snap

Enhancing KeePassXC with YubiKey on Ubuntu: Enabling the Raw-USB Interface

 in GNU/Linux  tagged bash / GNU/Linux / raw-usb / snap / ubuntu / usb / yubikey by

In digital security, combining hardware-based authentication devices like YubiKey with robust password management solutions such as KeePassXC represents a gold standard. YubiKey provides a physical, secure element for two-factor authentication, significantly enhancing security over traditional password-only systems. KeePassXC, a free and open-source password manager, allows users to manage their passwords securely. However, when running KeePassXC as a Snap package on Ubuntu, users may encounter an unexpected hurdle due to Snap’s inherent security and isolation features. This post aims to guide you through enabling your YubiKey hardware to work seamlessly with KeePassXC installed via Snap by manually allowing the raw-usb to interface.

Understanding the Challenge

Snap, a package management and deployment system developed by Canonical, allows for the consistent, secure distribution and installation of applications across different Linux distributions. Snap packages are containerized to ensure isolation from the rest of the system, enhancing security by restricting the application’s access to the host system’s resources and hardware interfaces.

While these isolation features benefit security, they can also impose limitations. Specifically, for KeePassXC users wishing to utilize a YubiKey for added security, Snap’s default restrictions prevent the application from accessing the USB hardware directly. This is where the raw-usb interface comes into play.

The raw-usb Interface

The raw-usb interface in Snap allows a snap-packaged application to communicate with USB hardware directly, bypassing the usual restrictions. By enabling this interface for KeePassXC, the application can interact with your YubiKey, utilizing it for secure two-factor authentication.

Step-by-Step Guide to Enabling the raw-usb Interface

  1. Open Your Terminal: First, access your terminal. You can do this by pressing Ctrl + Alt + T on your keyboard or searching for “Terminal” in your applications menu.
  2. Execute the Command: In the terminal, type the following command:
1
sudo snap connect "keepassxc:raw-usb" "core:raw-usb"

This command instructs your system to enable the raw-usb interface specifically for KeePassXC. Here’s a breakdown of the command:

  • sudo: This prefix grants administrative (superuser) permissions for the operation, which is necessary for modifying system-wide settings.
  • snap connect: This is the command to link a Snap package to a specific interface.
  • "keepassxc:raw-usb": Specifies the KeePassXC snap package and the raw-usb interface within it.
  • "core:raw-usb": Refers to the raw-usb interface the core Snap provides, which grants access to USB devices.
  1. Enter Your Password: After entering the command, you’ll be prompted to enter your password. This is the password you use to log in to your Ubuntu account. Since you’re executing a command with sudo, your password is required to confirm that you have the necessary permissions to make system-level changes.
  2. Confirmation: If successful, you won’t see a detailed message; the lack of error messages typically indicates that the operation was successful. You’ve now enabled KeePassXC to access USB devices directly.

Testing the Configuration

After enabling the raw-usb interface, launch KeePassXC and attempt to use your YubiKey as part of your two-factor authentication setup. If everything is configured correctly, KeePassXC should recognize your YubiKey without any issues.

Conclusion

The security of your digital life is paramount in an era where online threats are increasingly sophisticated. By integrating YubiKey with KeePassXC on Ubuntu, you significantly enhance your digital security posture. The process of enabling the raw-usb interface for KeePassXC, while a bit technical, is a small step with significant benefits for your security setup. It exemplifies the balance between security and usability, allowing you to leverage cutting-edge security hardware without compromising on the convenience and ease of use offered by modern Linux distributions and applications.

How to Run Three Instances of Signal on Ubuntu

 in GNU/Linux  tagged apt / signal beta / signal desktop / snap / ubuntu by

Signal is a popular, privacy-focused messaging app. For various reasons, you might want to run multiple instances of Signal on your Ubuntu system. Here, we’ll guide you through the process of installing three different versions of Signal: the Snap package, the standard Debian-based installation, and the Signal Beta for Linux.

Prerequisites

  • Ubuntu OS (We recommend a recent version, like 20.04 or later)
  • Basic understanding of Linux terminal commands

1. Installing Signal from Snap

Snap is a package management system that makes it easy to install applications in Linux. Follow these steps to install Signal using Snap:

  1. Open Terminal: Use Ctrl+Alt+T to open the terminal.
  2. Install Signal: Enter the command: sudo snap install signal-desktop.
  3. Launch Signal: You can find Signal in your applications menu or launch it from the terminal with signal-desktop.

2. Installing Signal Using Linux (Debian-based) Install Instructions

For the second instance, we will use the Debian-based installation method (https://signal.org/download/):

  1. Add Signal’s Official Repository:
    • Open Terminal.
    • Enter:
      wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg;
      cat signal-desktop-keyring.gpg | sudo tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null;
    • Add the repository:
      echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' | sudo tee /etc/apt/sources.list.d/signal-xenial.list;
  2. Update and Install Signal:
    • Update package database: sudo apt update.
    • Install Signal: sudo apt install signal-desktop.
  3. Launch the Application: Find Signal in your application menu or type signal-desktop in the terminal.

3. Installing Signal Beta for Linux (Debian-based)

Finally, let’s install the Beta version (https://support.signal.org/hc/en-us/articles/360007318471-Signal-Beta):

  1. Add Signal Beta Repository:
    • Open Terminal.
    • Enter:
      wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg;
      cat signal-desktop-keyring.gpg | sudo tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null;
    • Add the Beta repository:
      echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' | sudo tee -a /etc/apt/sources.list.d/signal-xenial.list
  2. Update and Install Signal Beta:
    • Update the system: sudo apt update.
    • Install Signal Beta: sudo apt install signal-desktop-beta.
  3. Launch Signal Beta: It should appear in your applications menu or can be started from the terminal with signal-desktop-beta.

Tips for Managing Multiple Instances

  • Different Profiles: Each instance of Signal will require a different phone number for registration.
  • System Resources: Running multiple instances can consume more system resources. Monitor your system’s performance.
  • Updates: Regularly check for updates to each version to ensure security and functionality.

Conclusion

With these steps, you should now have three different versions of Signal running on your Ubuntu system. This setup is ideal for separating personal, work, and testing environments within the same machine. Enjoy your enhanced and versatile messaging experience!

Remove Disabled Snaps.

 in Bash / GNU/Linux  tagged bash / clean up / free space / GNU/Linux / snap / ubuntu by
1
LANG=C snap list --all | awk '/disabled/{print $1" --revision "$3}' | xargs -rn3 sudo snap remove;

Let us break down the command for you:

  1. LANG=C sets the language to English (C locale), which can be helpful to ensure consistent behavior across different systems with different default languages. We used this to make sure that the word disabled will appear for disabled snaps and not some other translation.
  2. snap list --all lists all installed snaps (i.e., packages) along with their details. The output of this command is piped to the following command.
  3. awk '/disabled/{print $1" --revision "$3}' searches for lines in the output that contain the word “disabled” and prints the first field (i.e., the name of the snap) followed by the string “–revision” and the third field (i.e., the revision number). This output is piped to the next command.
  4. xargs -rn3 sudo snap remove takes groups of three arguments from the input and runs the command snap remove with those arguments. In this case, the first argument is the name of the disabled snap; the second argument is the string “–revision”, and the third argument is the revision number. This will remove all disabled snaps and their associated revisions.

So, in summary, the command searches for all disabled snaps on the system, extracts their name and revision number and then removes them using the snap remove command. This is a very useful command to free up some space without losing data or functionality.

Linux mouse jiggler

 in GNU/Linux  tagged github / GNU/Linux / jiggle / jiggler / Keep-Presence / mouse / open source / snap by

Keep-Presence is an innovative program that automatically detects when you’re away from your computer and moves the mouse or presses a key to keep it active. This is especially helpful when you need to keep your computer running but don’t want it to lock or sleep due to inactivity.

What’s excellent about Keep-Presence is that it won’t interfere with your work while using your computer. Instead, it only activates when it detects that you’re away, so you can rest assured that your computer will remain active even if you step away from your desk for a few minutes.

This program is beneficial if you’re working remotely and need to step away from your computer frequently. With Keep-Presence, you can trick your machine into thinking you’re still working on it, which can be helpful if you need to step away for a short period and don’t want to constantly re-login or restart your work.

In summary, Keep-Presence is a helpful program that keeps your computer active even when you’re away. It’s an excellent tool for those who work remotely or need to step away from their desk frequently, and it won’t interfere with your work while using your computer.

This software is available in GitHub and the snap package manager.

https://github.com/carrot69/keep-presence/

To install using snap, execute the following command:

1
2
3
4
sudo snap install keep-presence;
#Just execute the following to start the application with default settings
keep-presence;
#Use Ctrl+C to stop it.

We used it in Ubuntu 22.04LTS with success.

Optional arguments

-h, --help                        show this help message and exit
            
-s SECONDS, --seconds SECONDS     Define in seconds how long to wait after a user is
                                  considered idle. Default 300.

-p PIXELS, --pixels PIXELS        Set how many pixels the mouse should move. Default 1.

-c, --circular                    Move mouse in a circle. Default move diagonally.

-m MODE, --mode MODE              Available options: keyboard, mouse, both; default is mouse. 
                                  This is the action that will be executed when the user is idle. 
                                  If keyboard is selected, the program will press the shift key. 
                                  If mouse is selected, the program will move the mouse. 
                                  If both is selected, the program will do both actions.

-r RANDOM RANDOM, --random RANDOM RANDOM
                                  Usage: two numbers (ex. -r 3 10). Execute actions based on a 
                                  random interval between start and stop seconds. 
                                  Note: Overwrites the seconds argument.