Blog

OpenSSH + OATH-TOTP

March 24, 2016
linux, openssh, security

I dug a little further after my last post and stumbled upon this excellent blog post. It turns out that using the libpam-oath module for two-factor authentication is a lot easier than the challenge-response module and it works rather fabulously. I will document the steps I took here. Again, all credit goes to the author of that blog post above - I mainly followed his explanations and links. What we are going to do # We want to enable two-factor authentication when logging in via ssh. ...

OpenSSH + YubiKey HMAC-SHA1 challenge-response

March 23, 2016
linux, openssh, security

First off: this does not work as I wanted it to work .. it has some interesting implications though. The idea # I am using a YubiKey NEO for various things. It holds my PGP keys in its secure element and has the YubiKey slots configured to use HMAC-SHA1 challenge response and static password. You can for example unlock your KeePass(X) database using OATH-HOTP or the challenge-response mechanism. The idea was to use the PAM module in its challenge-response mode for authentication during SSH logins. ...

Freifunk VLAN

March 1, 2016
network, freifunk

Freifunk explained # The vision of Freifunk is the establishment of free networks, the democratization of communication media and the promotion of local social structures. Basically, if you want to participate in a Freifunk community, you take a router capable of running OpenWRT and flash it with a special community-flavored version of OpenWRT based on Gluon. If there are other Freifunk nodes in reach, your router will mesh with them and connect you to the network. ...

Access Ghost via UNIX Socket

February 16, 2016
systemd, linux

Okay, so I set this thing up recently as my new landing page.

Using some scripts and templates from etherpad-lite, which I modified slightly, I now run this as a systemd service under a new user. (You can find the modified files at the end of this post.) However, somehow I can’t get ghost to listen properly on sockets yet.. or at least nginx gives me 502 errors when trying to connect .. I’ll resort to using localhost:port for now.

...