I've been using Yubikey for a while now, and I've always wanted to use it in my home lab. Thank you for putting this together. I love it. Can't wait to apply it
@christianlempa2 жыл бұрын
Thank you! Glad you enjoyed it :)
@phillipmelvin47562 жыл бұрын
I use these everywhere possible. Yubikeys are great. Make sure you have a few of them assigned to any accounts so if you lose it or it stops working.
@bytecorner1232 жыл бұрын
That’s the most important. Always have a backup.
@christianlempa2 жыл бұрын
It’s always good to have a backup! :)
@LampJustin2 жыл бұрын
09:05 rather than using bin/sh as the entrypoint it needs to be dumb-init as sh isn't meant to be PID1 and can't deal with signals like SIGTERM without modification and traps. So just change /bin/sh to ../dumb-init you can leave the rest (teleport...) in command
@drgr33nUK2 жыл бұрын
I've been using Yubikeys for about 6 years now and I can honestly say they have changed my life! I use mine for everything from signing EFI shims to logging into AWS. If you care about security then get several yubikeys.
@MadChristianX2 жыл бұрын
Thank you for this great tutorial. After being unsuccessful setting up teleport behind Traefik proxy i used a CF tunnel to access the service. Passwordless sign in with fingerprint on the MacBook or FaceID on iPhone seems to be the most convenient way for me 🙂
@TzaraDuchamp Жыл бұрын
Thanks for the clear explanation. What online service supports passwordless login with a YubiKey and which would you recommend?
@mrd42332 жыл бұрын
Hey Christian, very well explained and punctual tutorial on MFA! 👌👌👌
@christianlempa2 жыл бұрын
Thank you so much 😊
@brandenrae9803 Жыл бұрын
I would love to see where else you could use passwordless/YubiKey in a homelab. Thank you for all the great videos that you have made!
@christianlempa Жыл бұрын
Thank you! There’s something new coming out the next weeks :)
@itsvrl18562 жыл бұрын
Great coverage! Been using Yubikeys for years now. Great physical defense.
@christianlempa2 жыл бұрын
Thanks! That’s awesome
@joesweeney62622 жыл бұрын
Yubikeys are brilliant and uplift your security stance dramatically. I purchased keys for all my family members during the lockdowns to help us all avoid the elevated risks of working from home.
@christianlempa2 жыл бұрын
Awesome!
@dobithezkiyy3504 Жыл бұрын
That's great. The question is what would happen if Yubikey no longer exist.
@joesweeney6262 Жыл бұрын
@@dobithezkiyy3504 backup / master key, emergency recover codes with alternative authentication
@LarsBerntropBos2 жыл бұрын
Not adding a Yubikey without secondary protection of PIN or biometric is not a bug, it is a feature!
@cempack2 жыл бұрын
Cool video like always, thank you for sharing
@christianlempa2 жыл бұрын
Thank you!
@MikeFico998 Жыл бұрын
Wow Yubikey so easy to use! All you have to do is log into DOS and type several hundred lines of machine code that no one knows !
@nolanwatts1102 жыл бұрын
So great, thank you! Christian - can you share the terminal colors you're using now that you've moved to macOS? I'd like to get my terminal looking like yours from this tutorial. Is there a script that can be used, or just match the macOS terminal color settings to yours?
@aleksanderbang-larsen76282 жыл бұрын
Great video! How did you customise your terminal like that?
@christianlempa2 жыл бұрын
There will be a new video coming out about mac terminal customization :) stay tuned
@Sc4rEye2 жыл бұрын
@2:20 you said Yubikey with NFS, I think you meant to say NFC. Great video!
@christianlempa2 жыл бұрын
Oh yeah, that was a mistake :D Thanks mate!
@DamjanDimitrioski2 жыл бұрын
If you think having a device dedicated for password management or secrets vault would stop someone giving out all the passwords at a gunpoint :D. I believe having a phone with the password manager is enough, since the phone can be encrypted to a level that on gunpoint you will still spill the beans.
@StevoDesign2 жыл бұрын
huh?
@tidalwave76 Жыл бұрын
Thanks for this interesting content. Do you know if you can use the Yubikey with an iPad? I‘d also would love to hear if this works with the RDP part towards a Windows server as well.
@christianlempa Жыл бұрын
I think the NFC version should work on compatible NFC devices. Not sure if the iPad has it though
@berndeckenfels Жыл бұрын
I don’t think it’s a bug, webauthn allows to declare if your token should have pin protection if used as single factor (for the reasons you mentioned).
@Thylacine12 жыл бұрын
Your videos are great dude, you got a new sub. I'm here for hairdo's and security/nerd BS, and we are are fresh outta hair my friends :)
@christianlempa2 жыл бұрын
thanks mate!
@biggyk872 жыл бұрын
Thanks for the video. What vscode theme is that? So with you not recommending using a reverse proxy, I guess that means we should have a fresh dedicated vm with its own public IP?
@christianlempa2 жыл бұрын
You're welcome! I'm using my own theme, you can find it in the marketplace "The Digital Life" ;) Revproxies would make the system more complex without adding any benefit.
@alexlora6009 Жыл бұрын
make a video of how to setup a windows active directory Sams with yubikey/FIDO2 or password less.
@marcoroose99732 жыл бұрын
Teleport is amazing. I really have to start with it for my infrastrcuture. What about a video about the Windows Remote Desktop stuff built into teleport? I definitely will use it.
@christianlempa2 жыл бұрын
That’s already planned :) but I will do a few other projects first so that needs to wait a little
@MadChristianX2 жыл бұрын
@@christianlempa After reading the documentation for RDP with teleport i decided that this project can wait until your video for that is on KZbin 🙂
@CaptZenPetabyte2 жыл бұрын
When this is available via using a usb key (in place) instead of the yubikey across-the-board it will be a game-changer. The technology is already built into most browsers, extensive libraries are available for the signing modalities, yet its not widely used.
@ao45142 жыл бұрын
Hey Christian, i saw the video you did on wireshark and i must say it wasn't clear at all! Can you do a video on how to use wire shark to hunt for spyware/malware ?
@jwspock16902 жыл бұрын
Danke für deine Videos - Top !
@christianlempa2 жыл бұрын
Gerne! Danke für das Lob ;)
@itHurtswhenIP Жыл бұрын
Hey Christian Is something like this possible. when using cloud flare zero trust tunnel?
@danielsauriol2 жыл бұрын
Extremely interesting tutorial as always, but thought I'd let you know that you have an *AWESOME* shirt !!! (wink wink - from a Canadian subscriber !!!) 🙂
@christianlempa2 жыл бұрын
Haha thank you 🙏☺️
@gernhardreinholzen14482 жыл бұрын
So basically teleport replaces traefik and (authelia/authentik), right?
@christianlempa2 жыл бұрын
For me it does, yeah
@0x-0032 жыл бұрын
i got myself a Yubikey, but until now i have used 1password manager, what do i do?
@kpwlek Жыл бұрын
just buy a sec one as a backup... I have lost mine and I was screwed completely... well not completely but it was a some problem to login into the boxes.
@Glatze6032 жыл бұрын
Great video and content Christian :-)
@Glatze6032 жыл бұрын
you really use google authenticator ? Then you have a single point of failure (your iphone), because with this app you have no automatic sync to other devices like authy.
@Glatze6032 жыл бұрын
I have Teleport running an a VPS for ssh and web-services and it works nice!
@Glatze6032 жыл бұрын
Yubikey in Teleport works with MS Edge too 🙂 Here you only have to type the PIN and then you have to touch the Yubikey (once). Very nice! I hope that someday it will work with firefox too.
@Glatze6032 жыл бұрын
Another tip: use at least 2 Yubikeys - one for at home, one for on the go. So you also have a direct backup.
@christianlempa2 жыл бұрын
Thanks mate :) yeah maybe I should move from google auth to something better, I’ll take a look at Authy
@eb38982 жыл бұрын
What happens when you need to access your home infrastructure but you do not have an internet connection (during an outage)?
@christianlempa2 жыл бұрын
Hope it doesn’t xD well I Stil got SSH as backup
@alexsalois53722 жыл бұрын
Hey, can you make the font bigger next time? It is a little small on my device.
@christianlempa2 жыл бұрын
Okay 👍
@pbrigham2 жыл бұрын
With so much complication and configuration is only a matter of time until someone makes a mistake and provokes a security breach.
@cyber-paul Жыл бұрын
Does teleport support DNS01 challenge? Can not find in docs
@christianlempa Жыл бұрын
I don't think so, unfortunately, but I'm not sure, what does the teleport support say about that?
@smith20742 жыл бұрын
usb to micro usb adapter for smartphone can i use this key on galaxy s20?
@christianlempa2 жыл бұрын
It has NFC so it should work wireless with any phone
@smith20742 жыл бұрын
@@christianlempa I will buy yubiKey bio - FIDO Edition does not have NFC
@s6yx2 жыл бұрын
how can i run this if i already have nginx manager running in 443?
@christianlempa2 жыл бұрын
You can change the port
@sylvaindecrom2 жыл бұрын
Does this still work when you lose internet connectivity?
@christianlempa2 жыл бұрын
I guess it doesn't because i'm running teleport in the cloud.
@sylvaindecrom2 жыл бұрын
@@christianlempa but you got a back way in right?
@christianlempa2 жыл бұрын
@@sylvaindecrom of course :D
@cbbcbb68032 жыл бұрын
What can you do if you loose your YubiKey?
@christianlempa2 жыл бұрын
You can still use other keys or otp as a fallback and remove the lost yubikey from your account
@xiaxiao75672 жыл бұрын
Can't add host to teleport
@JerryWoo962 жыл бұрын
Do you know how to integrate with traefik?
@christianlempa2 жыл бұрын
As I said in the video, I’d not do it and just use Teleport without a revproxy
@saschaweinmann2 жыл бұрын
How is a PIN not a password?
@christianlempa2 жыл бұрын
A PIN is a PIN, a password is a password ;)
@saschaweinmann2 жыл бұрын
@@christianlempa I respectfully disagree. A password is a secret (something you know). So a PIN is just a numeric password. For security purposes there a three option: something you know (e.g. passwords), something you have (e.g. Hardware), something you are (e.g. Retina scan). Sadly i haven't found a way to just rely on hardware without a secret. This video does not solve this either.
@infocus-media2 жыл бұрын
Wow, My comment got removed very quickly!
@csmithDevCove2 жыл бұрын
First Comment
@PatipanWongkleaw2 жыл бұрын
Where do I find the teraform tutorial
@christianlempa2 жыл бұрын
Just search for terraform and the digital life, you'll find it ;)
@racghineering2 жыл бұрын
so the solving is fiinding the first door. ok. good.
@chris23tr2 жыл бұрын
ich sehe mfa trotzdem immer noch als die bessere als das passwortlose login, weil dann braucht man 2 unterschiedliche arten für den Login das Passwott wo nur die Person weiß und den Stick.. Weil wenn man den Stick verliert und weiß für was der ist kann man sich dann einloggen.Sicherheit geht immer vor begquemlichkeit.
@MadChristianX2 жыл бұрын
Nun ja dagegen gibts ja den PIN für den Stick.
@patrikgrguric5352 жыл бұрын
How many times will they sponsor you 💀. At this point you can change your logo to Teleport's.
@jayp9158 Жыл бұрын
Dude, chill out. He has a very niche channel so it's very difficult to grow or getting sponsors, even more, the product is actually useful and relevant for most of the viewers of the channel so I don't really see the harm.