| by MajB | Leave a Comment on AZLOCO/CLUG COMMUNITY SERVICE PROJECT

AZLOCO/CLUG COMMUNITY SERVICE PROJECT

Occasionally we forget one of the missions in our charter, to spread the use of Ubuntu throughout our state. There are only ten members of the Arizona Team in Sierra Vista. However, they are all also members of the Cochise Linux User Group which currently boasts a membership of nearly 40. Back in August of 2019 members of both organizations contacted the Warrior Healing Center in Sierra Vista with a request to use one of their three conference rooms for installation festivals and local presentations on various Linux and FOSS topics in exchange for establishing a computer lab for them that would be used by veterans and their family members who do not have access to a computer. These computers would have a Linux Operating systems installed on them.

The Warrior Healing Center is the only organization of its kind and was started in part to reduce and eventually eliminate the 22 veteran suicides every day mainly due to the stress of combat in our country’s service. It provides a one stop shop for veterans and their family members for assistance in finding employment opportunities, temporary lodging, emergency food supplies, counseling, help for physical and mental problems, service dog training, guides to wade through the enormous bureaucracy known as the Veterans Administration, and many other services. There are over 40 organizations connected with the Center and their representatives are housed in Warrior Healing Center building in Sierra Vista, Arizona. Veterans helping veterans.

Four desktop computers, complete with monitors, keyboards, and mice, were donated by members of AZLOCO and CLUG. Ubuntu 18.04 was installed on three of them and Xubuntu 18.04 was installed on the fourth. (See photos of the computers on our wiki page: https://wiki.ubuntu.com/ArizonaTeam/OtherTeamEvents). CAT5 cable was run into the room where the lab was to be created to allow for wired internet access. These computers are maintained and updated by members of both organizations. As a result of this action, several other installs have been conducted on personal computers belonging to the veterans and their dependents who attend activities at the Center. In addition, several one on one sessions have been held to instruct individuals on the Ubuntu Operating System with excellent results. We have assisted in the installation of Ubuntu on the eight computers in their Operations Center that are used to track the open cases of veteran requests and to produce plans for future operations and activities.

| by Mark | Leave a Comment on Securing GPG keys with a Yubikey security device

Securing GPG keys with a Yubikey security device

I’ve been using my Yubikey for years with Ubuntu SSO, as a 2-factor authentication device.

Recently, I started playing with some of its other capabilities. In particular, I became interested in the OpenPGP capabilities. I spent a couple hours working through this excellent guide on the subject.

The end result: I have a GPG key stored on my hardware key, in the device’s “secure element”. I can sign and decrypt messages/files when the key is inserted into my Ubuntu or Mac systems, and the private key is not stored on the system at all.

A brief summary of the process:

  • Buy a Yubikey. If you want to carry it with you, don’t get the Nano–they’re easy to lose.
  • Install scdaemon to your system. You will also need pinentry
  • Generate the key. You can do on the Yubikey but I recommend doing it on an offline computer or live CD.
  • BACK UP the private key offline. This is important, as the next step is destructive.
  • Move the private key/subkeys to the Yubikey, one at a time. They will be removed from your keyring.
  • Edit gpg-agent.conf and add “pinentry” as described.
  • Edit gpg.conf and add “use-agent” as described.
  • Optional: upload your public key to keyserver.ubuntu.com

To use the key on another system, you will need scdaemon and pinentry, along with the configuration files. I find that I need to import my public key for the system to recognize the private key on my Yubikey. Also, don’t lose your offline backup of your private key. Some functions (like adduid) apparently require you to re-import your private key to your keyring–and the private key cannot be exported from the Yubikey.

Finally, you can use your GPG key in your Yubikey as an SSH private key. See the steps in the guide on Github. If you have any questions, hit me up in #Ubuntu-US-AZ on Freenode.

References: