Learn about popular enterprise routing protocols, including EIGRP and BGP, and how they differ.
Expect the new Ethernet standard show up quickly in data centers and campus networks.
I managed to get an SSH client working using an SSH pubkey protected by a TPM.
This is another post in my series in playing with TPM chips:
This is not needed, since TPM operations only need well known SRK PIN, not owner PIN, to do useful stuff. I only document it here in case you want to do it. Microsoft recommends against it.
Set OSManagedAuthLevel
to 4
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM\OSManagedAuthLevel
2 -> 4
Reboot.
Clear TPM
Run tpm.msc
and choose “Clear TPM”. The machine will reboot
and ask you to press F12 or something for physical proof of
presence to clear it.
Set owner password from within tpm.msc
Create key
PIN must be at least 8 characters.C:\> tpmvscmgr.exe create /name “myhostnamehere VSC” /pin prompt /adminkey random /generate
Create CSR
Create a new text file req.inf
:
[NewRequest] Subject = “CN=myhostnamehere” Keylength = 2048 Exportable = FALSE UserProtected = TRUE MachineKeySet = FALSE ProviderName = “Microsoft Base Smart Card Crypto Provider” ProviderType = 1 RequestType = PKCS10 KeyUsage = 0x80
C:\> certreq -new -f req.inf Continue reading
I managed to get an SSH client working using an SSH pubkey protected by a TPM.
This is not needed, since TPM operations only need well known SRK PIN, not owner PIN, to do useful stuff. I only document it here in case you want to do it. Microsoft recommends against it.
Set OSManagedAuthLevel
to 4
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM\OSManagedAuthLevel
2 -> 4
Reboot.
Clear TPM
Run tpm.msc
and choose “Clear TPM”. The machine will reboot
and ask you to press F12 or something for physical proof of
presence to clear it.
Set owner password from within tpm.msc
Create key
tpmvscmgr.exe create /name "myhostnamehere VSC" /pin prompt /adminkey random /generate
PIN must be at least 8 characters.
Create CSR
Create a new text file req.inf
:
[NewRequest]
Subject = "CN=myhostnamehere"
Keylength = 2048
Exportable = FALSE
UserProtected = TRUE
MachineKeySet = FALSE
ProviderName = "Microsoft Base Smart Card Crypto Provider"
ProviderType = 1
RequestType = PKCS10
KeyUsage = 0x80
certreq -new -f req.inf myhostname.csr
If you get any errors, just reboot and try again with the command that failed.
Get the CSR signed by any Continue reading