diff --git a/fido2/linux/desktop-login.rst b/fido2/linux/desktop-login.rst index 377087e5a0..da961ada90 100644 --- a/fido2/linux/desktop-login.rst +++ b/fido2/linux/desktop-login.rst @@ -60,6 +60,7 @@ CLI Method You can do so by using these commands: + .. rstcheck: ignore-next-code-block .. code-block:: bash $ sudo adduser @@ -119,6 +120,7 @@ CLI Method The Output should be something like the following: + .. rstcheck: ignore-next-code-block .. code-block:: bash /lib/x86_64-linux-gnu/security/pam_u2f.so: \ ELF 64-bit LSB shared object, x86-64, version 1 (SYSV),\ dynamically linked, BuildID[sha1]=1d55e1b11a97be2038c6a139579f6c0d91caedb1, stripped @@ -164,9 +166,10 @@ CLI Method user. For this purpose the previous command takes the ``-u`` option, to specify a user, like in the example below: - .. code-block:: bash + .. rstcheck: ignore-next-code-block + .. code-block:: bash - $ pamu2fcfg -u > ~/.config/Nitrokey/u2f_keys + $ pamu2fcfg -u > ~/.config/Nitrokey/u2f_keys - For individual user configuration you should point to the home directory in the next step, or not include the ``authfile`` option diff --git a/start/factory-reset.rst b/start/factory-reset.rst index f4b7722715..3bc5fe81db 100644 --- a/start/factory-reset.rst +++ b/start/factory-reset.rst @@ -18,6 +18,7 @@ To change the identity it suffices to send a custom CCID command. This could be 2. Connect your Nitrokey Start and verify that it got recognized. + .. rstcheck: ignore-next-code-block .. code-block:: bash $ nitropy start list @@ -27,6 +28,7 @@ To change the identity it suffices to send a custom CCID command. This could be 3. Change the identity, by replacing ```` with ``0``, ``1``, or ``2``. + .. rstcheck: ignore-next-code-block .. code-block:: bash $ nitropy start set-identity @@ -39,7 +41,9 @@ Reset .. code-block:: bash - $ gpg --card-edit` -> admin -> factory-reset + $ gpg --card-edit + +In the menu enter `admin` and then `factory-reset` This will reset the current identity. To reset all identitites the following needs to be done: diff --git a/start/linux/firmware-update.rst b/start/linux/firmware-update.rst index 441e59789d..6ba94be8c8 100644 --- a/start/linux/firmware-update.rst +++ b/start/linux/firmware-update.rst @@ -28,6 +28,7 @@ To update the firmware of your Nitrokey Start, proceed as follows. 3. Connect your Nitrokey Start and verify its recognition. + .. rstcheck: ignore-next-code-block .. code-block:: bash $ nitropy start list @@ -59,6 +60,7 @@ To update the firmware of your Nitrokey Start, proceed as follows. see the latest firmware version available. Now you have to confirm the update with “yes”. + .. rstcheck: ignore-next-code-block .. code-block:: bash Firmware data to be used: @@ -89,6 +91,7 @@ To update the firmware of your Nitrokey Start, proceed as follows. 7. You can check the firmware version after the upgrade process has completed. + .. rstcheck: ignore-next-code-block .. code-block:: bash $ nitropy start list diff --git a/storage/linux/openvpn-easyrsa.rst b/storage/linux/openvpn-easyrsa.rst index 7ecf9f5da8..f8412c4186 100644 --- a/storage/linux/openvpn-easyrsa.rst +++ b/storage/linux/openvpn-easyrsa.rst @@ -105,6 +105,7 @@ Install OpenVPN If you want to check the version, it possible by calling ``--version`` and print the following: + .. rstcheck: ignore-next-code-block .. code-block:: bash $ sudo openvpn --version @@ -306,14 +307,10 @@ Configure the OpenVPN server A connection that uses TLS requires multiple `certificates and keys for authentication `__. Now that we issued and signed those, we can place them in the right directories. The breakdown of the certificates and keys that must be located at the root directory are the following: -.. code-block:: bash - - OpenVPN server - - - The root certificate file (CA.crt or chain.crt in our setup) - - Server certificate - - Server key - - Diffie Hellman Parameters (optional) +- The root certificate file (CA.crt or chain.crt in our setup) +- Server certificate +- Server key +- Diffie Hellman Parameters (optional) On your OpenVPN server, now you can create the configuration file ``server.conf`` with your favorite text editor. The file can be configured according to your needs, while we make sure to change the server certificate and key sections according the names you chose for the your the files we signed: @@ -459,12 +456,9 @@ Configure the client to interact with the Nitrokey Now back on the client machine, we will plug the Nitrokey Pro and use it to establish the VPN connection with the server. In general terms, a connection that uses TLS requires multiple certificates and keys for authentication: -.. code-block:: bash - - OpenVPN client - - The root certificate file (`chain.crt`) - - Client certificate - - Client key +- The root certificate file (`chain.crt`) +- Client certificate +- Client key For this guide we can the following ``client.conf`` file, and add the required options to it accordingly: @@ -630,6 +624,7 @@ Start the OpenVPN client When executing OpenVPN client, Nitrokey’s PIN needs to be entered: + .. rstcheck: ignore-next-code-block .. code-block:: bash $ sudo openvpn --client --config client.conf @@ -639,9 +634,10 @@ Start the OpenVPN client Enter User PIN (OpenPGP card) token Password: ****** .. warning:: - + Unfortunately OpenVPN doesn’t seem to be able to establish a handshake and stops at an error as reported `here `__, `here `__ and `here `__ + .. rstcheck: ignore-next-code-block .. code-block:: bash This is what the error output looks like: @@ -672,6 +668,7 @@ Start the OpenVPN client In some reported cases it does not prompt for a PIN on the terminal. One workaround would be to use to use this command to login with the PIN: + .. rstcheck: ignore-next-code-block .. code-block:: bash $ telnet 8888 password 'User PIN (OpenPGP card) token'