Yubikey to secure servers.. has anyone tried it?
-
@fbartels Wow, that was an amazing deal! I'm thinking of using Yubikey to secure Vaultwarden which hosts the passwords and 2fa codes so that should cover all sites that don't work with Yubikey directly. I saw that Yubikeys can be used to secure Windows machines too. I might use that on my laptop in case it gets stolen but I'm looking to see if full drive encryption can be enabled or not.
BTW, do you have the FIPS version? Is it worth it?
@humptydumpty said in Yubikey to secure servers.. has anyone tried it?:
do you have the FIPS version?
No, the fips version was not part of the promotion.
Vaultwarden would indeed work with the Yubikey. Because of some certificate issue I never got it to work with my old key. But that is sadly the downside of them. you cannot update their firmware (which to be fair would make them potentially less secure).
The other thing that i liked to do was to store a long passphrase on it (it acts as a keyboard when plugged). Then you can just add a custom pre or suffix and press the button and have an easy to enter secure password.
-
@fbartels said in Yubikey to secure servers.. has anyone tried it?:
a promotion between Cloudflare and Yubikey where you could get keys for a greatly reduced price: https://www.reddit.com/r/yubikey/comments/xrcly7/cloudflare_deal_for_1011_keys/
That's an insanely good deal. I've never used Cloudflare (nor do I intend to do so) but seemingly just registering on their site was enough to click the "claim offer" button so hopefully in the next 1-3 business days I'll receive the email from Yubico...
@jdaviescoates It seems you need to have an active zone or use zero trust.
Exclusive 'good for the Internet' pricing on security keys Cloudflare has partnered with Yubico to offer hardware authentication security keys at a promotional price to eligible Cloudflare customers. Select "Claim my offer" and Yubico will email the offer to the email address associated with your account if you are eligible. Eligible customers must have an active zone or actively use Cloudflare Zero Trust. You may not claim this offer multiple times from the same email and this offer may be restricted to one email per account. Cloudflare may modify, limit, or discontinue this promotion at any time. Offer is subject to Yubico's terms. Learn more about how Cloudflare Zero Trust makes it easy to activate and authenticate using your hardware security keys with any identity provider for more secure access to any self-hosted or SaaS application. By clicking "Claim my offer", you consent to Cloudflare sharing your email address with Yubico AB, Yubico GmbH, Yubico Inc. and Yubico Canada Inc. ("Yubico") solely for the purpose of you claiming this promotion from Yubico. Review the Yubico Privacy Notice to learn more. -
@humptydumpty said in Yubikey to secure servers.. has anyone tried it?:
do you have the FIPS version?
No, the fips version was not part of the promotion.
Vaultwarden would indeed work with the Yubikey. Because of some certificate issue I never got it to work with my old key. But that is sadly the downside of them. you cannot update their firmware (which to be fair would make them potentially less secure).
The other thing that i liked to do was to store a long passphrase on it (it acts as a keyboard when plugged). Then you can just add a custom pre or suffix and press the button and have an easy to enter secure password.
@fbartels I came across this Yubico page that lists which keys work with Bitwarden (includes the legacy keys) https://www.yubico.com/works-with-yubikey/catalog/bitwarden-premium/
-
@fbartels I came across this Yubico page that lists which keys work with Bitwarden (includes the legacy keys) https://www.yubico.com/works-with-yubikey/catalog/bitwarden-premium/
-
@fbartels I came across this Yubico page that lists which keys work with Bitwarden (includes the legacy keys) https://www.yubico.com/works-with-yubikey/catalog/bitwarden-premium/
@humptydumpty yes, I know them. the one I previously had is 9+ years old. I don't remember the details but some certificate on my stick was expired and therefore the setup with vaultwarden never worked. I wanted to upgrade to a stick that supports fido 2.0 for quite a while and the Cloudflare promotion was too good to miss.
-
@BrutalBirdie Thank @fbartels . We owe him a beer now.
-
@humptydumpty yes, I know them. the one I previously had is 9+ years old. I don't remember the details but some certificate on my stick was expired and therefore the setup with vaultwarden never worked. I wanted to upgrade to a stick that supports fido 2.0 for quite a while and the Cloudflare promotion was too good to miss.
@fbartels said in Yubikey to secure servers.. has anyone tried it?:
I wanted to upgrade to a stick that supports fido 2.0 for quite a while
I hear you. I looked into Yubikeys many times but the cost ramped up quickly since it's best if you have a backup key and with a handful of family members, the bill wasn't easy to swallow. This deal makes it possible. I wish they made a nano NFC version though. I could have it hidden inside a custom made wearable like a pendant, bracelet, or even toss it inside a watch.
-
@jdaviescoates It seems you need to have an active zone or use zero trust.
Exclusive 'good for the Internet' pricing on security keys Cloudflare has partnered with Yubico to offer hardware authentication security keys at a promotional price to eligible Cloudflare customers. Select "Claim my offer" and Yubico will email the offer to the email address associated with your account if you are eligible. Eligible customers must have an active zone or actively use Cloudflare Zero Trust. You may not claim this offer multiple times from the same email and this offer may be restricted to one email per account. Cloudflare may modify, limit, or discontinue this promotion at any time. Offer is subject to Yubico's terms. Learn more about how Cloudflare Zero Trust makes it easy to activate and authenticate using your hardware security keys with any identity provider for more secure access to any self-hosted or SaaS application. By clicking "Claim my offer", you consent to Cloudflare sharing your email address with Yubico AB, Yubico GmbH, Yubico Inc. and Yubico Canada Inc. ("Yubico") solely for the purpose of you claiming this promotion from Yubico. Review the Yubico Privacy Notice to learn more.@humptydumpty said in Yubikey to secure servers.. has anyone tried it?:
@jdaviescoates It seems you need to have an active zone or use zero trust.
thanks for the heads up, I guess I had better set something up then... hopefully I'm not too late (probably should've read that and done it before clicking on the claim offer button!)
-
I found the original Cloudflare blog post about this collab and the direct link is:
https://dash.cloudflare.com/?to=/:account/yubico-promotion
Either create an account or log in and that link will take you to the button to claim the offer.
@humptydumpty do I understand correctly that in order to use Cloudflare on a domain, they have to be registrar for it, i.e. transfer the domain to them?
I am my own Nominet registrar, so if the above is true, I cannot use Cloudflare on domains currently with Nominet.
EDIT : should have looked a bit further.
They don't support registering .UK domains so the above cannot be true.
Doh !
Ignore me. -
@humptydumpty do I understand correctly that in order to use Cloudflare on a domain, they have to be registrar for it, i.e. transfer the domain to them?
I am my own Nominet registrar, so if the above is true, I cannot use Cloudflare on domains currently with Nominet.
EDIT : should have looked a bit further.
They don't support registering .UK domains so the above cannot be true.
Doh !
Ignore me.@timconsidine Yes
They started fronting/protecting domains before they became a registrar which is very recent.
-
@BrutalBirdie Thank @fbartels . We owe him a beer now.
@humptydumpty said in Yubikey to secure servers.. has anyone tried it?:
We owe him a beer now.
If the yubico e-mail ever arrives
I will sponsor a beer. -
@humptydumpty do I understand correctly that in order to use Cloudflare on a domain, they have to be registrar for it, i.e. transfer the domain to them?
I am my own Nominet registrar, so if the above is true, I cannot use Cloudflare on domains currently with Nominet.
EDIT : should have looked a bit further.
They don't support registering .UK domains so the above cannot be true.
Doh !
Ignore me.@timconsidine said in Yubikey to secure servers.. has anyone tried it?:
do I understand correctly that in order to use Cloudflare on a domain, they have to be registrar for it, i.e. transfer the domain to them?
No, you can also delegate single zones or the whole domain to another name server.
For example I have some domains registered at autodns, which cloudron does not have an auto config for.
So I can delegate either the whole domain or a zone to another name server.Example:
I have my
AwesomeDomain.tldand I want to have a cloudron onmy.dev.AwesomeDomain.tldand want the.*.devzone to be managed by DigitalOcean.
I can set 3xNSrecords fordevwithns[1-3].digitalocean.com.as value.Now the zone is delegated to DigitalOcean DNS Servers and can be managed over there.
Watch out tho! When configuring Cloudron you have to click
Advanced settingsfor the DNS setup and set theZone Name (Optional)todev.AwesomeDomain.tldwhich would be by defaultAwesomeDomain.tld -
@timconsidine said in Yubikey to secure servers.. has anyone tried it?:
do I understand correctly that in order to use Cloudflare on a domain, they have to be registrar for it, i.e. transfer the domain to them?
No, you can also delegate single zones or the whole domain to another name server.
For example I have some domains registered at autodns, which cloudron does not have an auto config for.
So I can delegate either the whole domain or a zone to another name server.Example:
I have my
AwesomeDomain.tldand I want to have a cloudron onmy.dev.AwesomeDomain.tldand want the.*.devzone to be managed by DigitalOcean.
I can set 3xNSrecords fordevwithns[1-3].digitalocean.com.as value.Now the zone is delegated to DigitalOcean DNS Servers and can be managed over there.
Watch out tho! When configuring Cloudron you have to click
Advanced settingsfor the DNS setup and set theZone Name (Optional)todev.AwesomeDomain.tldwhich would be by defaultAwesomeDomain.tld@BrutalBirdie thank you !
For some reason I struggle with Cloudflare.
Must try harder - I'm sure it's within my grasp
-
@BrutalBirdie thank you !
For some reason I struggle with Cloudflare.
Must try harder - I'm sure it's within my grasp@timconsidine if you need some help, let me know. I am happy to help.
-
@BrutalBirdie thank you !
For some reason I struggle with Cloudflare.
Must try harder - I'm sure it's within my grasp@timconsidine No, I still have my domains at their respective registrars. You just edit the nameservers to cloudflare and you're set.
Cloudflare Nameservers To use Cloudflare, ensure your authoritative DNS servers, or nameservers have been changed. These are your assigned Cloudflare nameservers. Type Value NS sunny.ns.cloudflare.com NS terin.ns.cloudflare.comBTW, renewal prices have gone up. The .com was $8.57 and it has gone up to $9.15. Namesilo sent an email back in aug-sep(?) about the price increase so it must be ICANN mandated.
-
@timconsidine No, I still have my domains at their respective registrars. You just edit the nameservers to cloudflare and you're set.
Cloudflare Nameservers To use Cloudflare, ensure your authoritative DNS servers, or nameservers have been changed. These are your assigned Cloudflare nameservers. Type Value NS sunny.ns.cloudflare.com NS terin.ns.cloudflare.comBTW, renewal prices have gone up. The .com was $8.57 and it has gone up to $9.15. Namesilo sent an email back in aug-sep(?) about the price increase so it must be ICANN mandated.
@humptydumpty thank you
I use my Nominet account for *.UK and dynadot for all else.
Dynadot seem similar prices. -
@BrutalBirdie thank you !
For some reason I struggle with Cloudflare.
Must try harder - I'm sure it's within my grasp@timconsidine i recently documented the steps in a little blog post. https://blog.9wd.eu/posts/9wd-tech-external-services/
-
@timconsidine i recently documented the steps in a little blog post. https://blog.9wd.eu/posts/9wd-tech-external-services/
-
@jdaviescoates during the mess of figuring out how to get to that offer button, I created a new account and signed up for the offer just like you did. I received an email yesterday with the "decline" and telling me how to become eligible. The sad part is that I haven't received the coupon on my eligible account yet.
-
Update: I received my coupon email earlier today.
The email came from (add it to your whitelist):
resources {{a.t.}} info [.d.0.t.] yubico [.d.0.t.] comCongratulations! You are one step closer to activating phishing-resistant MFA with industry leading Yubico security keys at an exclusive 'good for the Internet' price. Even better news! For a limited time, we're excited to surprise you with an upgrade to our multi-protocol YubiKey 5 Series! You are now eligible to purchase up to 4 individual YubiKey 5 NFC or YubiKey 5C NFC (minimum 2) starting as low as $10 USD. Ready to get started with the YubiKey? Here is your single-use coupon for up to four (4) YubiKey 5 NFC or YubiKey 5C NFC (minimum 2) keys for as low as $10 USD or β¬10 Euros at www.yubico.com But there is moreβ¦. Looking to purchase more YubiKeys? YubiEnterprise Subscription provides flexible purchasing options of YubiKeys, predictable spend, premium support and a lower cost to entry. Cloudflare customers with 500 or more users are eligible to receive an exclusive 50% discount off their first year of YubiEnterprise Subscription.
