Articles

In this article, I outline the setup of a matrix server in a Python virtual environment on Fedora. This is based on the setup I used for my matrix server matrix.kplante.com as of July 2022. Matrix is a decentralized network which bridges clients for instant messaging, video conferencing, and VoIP. It supports end to end encryption via the Olm and Megolm cryptographic ratchets. This outline will cover various aspects of security hardening starting from the deployment of the server....

Rerefence from Yubico Since version 8.2p1, OpenSSH has supported FIDO2. This allows us to use hardware security keys (such as the yubikey) as a second factor for SSH logins, offering a very strong layer of security on top of the existing cryptographic strength of SSH keys. The Problem SSH keys are ubiquitous, for good reason. Permitting password authentication on an SSH server is widely considered insecure. SSH keys use public key cryptography so that secrets never need to be shared with the server, and modern cryptographic primitives like ed25519 are very strong....