Krypton made two-factor easy & secure

See https://krypt.co and sources on https://github.com/kryptco .

https://krypt.co/start/ => https://krypt.co/ext/ for U2F Browser Extension, if interested.

More on https://krypt.co/docs .

Setup SSH

Install the Android App , and in its Settings (Krypton Core) enable [X] Developer Mode (and review other Settings; perhaps Disable Google Analytics). Now on workstation/desktop host:

curl https://krypt.co/kr | sh

kr pair

and scan the displayed QR code in the PAIR tab on the App. The printed SSH public key is ~/.ssh/id_krypton.pub (also kr me), and can be put e.g. on https://github.com/settings/keys or on a server (also using kr add <user>@<server>) as per https://krypt.co/docs/start/upload-your-ssh-publickey.html .

SSH Key type ed25519-sk (and ecdsa-sk)

Today I noticed by coincidence that (recent versions of; e.g. the one available on Fedora Silverblue 34) ssh-keygen have ed25519-sk (and ecdsa-sk) key types (-t).

Never having seen these before, I wondered what they were for…

It is explained e.g. on https://security.stackexchange.com/questions/240991/what-is-the-sk-ending-for-ssh-key-types , and in the chapter “FIDO/U2F Support” on https://www.openssh.com/txt/release-8.2 .

This is very nice, as it much simplifies the much too complicated old ways of using gpg-agent to SSH with a YubiKey .

Exploring Fedora CoreOS

See https://docs.fedoraproject.org/en-US/fedora-coreos !

First Steps

Following https://docs.fedoraproject.org/en-US/fedora-coreos/getting-started/ :

podman run --pull=always --rm -v $HOME/.local/share/libvirt/images/:/data -w /data \
    quay.io/coreos/coreos-installer:release download -s stable -p qemu -f qcow2.xz --decompress

qemu-img create -f qcow2 -b \
    ~/.local/share/libvirt/images/fedora-coreos-33.20210328.3.0-qemu.x86_64.qcow2 \
    ~/.local/share/libvirt/images/my-first-fcos-vm.qcow2 20G
ls -lh ~/.local/share/libvirt/images/

podman run --interactive --rm quay.io/coreos/butane:release \
    --pretty --strict <first.bu >first.ign
bat first.ign

qemu-kvm -m 2048 -cpu host -nographic \
    -drive if=virtio,file=$HOME/.local/share/libvirt/images/my-first-fcos-vm.qcow2 \
    -fw_cfg name=opt/com.coreos/config,file=first.ign \
    -nic user,model=virtio,hostfwd=tcp::2222-:22

ssh-keygen -R "[localhost]:2222"
ssh -o StrictHostKeyChecking=accept-new -p 2222 core@localhost

pstree
systemctl status
systemctl --type=service --state=active
hostnamectl

podman run --rm -it hello-world

Automatic Updates

See https://docs.fedoraproject.org/en-US/fedora-coreos/update-streams/ , and https://docs.fedoraproject.org/en-US/fedora-coreos/tutorial-updates/ :

FOSDEM 2021

I “attended” (virtually, thanks COVID-19) FOSDEM 2021 on Sat/Sun Feb 6/7, 2021.

https://fosdem.org/2021/schedule/ has the full schedule - and there’s a lot, as with any big tech conference.

https://www.youtube.com/channel/UC9NuJImUbaSNKiwF2bdSfAw has (will have) recordings. Here are talk I listened in to:

Cloud Infra

• https://fosdem.org/2021/schedule/event/containers_datacenter_class/ about how https://www.opencompute.org open design HW “2nd life” that can be bought (again; “circular IT HW”) on https://www.itrenew.com/explore-solutions/ (pricing on http://bit.ly/sesame-specials; more on https://stands.fosdem.org/stands/sesame_discovery/ ) and managed with https://github.com/opencomputeproject and https://rackn.com/rebar/ (like https://metal3.io ?) - at home? ;) I know what I want for christmas, LOL.