suzanne.soy/qubes-doc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avoid password in shell history

Browse Source 
as suggested by @marmarek

https://github.com/QubesOS/qubes-doc/pull/582#pullrequestreview-98203644
This commit is contained in:
Patrick Schleizer 2018-02-23 13:58:16 +01:00 committed by GitHub
parent aaf1342b59
commit 582125abab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
security/yubi-key.md
View File

@ -81,11 +81,15 @@ To use this mode you need to:
6. Paste your hashed password (other than your standard Qubes password) into 6. Paste your hashed password (other than your standard Qubes password) into
`/etc/qubes/yk-keys/yk-login-pass-hashed.hex` in dom0. `/etc/qubes/yk-keys/yk-login-pass-hashed.hex` in dom0.
You can calculate your hashed password using this command: You can calculate your hashed password using the following two commands.
First run the following command to store your password in a temporary variable `password`.
(This way your password will not leak to the terminal commnand history file.)
echo -n "PASSWORD" | openssl dgst -sha1 read password
(Replace `PASSWORD` with your actual password.) Now run the following command to calculate your hashed password.
echo -n "$password" | openssl dgst -sha1
7. Edit `/etc/pam.d/login` in dom0. Add this line at the beginning: 7. Edit `/etc/pam.d/login` in dom0. Add this line at the beginning: