I use yubikey for ssh access mostly (setting it and GPG signatures with unextractable key was fun and messy). Moving secret key across machines became quite easy to do in a secure manner. I was thinking about making it boot key for my portable laptop, but ended up just having throwaway policy about its contents and relatively weak encryption passwords not worth bruteforcing. Losing a key to a laptop that could be lost itself on the other hand sounds like quite a shame. With stationary server, I don’t know, I feel like anything more complicated then a power switch that could be operated with physical access IMO does not provide extra security because - yubikey left in a rack is just as hard to push as power button.

Also make sure you have more than one, they could easily break, be lost, or eaten by a dog named Kubernetes. Seriously, I had friends who neglected this advise and got in a mess.

It’s not like I’m a fan of yubikeys, I just happened to get quite a lot of them on one of a gigs I was doing and had to come up with sensible uses. Well, signing git commits and other gpg stuff was not sensible.

Whoa, FreeDNS is a killer, I wish I knew about it before! I have domains to donate probably (unless they expired lol). I sure need to try that.

Yeah, using VPS to route traffic is an obvious solution, I’m thinking about it as the last resort here.

So how does this work then, I host DNS and it pushes my data to other DNS servers around the net every time my IP address changes? Can you share an example of how could be set up?