--=-Q7X/Edgpj084N65AxIcW-- From nobody Sun Mar 12 19:26:50 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PZVCd4V44z3xWL9 for ; Sun, 12 Mar 2023 19:26:53 +0000 (UTC) (envelope-from jean-christophe@blues-softwares.net) Received: from mx.franceserv.fr (mx.franceserv.fr [62.4.19.99]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PZVCc4jzgz4GKL for ; Sun, 12 Mar 2023 19:26:52 +0000 (UTC) (envelope-from jean-christophe@blues-softwares.net) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of jean-christophe@blues-softwares.net designates 62.4.19.99 as permitted sender) smtp.mailfrom=jean-christophe@blues-softwares.net; dmarc=pass (policy=none) header.from=blues-softwares.net Message-ID: Subject: test mailing list From: Jean-Christophe To: freebsd-questions@freebsd.org Date: Sun, 12 Mar 2023 20:26:50 +0100 Content-Type: multipart/alternative; boundary="=-MYVR2LVtM0TY1UhBCPH5" User-Agent: Evolution 3.46.4-1 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 X-Abuse-Reports-To: abuse@franceserv.fr X-Spam-Level: X-Spam-Status: NO, score=-0.09 X-Spam-Score: -0.09 X-Spam-Flag: NO X-Spamd-Result: default: False [-3.78 / 15.00]; NEURAL_HAM_SHORT(-1.00)[-0.999]; NEURAL_HAM_MEDIUM(-0.99)[-0.990]; NEURAL_HAM_LONG(-0.99)[-0.988]; DMARC_POLICY_ALLOW(-0.50)[blues-softwares.net,none]; R_SPF_ALLOW(-0.20)[+mx:franceserv.fr:c]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; R_DKIM_NA(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_IN_DNSWL_NONE(0.00)[62.4.19.99:from]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; ASN(0.00)[asn:12876, ipnet:62.4.0.0/19, country:FR]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4PZVCc4jzgz4GKL X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N --=-MYVR2LVtM0TY1UhBCPH5 Content-Type: text/plain Content-Transfer-Encoding: 7bit hi, i test, i have a undelivred mail returned regard --=-MYVR2LVtM0TY1UhBCPH5 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

hi,

i test, i have a undelivred mai= l returned

regard

--=-MYVR2LVtM0TY1UhBCPH5-- From nobody Sun Mar 12 20:35:44 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PZWl73c3Yz3xbss for ; Sun, 12 Mar 2023 20:35:47 +0000 (UTC) (envelope-from jean-christophe@blues-softwares.net) Received: from mx.franceserv.fr (mx.franceserv.fr [62.4.19.99]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PZWl65Crtz4Mvm for ; Sun, 12 Mar 2023 20:35:46 +0000 (UTC) (envelope-from jean-christophe@blues-softwares.net) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of jean-christophe@blues-softwares.net designates 62.4.19.99 as permitted sender) smtp.mailfrom=jean-christophe@blues-softwares.net; dmarc=pass (policy=none) header.from=blues-softwares.net Message-ID: <8ef427543f851a296b4a1804764f3f5ece48225d.camel@blues-softwares.net> Subject: geli encryption on server From: Jean-Christophe To: freebsd-questions@freebsd.org Date: Sun, 12 Mar 2023 21:35:44 +0100 Content-Type: multipart/alternative; boundary="=-LJY8CN7L46AYQ4IU2Kak" User-Agent: Evolution 3.46.4-1 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 X-Abuse-Reports-To: abuse@franceserv.fr X-Spam-Level: X-Spam-Status: NO, score=-0.10 X-Spam-Score: -0.10 X-Spam-Flag: NO X-Spamd-Result: default: False [-3.77 / 15.00]; NEURAL_HAM_SHORT(-0.99)[-0.994]; NEURAL_HAM_LONG(-0.99)[-0.989]; NEURAL_HAM_MEDIUM(-0.99)[-0.988]; DMARC_POLICY_ALLOW(-0.50)[blues-softwares.net,none]; R_SPF_ALLOW(-0.20)[+mx:franceserv.fr:c]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; R_DKIM_NA(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_IN_DNSWL_NONE(0.00)[62.4.19.99:from]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; ASN(0.00)[asn:12876, ipnet:62.4.0.0/19, country:FR]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4PZWl65Crtz4Mvm X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N --=-LJY8CN7L46AYQ4IU2Kak Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit hi, how can I add passphrase at boot process for don´t ask it after all reboot ? regard, jean-christophe --=-LJY8CN7L46AYQ4IU2Kak Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

hi,

how can I ad= d passphrase at boot process for don=C2=B4t ask it after all reboot ?

regard,

jean-christophe

--=-LJY8CN7L46AYQ4IU2Kak-- From nobody Sun Mar 12 20:56:26 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PZXCW3fckz3xcfq for ; Sun, 12 Mar 2023 20:56:55 +0000 (UTC) (envelope-from ralf-mardorf@riseup.net) Received: from mx0.riseup.net (mx0.riseup.net [198.252.153.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mx0.riseup.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PZXCV1zJNz4QGj for ; Sun, 12 Mar 2023 20:56:54 +0000 (UTC) (envelope-from ralf-mardorf@riseup.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=riseup.net header.s=squak header.b=FA2KX5Yt; spf=pass (mx1.freebsd.org: domain of ralf-mardorf@riseup.net designates 198.252.153.6 as permitted sender) smtp.mailfrom=ralf-mardorf@riseup.net; dmarc=pass (policy=none) header.from=riseup.net Received: from fews1.riseup.net (fews1-pn.riseup.net [10.0.1.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.riseup.net", Issuer "R3" (not verified)) by mx0.riseup.net (Postfix) with ESMTPS id 4PZXCS1YS7z9t7c for ; Sun, 12 Mar 2023 20:56:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1678654612; bh=vIS2DE+U1mVjP5lBM6zQPepASjY0ts3s0OY8/7JqhRA=; h=Subject:From:To:Date:In-Reply-To:References:From; b=FA2KX5YtfSMiPRSzbwXCzea+xIycwjTBjWMH18mBY1XXItr5PG3IXAdT/Ibo1XbZR SNnm6BU1KS8G1dfiJnd4VPem/BKqVl2SQXtuvuQ42I5b9FcAnbjJcBZJldRFY1v5Y2 bTitdQm6WcHVHCTLQGEO5EEve4gUxLOBqrT0RuLc= X-Riseup-User-ID: 03BBD9342319731E54DD64837101CCFF4AB91F701CD295B177BB434F67F3E95C Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews1.riseup.net (Postfix) with ESMTPSA id 4PZXCR41F7z5vY8 for ; Sun, 12 Mar 2023 20:56:51 +0000 (UTC) Message-ID: <88029aefb44334736c61f1a8aab601083d4464f5.camel@riseup.net> Subject: [off-topic] configuration post installation FreeBSD server From: Ralf Mardorf To: questions@freebsd.org Date: Sun, 12 Mar 2023 21:56:26 +0100 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 X-Spamd-Result: default: False [-4.10 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[riseup.net,none]; R_SPF_ALLOW(-0.20)[+a:mx0.riseup.net]; R_DKIM_ALLOW(-0.20)[riseup.net:s=squak]; RCVD_IN_DNSWL_LOW(-0.10)[198.252.153.6:from]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[questions@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:16652, ipnet:198.252.153.0/24, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; DKIM_TRACE(0.00)[riseup.net:+]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DWL_DNSWL_NONE(0.00)[riseup.net:dkim]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[] X-Rspamd-Queue-Id: 4PZXCV1zJNz4QGj X-Spamd-Bar: ---- X-ThisMailContainsUnwantedMimeParts: N On Sun, 2023-03-12 at 22:05 +0300, Odhiambo Washington wrote: > egrep -v egrep isn't portable, for portable scripts use grep -E From nobody Sun Mar 12 22:36:48 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PZZR36fy0z3xkw5 for ; Sun, 12 Mar 2023 22:37:03 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PZZR32Hywz3FJn for ; Sun, 12 Mar 2023 22:37:03 +0000 (UTC) (envelope-from freebsd@edvax.de) Authentication-Results: mx1.freebsd.org; none Received: from r56.edvax.de ([178.5.90.214]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.167]) with ESMTPA (Nemesis) id 1N6Kl7-1qdeh61mY5-016eeR; Sun, 12 Mar 2023 23:36:49 +0100 Date: Sun, 12 Mar 2023 23:36:48 +0100 From: Polytropon To: Jean-Christophe Cc: freebsd-questions@FreeBSD.org Subject: Re: geli encryption on server Message-Id: <20230312233648.15753eed.freebsd@edvax.de> In-Reply-To: <8ef427543f851a296b4a1804764f3f5ece48225d.camel@blues-softwares.net> References: <8ef427543f851a296b4a1804764f3f5ece48225d.camel@blues-softwares.net> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:RvOwDbWH41DIMhdywKFjiIVDanrqKU1Pphnf9lxCc8F0TEL5L4Y 6JB10l1zqAThoWH2b41A0uozfE98Hb85x6ucophkQXE8SqQfja7FUUJ0ZXWgd4rnnGA+Jlh yR97EcGcjqVF7k4/Xy0hCrOAK1TdvMbeH9YOiGlEXGx2IvVnjYQiyOHZVFUApadYf7EFt8R dIcw0Vm1YQ0VhOWNjGjww== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:cdeh8fnrfPc=;DczGEAyy/N85MaWQWPO0XYEHIvy qq0iq5sQFQEhbL+DsJsqLJz5VFA+KSuQWK9OMM97gysWu1+WuCTndQ4vxtzm1PLQoLawx/Nfo EedlfcKu7sR7o5RTz2bdIfe1lG7XPlPIeg7cfv3fYYLmjSk86wjJC4eXN+H30rWvJGbkOmIAn CJocTPgD+TbRpvhAlZ5tPahIBEvgJ9X1yvNswJE/++4AChOAhjyq09nxko2QgGEi6bGO73CV8 gC0uWEi4oSnL/kqbV1LEWTY4h1gyDHz70i3XcbMFMTUxlS2umcAs4TloM6cmUToRO+PERjIgJ aYgcC6xVJIaNYlGQE674/orPwvkjS54n/D7OqNWTDmEZ5PU5NEM8SZmIDTSjepjWbpN3ZC7m2 Vkj7c4F5TodheWxgxKboIW7X+ixBwpZy+t9M3R5J+9qZddXrJennDT5vnqJYxYIENlN+5IuiY CuYIJx7e24OTzRVkf3UvWjkQGO6LynERMumr4oNWY86D6eMka7JZhD2h8fqceUkJDBbK1SHko XjsOaaSK8E0X9Lj/OMjvtaOVUZOjHWS8jw5eFfzlgzmEwqbK76ECohcVXzxz9ChmvKlJdEaun UuaMXHCDeH2qJi/C1pbgl5ELPpCKZnInuwL0SYC8VSSm4QUaprq91fPgtHMCPMo7r6M2BXJ/4 8dv/qVz8o6i6q4yacYqpDo/DrTu26y7NubHrxKbW1A== X-Rspamd-Queue-Id: 4PZZR32Hywz3FJn X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On Sun, 12 Mar 2023 21:35:44 +0100, Jean-Christophe wrote: > hi, > how can I add passphrase at boot process for don=B4t ask it after all > reboot ? Please excuse my ignorance, but what is the intended use for a passphrase that is never used? If you want encryption without any interactive part (which _might_ weaken security, depending on your scenario), just use a locally stored keyfile with no protection passphrase. You can find an example in "man geli", section EXAMPLES. If I remember correctly, it's the -P option in combination with the -K option... geli init -P -K ... You then add the location of the key file to /boot/loader.conf and reboot; no user input will then be needed. Keep the implications in mind: Everyone who has access to the keyfile, especially if it is stored on the same disk as the filesystem it will be used to encrypt, will have access to the encrypted content after the system has successfully booted - without requiring the thief to enter a passphrase, because that's so covenient. ;-) However, you _can_ use this approach with storing the keyfile on a USB stick and remove it when the system has been started. The USB stick only needs to be present when the system boots, and can be stored securely when the system is running. Or did I misinterpret your question? If yes, I'm sorry. Many things depend on your individual intended use, typical scenario, expected threats, and range of imagination. :-) --=20 Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From nobody Mon Mar 13 02:32:24 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PZgfq2fGDz3y0W4 for ; Mon, 13 Mar 2023 02:32:35 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PZgfm6h73z3rK7 for ; Mon, 13 Mar 2023 02:32:32 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cs.ait.ac.th header.s=selector1 header.b=Oy5qCbha; spf=pass (mx1.freebsd.org: domain of Olivier.Nicole@cs.ait.ac.th designates 192.41.170.16 as permitted sender) smtp.mailfrom=Olivier.Nicole@cs.ait.ac.th; dmarc=pass (policy=none) header.from=cs.ait.ac.th Received: from mail.cs.ait.ac.th (localhost [127.0.0.1]) by mail.cs.ait.ac.th (Postfix) with ESMTP id 7BC0F89283; Mon, 13 Mar 2023 09:32:26 +0700 (+07) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= content-type:content-type:mime-version:message-id:date:date :in-reply-to:subject:subject:from:from:received:received :received; s=selector1; t=1678674746; x=1680489147; bh=x97eN3Ii+ NZZtqFyqF1Wu5tUBb4EYnp1nx+ACC7+LDo=; b=Oy5qCbhaD03bsWGZd4Xf2OdNl j6GLTpeIh7eUjwsLSCLakbYl5y+fYHFVYaR/2rPOOYS7gcIQjMbYNfFsWYNczGir /TK4Nsc6Bn0d544H8cdxAgCGfo2GEXdKlo3OGHBuIbB8oUDOZEJU/BaIHnxH51bq 0NB41GbBqqtmO09g+8= X-Virus-Scanned: amavisd-new at cs.ait.ac.th Received: from mail.cs.ait.ac.th ([127.0.0.1]) by mail.cs.ait.ac.th (mail.cs.ait.ac.th [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id XviOww31A4Nu; Mon, 13 Mar 2023 09:32:26 +0700 (+07) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.cs.ait.ac.th (Postfix) with ESMTPS id 0F11889282; Mon, 13 Mar 2023 09:32:26 +0700 (+07) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.15.2/8.15.2/Submit) id 32D2WOvD035942; Mon, 13 Mar 2023 09:32:24 +0700 (ICT) (envelope-from on@banyan.cs.ait.ac.th) From: Olivier To: Jean-Christophe Cc: freebsd-questions@FreeBSD.org Subject: Re: configuration post installation FreeBSD server In-Reply-To: (message from Jean-Christophe on Sun, 12 Mar 2023 19:53:49 +0100) Date: Mon, 13 Mar 2023 09:32:24 +0700 Message-ID: List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain X-Spamd-Result: default: False [-0.30 / 15.00]; URIBL_RED(3.50)[blues-softwares.net:url,blues-softwares.net:email]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.996]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; R_DKIM_ALLOW(-0.20)[cs.ait.ac.th:s=selector1]; RCVD_IN_DNSWL_MED(-0.20)[192.41.170.16:from]; HAS_ANON_DOMAIN(0.10)[]; BAD_REP_POLICIES(0.10)[]; MIME_GOOD(-0.10)[text/plain]; DKIM_TRACE(0.00)[cs.ait.ac.th:+]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-questions@FreeBSD.org]; MIME_TRACE(0.00)[0:+]; DMARC_POLICY_ALLOW(0.00)[cs.ait.ac.th,none]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; RCPT_COUNT_TWO(0.00)[2]; TO_DN_SOME(0.00)[]; RCVD_TLS_LAST(0.00)[]; R_SPF_ALLOW(0.00)[+mx]; ASN(0.00)[asn:4767, ipnet:192.41.170.0/24, country:TH] X-Rspamd-Queue-Id: 4PZgfm6h73z3rK7 X-Spamd-Bar: / X-ThisMailContainsUnwantedMimeParts: N Jean-Christophe writes: > could you help me to create an plan for post installation configuration for a > FreeBSD server...? > create an doc in french on https://wiki.blues-softwares.net I think there is a French speaking mailing list for FreeBSD, maybe you should ask there. Also, what type of server are you talking about, the hardening highly depends on the services run on that server. Je crois qu'il y a une mailing list en francais, peut etre devrais tu poser ta question la bas. Et aussi, de quel type de3 serveur parles tu? La securite depend beaucoup des services que tu feras tourner sur ton serveur. Olivier > best regard, > jean-christophe -- From nobody Mon Mar 13 05:45:43 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PZlxk1sVMz3yC6N for ; Mon, 13 Mar 2023 05:45:46 +0000 (UTC) (envelope-from ralf-mardorf@riseup.net) Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mx1.riseup.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PZlxj2GyDz49Bs for ; Mon, 13 Mar 2023 05:45:45 +0000 (UTC) (envelope-from ralf-mardorf@riseup.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=riseup.net header.s=squak header.b=EjiPhA0v; spf=pass (mx1.freebsd.org: domain of ralf-mardorf@riseup.net designates 198.252.153.129 as permitted sender) smtp.mailfrom=ralf-mardorf@riseup.net; dmarc=pass (policy=none) header.from=riseup.net Received: from fews1.riseup.net (fews1-pn.riseup.net [10.0.1.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.riseup.net", Issuer "R3" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4PZlxg3y9hzDqCF for ; Mon, 13 Mar 2023 05:45:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1678686343; bh=9ruiDR9MIbfrkGv1R5efKMN25rRPkwzbCISjug/fWkg=; h=Subject:From:To:Date:In-Reply-To:References:From; b=EjiPhA0vvwCFzpgNjpp2QpcfURiKSRju33UPA5hMteIMk77EVcvTsOyPY9S+Cchvz iC5YPBxtVBS8Cc333mDhgoVR0gjbWc763aLCXLFDFwicP9fNoYAt7/I9F/A7cxSp9I CIuITTJDPG9a71N9mMe1tRvgOrkuAobT6S4anK5I= X-Riseup-User-ID: EDFF720671C0C4BE968254D573FA6E7774ABDB07233AA5BBB1EE682557EBD3AE Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews1.riseup.net (Postfix) with ESMTPSA id 4PZlxf6j9qz5vY8 for ; Mon, 13 Mar 2023 05:45:42 +0000 (UTC) Message-ID: <14aa1e4595dee522437202d34d2e73614aa42bac.camel@riseup.net> Subject: Re: geli encryption on server From: Ralf Mardorf To: questions@freebsd.org Date: Mon, 13 Mar 2023 06:45:43 +0100 In-Reply-To: <20230312233648.15753eed.freebsd@edvax.de> References: <8ef427543f851a296b4a1804764f3f5ece48225d.camel@blues-softwares.net> <20230312233648.15753eed.freebsd@edvax.de> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 X-Spamd-Result: default: False [-4.20 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[riseup.net,none]; R_DKIM_ALLOW(-0.20)[riseup.net:s=squak]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[198.252.153.129:from]; RWL_MAILSPIKE_GOOD(-0.10)[198.252.153.129:from]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[]; MLMMJ_DEST(0.00)[questions@freebsd.org]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; ASN(0.00)[asn:16652, ipnet:198.252.153.0/24, country:US]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[riseup.net:dkim]; DKIM_TRACE(0.00)[riseup.net:+]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[] X-Rspamd-Queue-Id: 4PZlxj2GyDz49Bs X-Spamd-Bar: ---- X-ThisMailContainsUnwantedMimeParts: N On Sun, 2023-03-12 at 23:36 +0100, Polytropon wrote: > However, you _can_ use this approach with storing the keyfile > on a USB stick and remove it when the system has been started. Since USB sticks are not reliable, backing up the key is required, but copies of keys lower security. While SanDisk Extreme PRO SD cards are reliable, I wouldn't trust the reliability. Btw. I already lost keys to decrypt emails out of sloppiness, IOW sometimes users aren't reliable, too. Not to mention that sometimes, though rarely, I don't know my bank card's 4-digit PIN at the supermarket checkout. Then I wish I had written them on the card ;D. Security measures are a double-edged sword. Useless when done wrong, but a pitfall when done right. From nobody Mon Mar 13 07:46:06 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PZpcp1VSvz3xKr2; Mon, 13 Mar 2023 07:46:18 +0000 (UTC) (envelope-from contact@evilham.com) Received: from yggdrasil.evilham.com (yggdrasil.evilham.com [IPv6:2a02:2770::216:3eff:fee1:cf9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PZpcn6jy7z4L0x; Mon, 13 Mar 2023 07:46:17 +0000 (UTC) (envelope-from contact@evilham.com) Authentication-Results: mx1.freebsd.org; none From: Evilham DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=evilham.com; s=mail; t=1678693569; bh=9BuKxPGHX+YjlAZKSA2DWeWj8/s9oDa8lTrek4KZVRs=; h=From:To:Cc:Subject:References:In-reply-to:Date; b=TGiKcoXeCXT2vtHXM1XWeuFsq16NBv8YodZkeQbE5lqvUOboADcBx91Q7okNSVwOe z+tNa8+yHbIgOvbszmmIJWxYaY+s+L4JqN+LYZlKkXgguVGQR+DxaI9u0zkNh2Qmpn d30QFBGZ4f7TOfPbLM90DZ0F4EfmQXZmZwgnjttQ= To: Jean-Christophe Cc: freebsd-questions@freebsd.org, questions@freebsd.org Subject: Re: geli encryption on server References: <8ef427543f851a296b4a1804764f3f5ece48225d.camel@blues-softwares.net> In-reply-to: <8ef427543f851a296b4a1804764f3f5ece48225d.camel@blues-softwares.net> Date: Mon, 13 Mar 2023 08:46:06 +0100 Message-ID: <01fca36fa1905197a0b5436be9f9ee112ff8@yggdrasil.evilham.com> List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4PZpcn6jy7z4L0x X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:196752, ipnet:2a02:2770::/32, country:NL] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On dg., mar=C3=A7 12 2023, Jean-Christophe wrote: > hi, > how can I add passphrase at boot process for don=C2=B4t ask it after=20 > all reboot ? > regard, > jean-christophe As others pointed out, beware that depending on what you are=20 doing, it might render your encryption pretty much useless. I use it to unlock other geli-encrypted drives providing just one=20 password, it's a decent compromise for me. Answering your question with those caveats: you can do this with=20 the options: geli_devices and geli_${PROVIDER}_flags This is documented in rc.conf(5) and /etc/rc.d/geli, AFAICT=20 geli_${PROVIDER}_flags is not documented on rc.conf(5), if this=20 saved you time please look into adding a patch fixing that. It can look something like in /etc/rc.conf: geli_devices=3D"gpt/home" geil_gpt_home_flags=3D"-pk '/secret/location/keyfile.secret'" Note that the '/' gets replaced with a '_' when you need to=20 provide the flags. Cheers, --=20 Evilham From nobody Mon Mar 13 07:46:06 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PZpcp1VSvz3xKr2; Mon, 13 Mar 2023 07:46:18 +0000 (UTC) (envelope-from contact@evilham.com) Received: from yggdrasil.evilham.com (yggdrasil.evilham.com [IPv6:2a02:2770::216:3eff:fee1:cf9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PZpcn6jy7z4L0x; Mon, 13 Mar 2023 07:46:17 +0000 (UTC) (envelope-from contact@evilham.com) Authentication-Results: mx1.freebsd.org; none From: Evilham DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=evilham.com; s=mail; t=1678693569; bh=9BuKxPGHX+YjlAZKSA2DWeWj8/s9oDa8lTrek4KZVRs=; h=From:To:Cc:Subject:References:In-reply-to:Date; b=TGiKcoXeCXT2vtHXM1XWeuFsq16NBv8YodZkeQbE5lqvUOboADcBx91Q7okNSVwOe z+tNa8+yHbIgOvbszmmIJWxYaY+s+L4JqN+LYZlKkXgguVGQR+DxaI9u0zkNh2Qmpn d30QFBGZ4f7TOfPbLM90DZ0F4EfmQXZmZwgnjttQ= To: Jean-Christophe Cc: freebsd-questions@freebsd.org, questions@freebsd.org Subject: Re: geli encryption on server References: <8ef427543f851a296b4a1804764f3f5ece48225d.camel@blues-softwares.net> In-reply-to: <8ef427543f851a296b4a1804764f3f5ece48225d.camel@blues-softwares.net> Date: Mon, 13 Mar 2023 08:46:06 +0100 Message-ID: <01fca36fa1905197a0b5436be9f9ee112ff8@yggdrasil.evilham.com> List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4PZpcn6jy7z4L0x X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:196752, ipnet:2a02:2770::/32, country:NL] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On dg., mar=C3=A7 12 2023, Jean-Christophe wrote: > hi, > how can I add passphrase at boot process for don=C2=B4t ask it after=20 > all reboot ? > regard, > jean-christophe As others pointed out, beware that depending on what you are=20 doing, it might render your encryption pretty much useless. I use it to unlock other geli-encrypted drives providing just one=20 password, it's a decent compromise for me. Answering your question with those caveats: you can do this with=20 the options: geli_devices and geli_${PROVIDER}_flags This is documented in rc.conf(5) and /etc/rc.d/geli, AFAICT=20 geli_${PROVIDER}_flags is not documented on rc.conf(5), if this=20 saved you time please look into adding a patch fixing that. It can look something like in /etc/rc.conf: geli_devices=3D"gpt/home" geil_gpt_home_flags=3D"-pk '/secret/location/keyfile.secret'" Note that the '/' gets replaced with a '_' when you need to=20 provide the flags. Cheers, --=20 Evilham From nobody Wed Mar 15 17:04:22 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PcGw03fNfz3yl26 for ; Wed, 15 Mar 2023 17:04:32 +0000 (UTC) (envelope-from mail@souji-thenria.net) Received: from alisa.souji-thenria.net (alisa.souji-thenria.net [188.68.37.165]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PcGvz0qClz3GFs for ; Wed, 15 Mar 2023 17:04:30 +0000 (UTC) (envelope-from mail@souji-thenria.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=souji-thenria.net header.s=20220813rsa header.b=1XIwo48Q; spf=pass (mx1.freebsd.org: domain of mail@souji-thenria.net designates 188.68.37.165 as permitted sender) smtp.mailfrom=mail@souji-thenria.net; dmarc=pass (policy=quarantine) header.from=souji-thenria.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=souji-thenria.net; s=20220813rsa; t=1678899862; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AapBT8bn/x7nmS4I4oQlWDHWRNCtZ3U6wefquxt8cYc=; b=1XIwo48QxGrmV1ssqMQ07WHyXYpLP2mKnEqAfMVLCjfAyay9KU6yctx890aGo9yNmZbCuQ qIJECMUhv5+9XmeZ8CRBzUneazf05xwh39bfbbt3VSnf3MbCobZaj8M64Wn9uFEdIcI/Cl UsoT603P2sd876dh1YsDxhLKsoQugCDocExmnpwU0ekrlH6NFYRG7jjhBtWALyxDgrDC1n jbd4D7RvW2SIV/KfdfcqOcbGbxgLpORqHvW/HqpdJvn0MihfA1+JEa8+gbfvZExXmu7ug1 sk/cgMyecF2xWREoyfDcmO9JoSKZBDV8Uhhef0XbuhTCY0LLzzeJESko04QhRw== Received: from [192.168.178.41] (nat-178-19-229-24.net.encoline.de [178.19.229.24]) by alisa.souji-thenria.net (OpenSMTPD) with ESMTPSA id c9a83d56 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Wed, 15 Mar 2023 18:04:22 +0100 (CET) Message-ID: Date: Wed, 15 Mar 2023 18:04:22 +0100 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Content-Language: en-US To: freebsd-questions@freebsd.org From: Souji Thenria Subject: Using Yubikey with Firefox Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[souji-thenria.net,quarantine]; R_SPF_ALLOW(-0.20)[+mx]; R_DKIM_ALLOW(-0.20)[souji-thenria.net:s=20220813rsa]; MIME_GOOD(-0.10)[text/plain]; DKIM_TRACE(0.00)[souji-thenria.net:+]; ASN(0.00)[asn:197540, ipnet:188.68.32.0/20, country:DE]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4PcGvz0qClz3GFs X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N Hello everyone, I'm trying to use my Yubikey with Firefox 111.0 (64-bit) on FreeBSD 13.1-RELEASE-p7. When I try to, e.g. log into my GitHub Account, I get the info window from Firefox that it is now expecting the security key. However, nothing happens when I try to use it, just like Firefox is unaware of the Yubikey. I already set the "security.webauth*" options in Firefox to true, installed "u2f-devd", and set it up for my user. Additionally, I tried using it with Chromium (Version: 111.0.5563.64), but this just worked. Am I missing some additional configuration to get this working with Firefox? Thanks, Souji. -- Souji Thenria From nobody Thu Mar 16 00:11:27 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PcSNt1wbtz3y19N for ; Thu, 16 Mar 2023 00:11:42 +0000 (UTC) (envelope-from walterp@gmail.com) Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PcSNs4GQNz4GBM for ; Thu, 16 Mar 2023 00:11:41 +0000 (UTC) (envelope-from walterp@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=Ch1xf+tl; spf=pass (mx1.freebsd.org: domain of walterp@gmail.com designates 2607:f8b0:4864:20::32d as permitted sender) smtp.mailfrom=walterp@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-ot1-x32d.google.com with SMTP id t10-20020a9d774a000000b00698d7d8d512so92847otl.10 for ; Wed, 15 Mar 2023 17:11:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1678925499; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=/93xLAnqJRyyGxMUxJ3JziPcbNVSYrFqYAsQ7VXB0Zo=; b=Ch1xf+tlffWxHDuM9rSbfK6xkofNScov2opWzncRXZfJOqek+5H3Jo+Td9I3KduJSL 2kkCx2JCso2X1Ujne+uyP2COT1WnCCuXuP4AwxbOpG5ysYgaydQcQ2onJ2Cbueg5mtb/ TzaztD0VO0tJN2mqHGNivwaNoQoJhMgJQTJtzrBFfbZiyzFjlioWpvMtzL7GKy+8Jkp2 iIZU+f/VoGGuIg8fFW1qj0H6G30XX9bLyz0ekhd3Tk3FGt+eVRB7N2ji4ZRqnEroyWAj FdBkylVeuf6AWFGxU4qsK9j3nv/MQgH/gnww0PRlMWT5S74Wg+Jq58/RrePKHBVBDpRk lrWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678925499; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=/93xLAnqJRyyGxMUxJ3JziPcbNVSYrFqYAsQ7VXB0Zo=; b=VEsnPZBsO4xU2CHNCpGuPXcTPzQxxj93q7kdS5E+I/abKEDItowUpycWRutlgY6+oI JElmWiF3omHA3poq0yvveZD5w802V19aX2a6FUp7+5JPWF6epz3HNJgt5WekQmgWx4MH kiKTY6+D6hEoA5AzYGmPn0MmUMe5QnhkQDlHbkxZTocJL5HsxB6rDagglJoSGF4PkAhB NRMWYtgwv9rVQjMBlpF1gdQcmDB7RnVP9iAIcIqz5VCarVmzhfaKfL2C6N9u6ioIXtYE x2we52RxHWnFsJbtaPlxrG0w+9G26h0l+6euO0tyg4EFdzvpYcovLIqXIAMtwUOzkqde zsTg== X-Gm-Message-State: AO0yUKXJ5vWXVRefWxku6RA2SCaIA1ShQNynyWjLxTedWxrinwyEgSDp 4rXpE+2itC9lwJy4sM6rtiH5lPNnpypEpmeU3v0e4v/fRTWzQw== X-Google-Smtp-Source: AK7set+ML5Z8YLv+HyQcE/KehDRHNRxsUD74Ehefyzmjk613Q2OAdDGZw0vPeI59CgYqoM0yoija1rZVOu0q2V5fhxU= X-Received: by 2002:a9d:7105:0:b0:690:c81f:d459 with SMTP id n5-20020a9d7105000000b00690c81fd459mr14027130otj.3.1678925498840; Wed, 15 Mar 2023 17:11:38 -0700 (PDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 From: Walter Parker Date: Wed, 15 Mar 2023 17:11:27 -0700 Message-ID: Subject: Helpful hint on AWS EC2 use in cloud formation templates To: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::32d:from]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FREEMAIL_ENVFROM(0.00)[gmail.com]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FREEMAIL_FROM(0.00)[gmail.com]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-Rspamd-Queue-Id: 4PcSNs4GQNz4GBM X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N For people that use cloud formation templates on AWS to spin up FreeBSD instances, you can get the AMI from the Systems Manager public parameters page. For example, to get 13.1 stable, use the following in your parameter block FreeBSDAMI: Type: AWS::SSM::Parameter::Value Description: SSM parameter name for the FreeBSD 13.1 Stable AMI Id Default: /aws/service/freebsd/arm64/base/ufs/13.1/RELEASE Many of the 12.X and 13.X versions are listed there. If you run your templates in multiple regions, this will pick the correct AMI Id for that region. Walter From nobody Thu Mar 16 00:29:50 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PcSnv0w4Yz3y2N7 for ; Thu, 16 Mar 2023 00:29:55 +0000 (UTC) (envelope-from dan@langille.org) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PcSnt38JLz4JjW for ; Thu, 16 Mar 2023 00:29:54 +0000 (UTC) (envelope-from dan@langille.org) Authentication-Results: mx1.freebsd.org; none Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 76FAE5C00DA; Wed, 15 Mar 2023 20:29:52 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Wed, 15 Mar 2023 20:29:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm2; t= 1678926592; x=1679012992; bh=598W5WUcfyjhCZeZuGykmywAL2C4QqBdb8G vZiLu+M8=; b=Yabh2F0i0Vx7p25wQu/xLjOpZPUC0JRpnJOBL+i5eMtY2EOF0HY HHFOwhit3OKNugKGz0klbZyJkgDVf6vcDX+Vmru5/WSTzbNyQjo4TSqjnUjhBHoh vA3BTkT2OQ6lhu8dswu9KBCoNNupi32Cl3OkUI9YL/Mc1JKKLc8s3lz3t+EuE9Hm NZ60TCsHMAJEqfNjrMCVt6Kt/d/Wqd9RgwPNJ8FE+mTmi4kOMnO4qoN+o7scitI/ b+bAb8WZt/BaTSgv6mzpUxO9n9aGDG/ekDR6bpTw0uS40rzclhDxKiTohJDorbwa 1jI1lnz2r5/BxqgRLQ3CqtOyNn/r61IfBCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1678926592; x=1679012992; bh=598W5WUcfyjhCZeZuGykmywAL2C4QqBdb8G vZiLu+M8=; b=W5dgttXJbEPveE14ONo2TILbd3uhzXxxaTe5dqdE54hkhO0Jpys fB+YKTB5DxTFQYRPF/wPpcdywnH86AUqaFhPFlQ9w+kvKPiYDtrPsjv+HoNF1ZYl 8lBze2oAIsrQ475EyX7M3jT9j+vFANItpclgj5hLzxQFijYIiH5L0gcuO9nBe413 XK7yZzpX9/aTe+DXC9zu6G9vuhQIu16oggjL1OggnrAkVzIKXt1wpOFFJp25BYIp vj5JrlgO1MfS0UQ1IQEHiF+n2M5q2x9DkhOyxaNc034drCI/13QP9qAg/1DyiLm8 YNF/D+EXl2auWiWPPMtlTffga/VVZutGJLA== X-ME-Sender:

X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvddvledgvddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepuffvvehfhffkffgfgggjtgfgsehtkeertddtfeejnecuhfhrohhmpeffrghn ucfnrghnghhilhhlvgcuoegurghnsehlrghnghhilhhlvgdrohhrgheqnecuggftrfgrth htvghrnhepheehudffteelieduheeugfeiffeuffduudeuffdvtdfgheefheetfffhueei veeinecuffhomhgrihhnpehlrghnghhilhhlvgdrohhrghenucevlhhushhtvghrufhiii gvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegurghnsehlrghnghhilhhlvgdrohhr gh X-ME-Proxy:

Feedback-ID: ifbf9424e:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 15 Mar 2023 20:29:52 -0400 (EDT) Subject: Re: Helpful hint on AWS EC2 use in cloud formation templates To: Walter Parker Cc: freebsd-questions@freebsd.org References: From: Dan Langille Message-ID: Date: Wed, 15 Mar 2023 20:29:50 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:52.0) Gecko/20100101 PostboxApp/7.0.59 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 4PcSnt38JLz4JjW X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N Walter Parker wrote on 3/15/23 8:11 PM: > For people that use cloud formation templates on AWS to spin up > FreeBSD instances, you can get the AMI from the Systems Manager public > parameters page. > > For example, to get 13.1 stable, use the following in your parameter block > > FreeBSDAMI: > Type: AWS::SSM::Parameter::Value > Description: SSM parameter name for the FreeBSD 13.1 Stable AMI Id > Default: /aws/service/freebsd/arm64/base/ufs/13.1/RELEASE I see ufs. Is zfs also an option? -- Dan Langille - dan@langille.org https://langille.org/ From nobody Thu Mar 16 00:34:47 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PcSvm2nKCz3y2W5 for ; Thu, 16 Mar 2023 00:35:00 +0000 (UTC) (envelope-from walterp@gmail.com) Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PcSvm0cRSz4KrC for ; Thu, 16 Mar 2023 00:35:00 +0000 (UTC) (envelope-from walterp@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-pf1-x434.google.com with SMTP id ay18so211823pfb.2 for ; Wed, 15 Mar 2023 17:35:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1678926899; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=/zZp5EZqFXHbAJE0b0MxnBG/xr0oP2eGWs+5HvQg5yI=; b=eEiUQ9YxTLXO1CAYA2R1+rGSRFj0l3LKWgtEYlAnphBSt9SazbEACw0KyJ++aUAhw2 zbWcKsUmh4xBwix/acjsbLxll+5OG9mXCucz9ogUDow89CSyd1NrOmUtw2aNYFJNGpsE rm2mM1tBmIjhOui/cTAYv0dX7PNlbPuaDmvq7XwNj6uhkHZ4RAm/rE9yiJ4BoWiUSovw 3lQ+f47DFvEOjsIYfk9Squn0BK67gIvL9wRUh/usZx9t3+/gI1bZYy2pSi87b0UnLUXs gFO4UnWhS0P+HN7xc6Q728Gc0aKxBNq/TeGmXR9BNnWeSGUtwLtq+SP+VA9gDDpeJkOB uK3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678926899; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/zZp5EZqFXHbAJE0b0MxnBG/xr0oP2eGWs+5HvQg5yI=; b=eKLbKjcOD5t+5XttStvEJWiU++ASFSZjxRnDAlveOGUxX4J0yheOZYxOtqQyuBIBL/ sZY60IrJiRrIhXTQIkRMHzx1+H6viwa6nGqGRly7W55v+OnROzhM66GwzopDFgZ9m3oM dHcM/KGHeFWt7yZDT11A/M9pYGkGIaXJW8Kp33XBaYgHTfJrVgqi5+CgDZKu+Ei+P7E7 RTAyUWrOWpxzyYJj7ixolhUOZjifCh+JwOq+LHHEWrSlLOfyzebnQcvH4dxiK6PAPdmL Gpn7mOaRdiQ53+gYhyYLI9kIZalTMInZNU8YeCjnqMUJNxr7VIyk/UW630tsYnmgKU8F QWxg== X-Gm-Message-State: AO0yUKV1sX2orWQ26eIzeupuxjKzuXIHCi42shFfd4khhZWuwpVTuOAv capxdDiR1r5Y6wEnDC/EJb00trnPly6RJBT9hfcfdhCFKQ9NUQ== X-Google-Smtp-Source: AK7set+sHlazWx8Bdaj9eLgfgOgea6vjpE1g23SIRKpPDbx89QmAI0jyfySkogDpYDOBoYtH1gJYWgnalrSvP2b5Ncs= X-Received: by 2002:a65:568d:0:b0:503:99d5:4ef7 with SMTP id v13-20020a65568d000000b0050399d54ef7mr306616pgs.12.1678926898703; Wed, 15 Mar 2023 17:34:58 -0700 (PDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References:

In-Reply-To: From: Walter Parker Date: Wed, 15 Mar 2023 17:34:47 -0700 Message-ID: Subject: Re: Helpful hint on AWS EC2 use in cloud formation templates To: Dan Langille Cc: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4PcSvm0cRSz4KrC X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On Wed, Mar 15, 2023 at 5:29=E2=80=AFPM Dan Langille wro= te: > > Walter Parker wrote on 3/15/23 8:11 PM: > > For people that use cloud formation templates on AWS to spin up > > FreeBSD instances, you can get the AMI from the Systems Manager public > > parameters page. > > > > For example, to get 13.1 stable, use the following in your parameter bl= ock > > > > FreeBSDAMI: > > Type: AWS::SSM::Parameter::Value > > Description: SSM parameter name for the FreeBSD 13.1 Stable AMI Id > > Default: /aws/service/freebsd/arm64/base/ufs/13.1/RELEASE > I see ufs. Is zfs also an option? > -- > Dan Langille - dan@langille.org > https://langille.org/ No, I have included a list of all the items included below: /aws/service/freebsd/amd64/base/ufs/12.0/RELEASE /aws/service/freebsd/amd64/base/ufs/12.1/RELEASE /aws/service/freebsd/amd64/base/ufs/12.2/RELEASE /aws/service/freebsd/amd64/base/ufs/12.2/STABLE /aws/service/freebsd/amd64/base/ufs/12.3/BETA1 /aws/service/freebsd/amd64/base/ufs/12.3/BETA2 /aws/service/freebsd/amd64/base/ufs/12.3/BETA3 /aws/service/freebsd/amd64/base/ufs/12.3/PRERELEASE /aws/service/freebsd/amd64/base/ufs/12.3/RC1 /aws/service/freebsd/amd64/base/ufs/12.3/RC2 /aws/service/freebsd/amd64/base/ufs/12.3/RELEASE /aws/service/freebsd/amd64/base/ufs/12.3/STABLE /aws/service/freebsd/amd64/base/ufs/12.4/BETA1 /aws/service/freebsd/amd64/base/ufs/12.4/PRERELEASE /aws/service/freebsd/amd64/base/ufs/12.4/RC1 /aws/service/freebsd/amd64/base/ufs/12.4/RC2 /aws/service/freebsd/amd64/base/ufs/12.4/RELEASE /aws/service/freebsd/amd64/base/ufs/12.4/STABLE /aws/service/freebsd/amd64/base/ufs/13.0/RELEASE /aws/service/freebsd/amd64/base/ufs/13.0/STABLE /aws/service/freebsd/amd64/base/ufs/13.1/BETA3 /aws/service/freebsd/amd64/base/ufs/13.1/PRERELEASE /aws/service/freebsd/amd64/base/ufs/13.1/RC1 /aws/service/freebsd/amd64/base/ufs/13.1/RC2 /aws/service/freebsd/amd64/base/ufs/13.1/RC3 /aws/service/freebsd/amd64/base/ufs/13.1/RC4 /aws/service/freebsd/amd64/base/ufs/13.1/RC5 /aws/service/freebsd/amd64/base/ufs/13.1/RC6 /aws/service/freebsd/amd64/base/ufs/13.1/RELEASE /aws/service/freebsd/amd64/base/ufs/13.1/STABLE /aws/service/freebsd/amd64/base/ufs/13.2/BETA1 /aws/service/freebsd/amd64/base/ufs/13.2/BETA2 /aws/service/freebsd/amd64/base/ufs/13.2/BETA3 /aws/service/freebsd/amd64/base/ufs/13.2/PRERELEASE /aws/service/freebsd/amd64/base/ufs/13.2/RC1 /aws/service/freebsd/amd64/base/ufs/13.2/RC2 /aws/service/freebsd/amd64/base/ufs/13.2/STABLE /aws/service/freebsd/amd64/base/ufs/14.0/CURRENT /aws/service/freebsd/arm64/base/ufs/12.1/RELEASE /aws/service/freebsd/arm64/base/ufs/12.2/RELEASE /aws/service/freebsd/arm64/base/ufs/12.2/STABLE /aws/service/freebsd/arm64/base/ufs/12.3/BETA1 /aws/service/freebsd/arm64/base/ufs/12.3/BETA2 /aws/service/freebsd/arm64/base/ufs/12.3/BETA3 /aws/service/freebsd/arm64/base/ufs/12.3/PRERELEASE /aws/service/freebsd/arm64/base/ufs/12.3/RC1 /aws/service/freebsd/arm64/base/ufs/12.3/RC2 /aws/service/freebsd/arm64/base/ufs/12.3/RELEASE /aws/service/freebsd/arm64/base/ufs/12.3/STABLE /aws/service/freebsd/arm64/base/ufs/12.4/RC2 Walter --=20 The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis From nobody Thu Mar 16 17:17:15 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Pcv8F0Z3rz3yLtD for ; Thu, 16 Mar 2023 17:17:17 +0000 (UTC) (envelope-from grahamperrin@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Pcv8F023zz3rbG for ; Thu, 16 Mar 2023 17:17:17 +0000 (UTC) (envelope-from grahamperrin@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678987037; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=EtzKvyzDAjWQO69s+RqlrR2Mylebnf99F0y87yAiK8M=; b=KbsIAK0W0IAmF2Tii/t/VWU6zLGYOpmU8PBgZG68rtswxhU27B6cAeTiMbWmFrWSbxXMHh MYjSkZo79MhoMBA1JAs3KKbeSroaEdYtvHsghU4CLHY1Esl3eIEpjZvVcrmtiukFXDYayt 1pzOX14432NsQAbWNDCpGSoTfc9E5eFVD+d/OlsOzqt8nxkRgYGQZllv/jO93BaoBGNSjm Ao7OIOp66mRd+1Xw3KeX3ybDARY9qA72K21XFr58r2bHCpk4O+AY6p0vh85L22VWJDB1Iv UMl6+wjGPmvaJ0fGhWyFkTqh2Rljfqo4dRzkrq+49hNfvwR24RGvHVbcvkx/XQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678987037; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=EtzKvyzDAjWQO69s+RqlrR2Mylebnf99F0y87yAiK8M=; b=tB2DweMgk37JSRFMxskOccRLXyiJ4sKyrtL17BvJnpNLjiDaFrPkB3Ku/2CLzuEhhMKYPw fXy1yeKvLZsZ+fyiDBwx43Hc6iAPplMbwayMLL1qXk45kbZbOp7VwSNuFNztBGxNudkZee WWCRz5JaSZLS2QtSTNibwTTeTbp3Ali6vNFmxdY2bdQWaa3Gmnvxcr8C4R6NVkyIAMgoGu NZpsjFYKjaMvHouJc9dHmfDIxa/1SGyO1tgJJAvCvWhv6GJa1EfHDWXZ7VyzrYPbqkMqPs cDKEAgEreQDU/rkhUh8MGn+y1QtF9qmnK3TO6u30qQjS85sZL+zI9j6Dlhnl/A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1678987037; a=rsa-sha256; cv=none; b=sYibnNP/7NlKMRBo4CECSnJo//sSzbpKKZWDINViVQh+bjnLKI+Rek++EfgGaOmAFP3PFx Qlk8NHsf6DZ49Of4WP+6O8JOyE0Wv2Be410o/zSEOaSaJow0DQCiZ0EFOYpvNCk3RjQF12 37jkyGhbcG1BXi6xRvAQysnz6HJr7RP4X9YcwvjDCm+h06P1g5CvseW/0PsLegL881MSsU zyMhcxILAbuowBstZ7ODrY9e5uyU+1PD7UeX1TJ4cGHPmSPxckqDFU4jl7FZ+DirVUqY5d YbPLm/T3OoZEeM+Yve7QFgBTFEfpMUT/72dLqxtAa80IWrqgAbOX2Fu6rXnCxA== Received: from [194.81.204.43] (oa-mowa-01-194.81.204.43.brighton.ac.uk [194.81.204.43]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) (Authenticated sender: grahamperrin) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Pcv8D4vYBzbDG for ; Thu, 16 Mar 2023 17:17:16 +0000 (UTC) (envelope-from grahamperrin@freebsd.org) Message-ID: <2fe92502-7189-57f4-4199-d02e13fe5efc@freebsd.org> Date: Thu, 16 Mar 2023 17:17:15 +0000 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: Using Yubikey with Firefox Content-Language: en-US To: questions@freebsd.org References: From: Graham Perrin Organization: FreeBSD In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------LXIuSs1M5T0z25Mn2BJC1B6s" X-ThisMailContainsUnwantedMimeParts: N This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------LXIuSs1M5T0z25Mn2BJC1B6s Content-Type: multipart/mixed; boundary="------------QPJwhLlKd1dEV8aPNaEksSoP"; protected-headers="v1" From: Graham Perrin To: questions@freebsd.org Message-ID: <2fe92502-7189-57f4-4199-d02e13fe5efc@freebsd.org> Subject: Re: Using Yubikey with Firefox References: In-Reply-To: --------------QPJwhLlKd1dEV8aPNaEksSoP Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 UGxlYXNlIHNlZSA8aHR0cHM6Ly9idWdzLmZyZWVic2Qub3JnL2J1Z3ppbGxhL3Nob3dfYnVn LmNnaT9pZD0yNzAwOTI+Lg0K --------------QPJwhLlKd1dEV8aPNaEksSoP-- --------------LXIuSs1M5T0z25Mn2BJC1B6s Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEWT/lssMHB+28ly8Kt2dIb0oY1AsFAmQTTxsFAwAAAAAACgkQt2dIb0oY1Av3 Rw/+LmBesuig6Jksqwqa6WIlJV7nT8u9K9dRXNsg+/O5X4Wr2G8r0+x37xZNIcig88fj/QVZbIqi 3IHh2lEWX9z9gNo2nIpdiaYPeHigfTuQHQCUGq+n9ZiLQCo9Cc4FbdeLYskp5NOjAr8rukNSqiBQ uvB4KfnqYDfom96lQZAcZtof0qn36wBjPLY1VSqu2jJYQUUIhgivSIcry2o0Kap8BrjiKsbtxonk XIonsM6ra5EetNTbawTL3Flr5ckRgWe0dOOaC4n6TFrpu81vq2gPLBxDJOMr//6gHRQbf6t1NYK9 Eq4SbzMtgr55Hh+SxvnWAnlioJhlWldIchWuBu6TwiXfF6H5gTTvHcDSlPE8mQeeaRET0w7FSo9Y J3SbmmS53ydjiYAdWoZxJ4bNPNISHjRF7O2HFCJTtWpeYDc8d7ixIQPVE17fFROjrYViD9SSkTDV wPJLublX5KtedCndmCvVjbZyTq5cIG3sEPmoeP9WvmzKnn5knuS6Apykspmye0UevgmVkdornWjO t7IQZ0JypvNlGTxmOjZMScUgwKSH6PFDZSpO8qQM1ycpu4It94TrIfpquydwc8H4DDJIQOG1W8lq Z5LtobRnhci555As0MQrIe39Pr1RKWzfuF7MpJTbEwMCEsfN/9Yp65e69xiFHWnowOsptjKgwPEH sE4= =x2Mo -----END PGP SIGNATURE----- --------------LXIuSs1M5T0z25Mn2BJC1B6s-- From nobody Thu Mar 16 18:04:49 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PcwCC04FYz3yQ58 for ; Thu, 16 Mar 2023 18:04:55 +0000 (UTC) (envelope-from mail@souji-thenria.net) Received: from alisa.souji-thenria.net (alisa.souji-thenria.net [188.68.37.165]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PcwCB35cNz3yff; Thu, 16 Mar 2023 18:04:54 +0000 (UTC) (envelope-from mail@souji-thenria.net) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=souji-thenria.net; s=20220813rsa; t=1678989890; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=I+UKDiDz8K6i13Jr0qFEHHk+Nzojv9hCrYlqPn15usw=; b=AkTmWz7ee+bu5aZIbStVQWESkXjqZQ/GUDd7TqMKfm6lxWojUBW/Ymka9fGIl4qq/gCCtB AtylULxxajj9zxbbPqfJk2bBe6P88QKl4eOtpSHmGqJCLTaI3+3NAZQL3id/9xdgaseA83 GpRHAyOJE3jRJJgoG4E8txa8ZWcCurJRkXHb/U6UrZLDMnsmwkfvpxzxAPcL4FZF7jePyx kOAC/Cu62r6OkrGFfH110nEhOrnHCucJ9mUasJIRkrvTmlU98V2BNAKzqdtHcb2X/7lhni mVgJHLBJz2IHe48cRAN4zFtosvjmkOSBPxzF+7GGvVzaeZwEYzthW6y+gMeDRA== Received: from [192.168.178.41] (nat-178-19-229-24.net.encoline.de [178.19.229.24]) by alisa.souji-thenria.net (OpenSMTPD) with ESMTPSA id 26984bd7 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Thu, 16 Mar 2023 19:04:50 +0100 (CET) Message-ID: Date: Thu, 16 Mar 2023 19:04:49 +0100 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: Using Yubikey with Firefox To: Graham Perrin , questions@freebsd.org References: <2fe92502-7189-57f4-4199-d02e13fe5efc@freebsd.org> Content-Language: en-US From: Souji Thenria In-Reply-To: <2fe92502-7189-57f4-4199-d02e13fe5efc@freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4PcwCB35cNz3yff X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:197540, ipnet:188.68.32.0/20, country:DE] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On 3/16/23 18:17, Graham Perrin wrote: > Please see . Thanks a lot. I hadn't seen this. -- Souji Thenria