Lenin alevski 🕵️💻Mar 28, 2023

In this article I show the power of combining YubiKeys, Ansible, and 1Password for securing SSH access and managing secrets. Although this solution was implemented as a homelab project, it is 100% applicable to startups and small companies. By leveraging the unique features of YubiKeys, we can enhance the security of our systems and protect against identity theft. Additionally, by using Ansible for automation and 1Password for secret management, we can simplify and scale our operations while maintaining a high level of security.

https://www.linkedin.com/pulse/securing-your-homelab-ssh-access-secrets-management-yubikeys-alevski

#security #cybersecurity #passwordsecurity #ssh #infosec #hacking #homelab #devops #sysadmin #yubikey

Securing Your Homelab: SSH Access and Secrets Management with YubiKeys, 1Password, and Ansible

It's been almost a year since I wrote about my home lab's network re-architecture. Since then, things have changed and the lab is still a work in progress.

Show threadRev. GothAlice

@alevsk I ❤️ Yubikeys.

WebAuthN, CAK (SSL PIV) + S/MIME, GPG keystore for SSH and Git code signing, Yubico OTP for trivial integration into developed solutions, with NFC and… being a USB HID device (for the Yubico OTPs) it's worked with iOS since… the beginning via the Lightning↔︎USB Camera Connection Kit.

Mar 28, 2023 at 2:37pmWeb
Show threadRev. GothAliceMar 28, 2023
@alevsk Also, support is amazing. There was a critical bug in the GPG applet (permitting signing without PIN unlocking) back in the day, and they replaced the impacted tokens without question or hesitation.