Please read the Disclaimers before proceeding.
Review features often required for enterprise security.
- Manage LUKS encryption
- Configure SSH
- Connect to VPN
Manage LUKS encryption
You should change your disk encryption passphrase when first running the laptop and as-needed after that. Open a terminal and enter the following. It is critical you remember your passphrase; there is no way to recover the disk if it is lost! Keep a copy someplace safe and type carefully.
Out of the box, your disk encryption should use only a single key (YubiKey users will have two). You may see the slots in use by issuing the following command. Example (shortened) output is shown below.
If you see more keys than expected, you may remove them. Do this carefully and make sure your data is backed-up before proceeding! In the example below, we remove a key from slot 2.
luksDump command again as shown above to ensure
the slot has been removed.
If you need to add a new key:
A default configuration is provided and annotated in
.ssh/config for all new users.
Connect to VPN
OpenVPN is installed to ease connection to corporate networks. However, there are numerous additional VPN clients which we will detail as needed.
We try hard to provide a useful workflow validated by professionals. However, we cannot anticipate every situation, and therefore cannot guarantee this procedure will work for your needs. Always back up your data and test the workflow to determine the correct procedure for you.
THIS WORKFLOW IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS WORKFLOW, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.