3:13 PART 1 - Preparing the Server
07:04 PART 2 - Yubikey setup
13:00 PART 3 - Generating PGP Keys
17:32 PART 4 - Installing pass
21: 51 PART 5 - Dynamic DNS
28:11 PART 6 - Mobile access
*** HOME ROUTER: you need to port forward port 22 to your server's IP (PART 5)
# The Standard Unix Password Manager
https://www.passwordstore.org/
# Getting a domain from a DNS Hosting Service
https://bitcointv.com/w/3mNk2hz5XbYDX3WHb9hixf?start=1m8s
# GPG/PGP Series
https://bitcointv.com/w/p/bCuBWZh4ZdVbvdYJM8vmbW
# Yubikey Series
https://bitcointv.com/w/p/dhyWSopjPbkTqB5UanWL7G
### PART 1 ###
# Get Ubuntu server for rpi
releases.ubuntu.com
$ sudo adduser --disabled-password --gecos "" p
$ sudo nano /etc/hostname
### PART 2 ###
# Install packages
$ sudo apt install scdaemon yubikey-manager libpam-yubico libpam-u2f libu2f-udev
# Turn-off touch for encryption subkey
$ ykman openpgp set-touch enc off
# Script for restarting PC/SC Smart Card Daemon
---------------------------------------------------------
#!/bin/bash
sudo systemctl restart pcscd
---------------------------------------------------------
# Service for restarting PC/SC Smart Card Daemon on boot
---------------------------------------------------------
[Unit]
Description=Restart PC/SC Smart Card Daemon
[Service]
ExecStart=/usr/local/sbin/restart-pcscd.sh
[Install]
WantedBy=multi-user.target
---------------------------------------------------------
### PART 3 ###
# Generate PGP Certifying Key
$ gpg --expert --full-generate-key
# Issue subkey for encryption
$ gpg --expert --edit-key key_ID
# Flash subkey into yubikey
$ gpg --edit-key key_ID
# Export public key
$ gpg --export key_ID
# Encode pubkey into qr codes
$ sed -n x,yp pub.key | qr
### PART 4 ###
# Setup PASS
$ sudo apt install pass
$ gpg --fingerprint
$ pass init key_fingerprint
# Set alias in .bashrc
alias forget='gpgconf --kill gpg-agent'
$ source .bashrc
### PART 5 ###
# Free DNS hosting provider
desec.io
$ sudo apt install ddclient
# sudo systemctl status ddclient.service
daemon=1
sudo nano /etc/ddclient.conf
---------------------------------------------------------
daemon=300
protocol=dyndns2
use=cmd, cmd='curl https://checkipv4.dedyn.io'
ssl=yes
server=update.dedyn.io
login=my-domain
password=''
my-domain
---------------------------------------------------------
alias forget='gpgconf --kill gpg-agent'
### PART 6 ###
# termux
$ pkg upgrade
$ pkg install openssh
$ ssh-keygen -t rsa -b 4096
-----
Donations addr:
bc1qny4am3clu0gcsq3hvja4vcdhwd529hgmnlavfh
07:04 PART 2 - Yubikey setup
13:00 PART 3 - Generating PGP Keys
17:32 PART 4 - Installing pass
21: 51 PART 5 - Dynamic DNS
28:11 PART 6 - Mobile access
*** HOME ROUTER: you need to port forward port 22 to your server's IP (PART 5)
# The Standard Unix Password Manager
https://www.passwordstore.org/
# Getting a domain from a DNS Hosting Service
https://bitcointv.com/w/3mNk2hz5XbYDX3WHb9hixf?start=1m8s
# GPG/PGP Series
https://bitcointv.com/w/p/bCuBWZh4ZdVbvdYJM8vmbW
# Yubikey Series
https://bitcointv.com/w/p/dhyWSopjPbkTqB5UanWL7G
### PART 1 ###
# Get Ubuntu server for rpi
releases.ubuntu.com
$ sudo adduser --disabled-password --gecos "" p
$ sudo nano /etc/hostname
### PART 2 ###
# Install packages
$ sudo apt install scdaemon yubikey-manager libpam-yubico libpam-u2f libu2f-udev
# Turn-off touch for encryption subkey
$ ykman openpgp set-touch enc off
# Script for restarting PC/SC Smart Card Daemon
---------------------------------------------------------
#!/bin/bash
sudo systemctl restart pcscd
---------------------------------------------------------
# Service for restarting PC/SC Smart Card Daemon on boot
---------------------------------------------------------
[Unit]
Description=Restart PC/SC Smart Card Daemon
[Service]
ExecStart=/usr/local/sbin/restart-pcscd.sh
[Install]
WantedBy=multi-user.target
---------------------------------------------------------
### PART 3 ###
# Generate PGP Certifying Key
$ gpg --expert --full-generate-key
# Issue subkey for encryption
$ gpg --expert --edit-key key_ID
# Flash subkey into yubikey
$ gpg --edit-key key_ID
# Export public key
$ gpg --export key_ID
# Encode pubkey into qr codes
$ sed -n x,yp pub.key | qr
### PART 4 ###
# Setup PASS
$ sudo apt install pass
$ gpg --fingerprint
$ pass init key_fingerprint
# Set alias in .bashrc
alias forget='gpgconf --kill gpg-agent'
$ source .bashrc
### PART 5 ###
# Free DNS hosting provider
desec.io
$ sudo apt install ddclient
# sudo systemctl status ddclient.service
daemon=1
sudo nano /etc/ddclient.conf
---------------------------------------------------------
daemon=300
protocol=dyndns2
use=cmd, cmd='curl https://checkipv4.dedyn.io'
ssl=yes
server=update.dedyn.io
login=my-domain
password=''
my-domain
---------------------------------------------------------
alias forget='gpgconf --kill gpg-agent'
### PART 6 ###
# termux
$ pkg upgrade
$ pkg install openssh
$ ssh-keygen -t rsa -b 4096
-----
Donations addr:
bc1qny4am3clu0gcsq3hvja4vcdhwd529hgmnlavfh
