Commit graph

1135 commits

Author SHA1 Message Date
Tamerlan Bimzhanov
acc140b900 Update modules/ROOT/pages/getting-started-guide.adoc 2023-04-03 16:23:41 +00:00
77e9e28ca1 Update README.md revert to md
My mistake when I tried to use AsciiDoc in markdown. Revert to URL
2023-03-25 08:29:41 +00:00
28310a48cd Update README.md with xref
cross-reference repo in GitLab, replacing URL. Please check if the README file is rendered correctly. Not sure how to preview README.
2023-03-24 22:45:33 +00:00
Andy Piper
598127a49e Update modules/ROOT/pages/dnf-system-upgrade.adoc
Small improvements to capitalisation, hyphenation etc for consistency and clarity.
2023-03-24 16:03:47 +00:00
Peter Boy
b00b4d55d1 using-yubikeys.adoc: fixed type in list of tags. 2023-03-22 11:28:26 +01:00
Peter Boy
93d4b03125 Temporary fix for abstract tag. 2023-03-21 13:15:30 +01:00
Peter Boy
bbfb67a8e0 Using YubiKeys: adding editorial stuff 2023-03-21 13:09:01 +01:00
Peter Boy
5be0e27708 Using nested virtualization: adding editorial stuff 2023-03-21 12:53:40 +01:00
Peter Boy
7b8a03370a Getting started: adding editorial stuff 2023-03-21 12:44:52 +01:00
Peter Boy
bf822ef62f Pulled partials into the text body. 2023-03-21 10:41:40 +01:00
Peter Boy
a54afa41d0 Merge #565 Updating 'getting started' guide to reflect the root account being disabled by default on Fedora Workstation 2023-03-21 09:16:10 +00:00
Peter Boy
a578fbbc71 Merge #577 pages/yubikey: add pam_u2f alternative 2023-03-21 09:07:20 +00:00
Peter Boy
4f50823ea6 Merge #576 Add a warning about Slot 1 reset 2023-03-21 09:06:25 +00:00
Peter Boy
79e5da47d7 Merge #575 pages/yubikey: fix OpenSSH section 2023-03-21 09:05:31 +00:00
Peter Boy
9d83b8f7a4 Merge #574 pages/yubikey: remove outdated notice 2023-03-21 09:04:07 +00:00
Zdenek Dohnal
8a2d7469b6 Add user stories for installation
Reworked installing printers and installation user stories were added.
2023-03-16 15:58:59 +00:00
w4tsn
7dfffea7ca
pages/yubikey: fix OpenSSH section
There was an error mixing up PIV/PKCS#11 for older OpenSSH and FIDO2 for
OpenSSH 8.2+. This change adds both methods as separate alternatives.
2023-03-11 11:19:42 +01:00
w4tsn
ff8060af9f
pages/yubikey: add pam_u2f alternative
Apparently there is also pam_u2f as alternative to pam_yubico which is a
more general approach using the open FIDO2 / U2F standard. It's much
easier to setup as there are fewer possibilities and decisions to make.

This approach also supports more security keys like SoloKey v2 and
NitroKey 2/3 which could open possibility to create a dedicated security
key page for general key support in Fedora Linux.
2023-03-11 11:02:14 +01:00
w4tsn
e81caf8a5e
pages/yubikey: change yubicloud upload heading lvl
This heading belongs to the topic of writing a new AES key to Slot 1.
2023-03-11 10:03:52 +01:00
w4tsn
a8fa21279d
pages/yubikey: add a warning about resetting slot1 2023-03-11 10:03:12 +01:00
w4tsn
2099944d40
pages/yubikey: remove outdated notice
Since the last update from 2023-02-26 this Quick Doc is updated to
latest developments in used packages, YubiKey features and use in Fedora
Linux 37.
2023-03-11 09:53:56 +01:00
21f8895d16
Signed-off-by: Hanku Lee <allegrovelo@gmail.com>
README-md updated fully
2023-03-10 14:06:14 +00:00
25b25caa7f Merge #564 Review and update "Using Yubikey" page 2023-03-05 17:51:56 +00:00
9e63b8d2d4
Signed-off-by: Hanku Lee <allegrovelo@gmail.com>
image text and alt text added
2023-03-04 21:49:31 +00:00
7ac01af151
Signed-off-by: Hanku Lee <allegrovelo@gmail.com>
Image rendered and intro added
2023-03-04 00:46:10 +00:00
b84581f01d
Signed-off-by: Hanku Lee <allegrovelo@gmail.com>
image macro updated
2023-03-04 00:15:05 +00:00
e5dde980e6 Merge #566 QuickDoc issue 521 updated and images uploaded 2023-03-02 21:54:09 +00:00
w4tsn
970eb0ebb1
pages/yubikey: fix yubikey-manager gui package 2023-02-28 21:16:41 +01:00
w4tsn
099c592e5b
pages/yubikey: fix typo 2023-02-27 09:46:23 +01:00
w4tsn
b015b9954c
pages/yubikey: add warning about online auth method 2023-02-26 11:52:18 +01:00
w4tsn
dafcba9988
pages/yubikey: add note about using both auth methods 2023-02-26 11:50:50 +01:00
Francois Andrieu
ababdf39d2 remove exploded git tree repository that no longer exists 2023-02-22 20:00:37 +00:00
w4tsn
6619d128b8
pages/yubikey: fix key registration instructions
The instructions to register a key with the local account were
implicitly requiring challenge-response. Add the YubiCloud method based
instructions and also add an explicit command to configure
challenge-response in slot 2 of a key.
2023-02-20 20:31:33 +01:00
w4tsn
eae11f0488
pages/yubikey: add missing line in example 2023-02-19 12:01:00 +01:00
89ed69d141
Signed-off-by: Hanku Lee <allegrovelo@gmail.com>
QuickDoc issue 521 updated and images uploaded
2023-02-18 17:29:39 +00:00
w4tsn
90432a7376
pages/yubikey: fix several grammar issues 2023-02-18 11:00:39 +01:00
w4tsn
da454cc861
pages/yubikey: reformat flags of ykpersonalize
The man page of ykpersonalize uses a confusing format for providing
option flags. After tests although not documented in the man page it is
also possible to use an alternative format using spaces between option
flag and value. Also to note: the negative form of an option flag uses a
'-' symbol right in front of the value.

Also the slot selector -1 or -2 has to be supplied before any option
flag.
2023-02-18 10:48:26 +01:00
w4tsn
4274f89f00
pages/yubikey: remove note on setting secontext
The access to the ~/.yubico directory is done using the PAM module, not
sshd directly. PAM sets the context of that directory to auth_home_t
which PAM is allowed to access. No need to set the context to
ssh_home_t.

Apart from that using chcon is a volatile operation and not intended for
persistent changes which was the intent of the note though. The label
would be reset in a system recovery scenario.
2023-02-17 20:14:38 +01:00
Liam Coogan
83a5c07f6c Fix typo I made 2023-02-16 17:27:45 +00:00
Liam Coogan
2ba4312404 Fixing various typos and grammatical inaccuracies in the 'Getting Started' guide
See title
2023-02-15 12:55:38 +00:00
Liam Coogan
1ff1ee9ead Updating 'getting started' guide to reflect the root account being disabled by default on Fedora Workstation
This is my first commit so please correct me if there's something wrong here or feel free to change my wording, but I believe Fedora Workstation now disables the root account by default and instead adds the default user to the 'wheel' group.
2023-02-15 12:41:11 +00:00
w4tsn
93f06ff422
pages/yubikey: unify use of YubiKey spelling 2023-02-12 16:40:00 +01:00
w4tsn
a6b5d2490d
pages/yubikey: add OATH-TOTP to web auth section 2023-02-12 16:39:33 +01:00
w4tsn
05a7579f46
pages/yubikey: add section on OpenSSH client auth 2023-02-12 16:39:07 +01:00
w4tsn
b04799e7e9
pages/yubikey: add setup sections for other features 2023-02-12 16:38:28 +01:00
w4tsn
241c0afc5b
pages/yubikey: add a simple otp slot 2 example 2023-02-12 16:37:35 +01:00
w4tsn
a7c4670ec5
pages/yubikey: rework the local auth section
Changed the structure and content of the section to reflect more modern
tooling available in recent Fedora Linux distributions.

Simplified overall structure and added challenge-response configuration.

Removed the more complicated authfile option as it is an option for more
advanced use-cases but not necessary for a basic setup. More advanced
users may refer to the pam_yubico man page.

Added a warning about locking yourself out when using required
configuration.
2023-02-12 16:32:48 +01:00
w4tsn
26ca6635f0
pages/yubikey: add a section on backup keys
Due to the nature of hardware security tokens it is important to
consider backup keys right from the start, so added a section on that
topic.
2023-02-12 16:29:03 +01:00
w4tsn
d97e51eadc
pages/yubikey: update What is a YubiKey section
Added more use-cases than OTP to this section to give an overview on the
usual capabilities of modern YubiKeys like from the 5-series.
2023-02-12 16:27:35 +01:00
032d66455a #180-SwitchingDesktopEnvironment-edit-header
Header change and abstract
2023-02-11 19:40:01 +00:00