Secure your data and network vwith Full Disk Encryption, YubiKey two-factor-authentication, Secure Shell, and Virtual Private Network clients.
Change the disk encryption password immediately after first boot. It is critical to remember your passphrase keep a copy someplace safe and type carefully;
there is no way to recover the disk if it is lost!. Open a terminal and enter the following:
Only one key is used for normal encryption, and two if using a YubiKey. You may see the slots being used by entering the following command:
If you see more keys than expected, you may remove them.
Do this carefully and make sure your data is backed-up before proceeding! In the example below, we remove a key from slot 2.
luksDump command as shown above to ensure the slot has been removed.
Use the following command to add a new key:
If have YubiKey pre-configured you won’t need this except to change your password. The procedure below is based primarily on this guide and then verified on the Focus.
Enter your passphrase.
/etc/crypttab to include the
keyscript option as shown. Notice your UUID value will be different!
Update System RAM Disk
Reboot and insert Yubikey on the initial passphrase screen to test your password. You should be able to use your YubiKey passphrase or your regular passphrase. We suggest always keeping your first passphrase but ensure it is long and complex. This provides a method to use the system even if you lose your Yubikey. As always, store your passphrases safely.
Secure Shell (SSH) is a versitile tool. One can use it for remote access, port forwarding, tunneling, and secure file transfers. It is supported by many graphical tools on Linux. The Dolphin file manager, for example, supports secure file transfers using
A default configuration is provided and annotated in
.ssh/config for all new users. You may study it to see how to maintain constant connection and add shortcuts for specific hosts.
OpenVPN is installed to ease connection to corporate networks. However, there are numerous additional VPN clients which we will detail as needed.
Content will be added as needed.
This is a partial revision history. See the
git repository for all entries.
2020-06-10 c4ed9299Restructure layout
We try hard to provide a useful workflow validated by professionals. However, we cannot anticipate every situation, and therefore cannot guarantee this procedure will work for your needs. Always back up your data and test the workflow to determine the correct procedure for you.
THIS WORKFLOW IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS WORKFLOW, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.