Skip to content

Commit

Permalink
Fix code-block syntax errors
Browse files Browse the repository at this point in the history
  • Loading branch information
mmerklinger committed Mar 22, 2024
1 parent 0b9618b commit 7eb8036
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 18 deletions.
7 changes: 5 additions & 2 deletions fido2/linux/desktop-login.rst
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ CLI Method

You can do so by using these commands:

.. rstcheck: ignore-next-code-block
.. code-block:: bash
$ sudo adduser <backup_user>
Expand Down Expand Up @@ -119,6 +120,7 @@ CLI Method
The Output should be something like the following:

.. rstcheck: ignore-next-code-block
.. code-block:: bash
/lib/x86_64-linux-gnu/security/pam_u2f.so: \ ELF 64-bit LSB shared object, x86-64, version 1 (SYSV),\ dynamically linked, BuildID[sha1]=1d55e1b11a97be2038c6a139579f6c0d91caedb1, stripped
Expand Down Expand Up @@ -164,9 +166,10 @@ CLI Method
user. For this purpose the previous command takes the ``-u``
option, to specify a user, like in the example below:

.. code-block:: bash
.. rstcheck: ignore-next-code-block
.. code-block:: bash
$ pamu2fcfg -u <username> > ~/.config/Nitrokey/u2f_keys
$ pamu2fcfg -u <username> > ~/.config/Nitrokey/u2f_keys
- For individual user configuration you should point to the home
directory in the next step, or not include the ``authfile`` option
Expand Down
6 changes: 5 additions & 1 deletion start/factory-reset.rst
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ To change the identity it suffices to send a custom CCID command. This could be

2. Connect your Nitrokey Start and verify that it got recognized.

.. rstcheck: ignore-next-code-block
.. code-block:: bash
$ nitropy start list
Expand All @@ -27,6 +28,7 @@ To change the identity it suffices to send a custom CCID command. This could be
3. Change the identity, by replacing ``<ID>`` with ``0``, ``1``, or ``2``.

.. rstcheck: ignore-next-code-block
.. code-block:: bash
$ nitropy start set-identity <ID>
Expand All @@ -39,7 +41,9 @@ Reset

.. code-block:: bash
$ gpg --card-edit` -> admin -> factory-reset
$ gpg --card-edit
In the menu enter `admin` and then `factory-reset`

This will reset the current identity. To reset all identitites the following needs to be done:

Expand Down
3 changes: 3 additions & 0 deletions start/linux/firmware-update.rst
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ To update the firmware of your Nitrokey Start, proceed as follows.
3. Connect your Nitrokey Start and verify its recognition.

.. rstcheck: ignore-next-code-block
.. code-block:: bash
$ nitropy start list
Expand Down Expand Up @@ -59,6 +60,7 @@ To update the firmware of your Nitrokey Start, proceed as follows.
see the latest firmware version available. Now you have to confirm
the update with “yes”.

.. rstcheck: ignore-next-code-block
.. code-block:: bash
Firmware data to be used:
Expand Down Expand Up @@ -89,6 +91,7 @@ To update the firmware of your Nitrokey Start, proceed as follows.
7. You can check the firmware version after the upgrade process has
completed.

.. rstcheck: ignore-next-code-block
.. code-block:: bash
$ nitropy start list
Expand Down
27 changes: 12 additions & 15 deletions storage/linux/openvpn-easyrsa.rst
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ Install OpenVPN
If you want to check the version, it possible by calling ``--version``
and print the following:

.. rstcheck: ignore-next-code-block
.. code-block:: bash
$ sudo openvpn --version
Expand Down Expand Up @@ -306,14 +307,10 @@ Configure the OpenVPN server

A connection that uses TLS requires multiple `certificates and keys for authentication <https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples>`__. Now that we issued and signed those, we can place them in the right directories. The breakdown of the certificates and keys that must be located at the root directory are the following:

.. code-block:: bash
OpenVPN server
- The root certificate file (CA.crt or chain.crt in our setup)
- Server certificate
- Server key
- Diffie Hellman Parameters (optional)
- The root certificate file (CA.crt or chain.crt in our setup)
- Server certificate
- Server key
- Diffie Hellman Parameters (optional)

On your OpenVPN server, now you can create the configuration file ``server.conf`` with your favorite text editor. The file can be configured according to your needs, while we make sure to change the server certificate and key sections according the names you chose for the your the files we signed:

Expand Down Expand Up @@ -459,12 +456,9 @@ Configure the client to interact with the Nitrokey

Now back on the client machine, we will plug the Nitrokey Pro and use it to establish the VPN connection with the server. In general terms, a connection that uses TLS requires multiple certificates and keys for authentication:

.. code-block:: bash
OpenVPN client
- The root certificate file (`chain.crt`)
- Client certificate
- Client key
- The root certificate file (`chain.crt`)
- Client certificate
- Client key

For this guide we can the following ``client.conf`` file, and add the required options to it accordingly:

Expand Down Expand Up @@ -630,6 +624,7 @@ Start the OpenVPN client

When executing OpenVPN client, Nitrokey’s PIN needs to be entered:

.. rstcheck: ignore-next-code-block
.. code-block:: bash
$ sudo openvpn --client --config client.conf
Expand All @@ -639,9 +634,10 @@ Start the OpenVPN client
Enter User PIN (OpenPGP card) token Password: ******
.. warning::

Unfortunately OpenVPN doesn’t seem to be able to establish a handshake and stops at an error as reported `here <https://support.nitrokey.com/t/nitrokey-pro-with-openssl-1-1-1-tls-1-3-and-rsa-based-certificates/2180/2>`__, `here <https://support.nitrokey.com/t/openvpn-openssl-error-141f0006/2637>`__ and `here <https://community.openvpn.net/openvpn/ticket/1215>`__

.. rstcheck: ignore-next-code-block
.. code-block:: bash
This is what the error output looks like:
Expand Down Expand Up @@ -672,6 +668,7 @@ Start the OpenVPN client
In some reported cases it does not prompt for a PIN on the terminal. One workaround would be to use to use this command to login with the PIN:

.. rstcheck: ignore-next-code-block
.. code-block:: bash
$ telnet 8888 password 'User PIN (OpenPGP card) token' <PIN>
Expand Down

0 comments on commit 7eb8036

Please sign in to comment.