Joerg Jaspert Aug 9, 2025

Process is at the point where the signing keys #Debian FTPMaster uses are getting changed. The old #bullseye key got an impressive 4641567 signatures done with its #yubikey. #trixie #debian13 #linux

That little piece of hardware is quite busy there.

Show threadMartin Ellis
@Ganneff I didn’t know yubikeys could sign non-interactively. Is it just a regular Yubikey or is it one of the YubiHSM things?
Aug 9, 2025 at 10:07amWeb
Show threadJoerg Jaspert Aug 9, 2025

@martiell It's a standard "Yubico.com Yubikey 4/5" (that's how it names itself in lsusb).

You need to turn off the "Confirm user presence" thingie to have it NOT require a human touching it.

Show threadMartin EllisAug 9, 2025
@Ganneff Good to know, thanks.
Show threadAxel 🚴😷🐧🐪⌨ | #WeAreNatenomAug 9, 2025
@Ganneff @martiell: How's the bus factor with this setup? Does someone else have a secondary Yubikey? Or is it sitting in the ftp-master server or elsewhere remote?
Show threadJoerg Jaspert Aug 9, 2025
@xtaran @martiell Splitted key, multiple FTP master have parts.