![]() If you want to do fancy smartcard things in addition to U2F, then get a Yubikey with NFC. Be sure you get keys with NFC so you can use it with your phone (most Androids and all currently updated iPhones work fine with NFC now) but verify which apps you use to understand if they can actually use the NFC U2F interface correctly (bitwarden on iOS couldn’t, last time I checked). ![]() Only get the Google Titan if they’re on sale or Google gives you one for free, it’s just a Feitian key with Google written on it. If you just want FIDO U2F support and don’t care about other fancy things that some of the dongles can do, just buy the Feitian USB key or Yubico Security Key. I’ve not used any of the Nitrokey U2F devices, just some of their other products. I have experience with Feitian U2F USB and Bluetooth dongles, Google Titan USB and Bluetooth dongles (just rebranded Feitian, really), and Yubico Yubikey dongles. Does it make sense to force everyone to use 2FA just because some people use weak passwords or insecure operating systems/apps? Many companies don’t even offer customer support any more except through their ticket system, which you can’t get to unless you log in (Digital Ocean, I’m talking about you …). What happens if my phone is destroyed, or someone hacks my phone number? It is nearly impossible to get accounts unlocked that are 2FA protected without going in endless circles with customer-support people. Kind of reminds me of 2FA/MFA – I’m to the point I’m more concerned about getting locked out of my accounts due to 2FA than someone cracking my strong passwords. Of course the ideal solution would be to upgrade all the old systems, however if the SSH ports are not exposed to the internet on these systems, there is not a security concern, so it’s hard to justify doing an OS update on all these systems – especially when many of them are remote and connected via very slow Cat-M modems. To get scp working again, use with -O option, when enables the old scp protocol instead of sftp.įixing security problems is great, but it comes with a cost when you have old systems deployed you still need to connect to. Where 10.0.0.123 is the IP of the embedded device. You can add the following to your ~/.ssh/config file: Host 10.0.0.123 ![]() ![]() If you are running a newer Linux distro with latest OpenSSH and connecting to a 5 year embedded Linux product running dropbear, you’ll likely see two problems when you try to connect: So OpenSSH has steadily been dropping support for older protocols that Dropbear used in the past. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |