey when expiring
| * | fix bad copy pasteDalibor Karlović2023-08-141-1/+1
| | |
| * | fix typoDalibor Karlović2023-06-261-1/+1
| | |
generated by cgit, for Dennis Eriksen