adingbatponder (@adingbatponder@fosstodon.org)
@eXo_X5
Stories from the life of an admin:
Yesterday I was sitting in a pleasantly sparsely occupied IC train of the #diebahn #bahn from Berlin to Magdeburg.
To pass the time, I wanted to tinker with a few devices via the train’s #wifi.
Since they don’t have their own addresses, they can only be reached over #IPv4 using several #ssh hops. There is no #IPv6 in the Bahn wifi.
No problem, I thought – that’s why I have my #wireguard #vpn with IPv6.
And that’s where our story begins:
1/6
Show Original Post
linuxnews (@linuxnews@social.anoxinon.de)
Ich gebe zu: ich beende manchmal die #ssh Session weil alles klemmt #nobodysperfect
Show Original Post
eXo_X5 (@eXo_X5@machteburch.social)
Geschichten aus dem Leben eines Admins:
Ich saß gestern in einem erfreulich gering besetzen IC der #bahn von Berlin nach Magdeburg.
Um mir die Zeit zu vertreiben, wollte ich über das Bahn #wifi an ein paar Geräten rumspielen.
Mangels eigener Adressen, sind diese über IPv4 nur mit mehreren #ssh hops zu erreichen. IPv6 gibt es im Bahn wifi nicht.
Ist ja kein Problem, dachte ich mir, dazu habe ich ja mein #wireguard #vpn mit IPv6.
Und damit beginnt unsere Geschichte:
[1]
Show Original Post
royalapps (@royalapps@dotnet.social)
Royal Apps Security Week Day 5 🔐 Work safer and faster with our AutoFill for Web Pages using TOTP MFA Code Generator in Royal TS for Windows 🚀
#security #password #devops #itadmin #remotemanagement #RDP #remotedesktop #ssh
Show Original Post
royalapps (@royalapps@dotnet.social)
Royal Apps Security Week Day 4 🔐 The Document Store in Royal Server provides one secure, encrypted hub for all your Royal TS/X documents — with backups and access control built in 🗂️
Read more here:
https://docs.royalapps.com/r2023/royalserver/components/document-store/index.html
#security #password #devops #itadmin #remotemanagement #RDP #remotedesktop #ssh
Show Original Post
kkremitzki (@kkremitzki@mastodon.social)
I recently added a passphrase to an #SSH key I didn't have one on originally, and now it seems I can't remove it? `ssh-keygen -p` with a blank passphrase and `ssh-add -D` both report success temporarily, but when I reboot it starts asking again??
Show Original Post
dcz (@dcz@fosstodon.org)
Does anyone here know #linux mount namespaces well?
I need to #ssh to an old phone supporting only #RSA but I don't want a huge #container .
When I override /etc/ssh_config in a namespace to add rsa, that file is not owned by root and ssh exits...
Show Original Post
ostechnix (@ostechnix@floss.social)
Error triggered during SSH hardening? No worries! This guide explains how to fix fail2Ban startup error on Debian Linux 13 step by step.
Step-by-Step Tutorial: https://ostechnix.com/fail2ban-startup-errors-debian-13-ssh-hardening/
#SSH #SecureShell #Debian #Troubleshooting #Linux
Show Original Post
admin (@admin@mstdn.feddit.social)
找了个时间优化了服务器便利性和“安全性”
1. Termius访问
Termius生成三个密钥分配给三台服务器
export到~/.ssh/authorized_keys
检查authorized_keys内容正确
测试密钥&无密码登录
2. 配置ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 特殊端口/tcp
sudo ufw enable
sudo ufw status verbose
3. 配置fail2ban
sudo nano /etc/fail2ban/jail.local
[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
banaction = ufw
ignoreip = 127.0.0.1/8 ::1 X Y Z
[sshd]
enabled = true
port = 特殊端口
backend = systemd
sudo apt update && sudo apt install python3-systemd -y
sudo systemctl enable --now fail2ban
sudo systemctl restart fail2ban
sudo fail2ban-client status sshd
3. 配置sshd_config
sudo nano /etc/ssh/sshd_config
Port 特殊端口
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
sudo sshd -t
sudo systemctl restart ssh
4. 更改hostname
sudo hostnamectl set-hostname xxx
sudo nano /etc/hosts
修改127.0.1.1 后主机名为xxx
hostnamectl status
5. 配置互通
ssh-keygen -t ed25519 -C "from_$(hostname)" -N "" -f ~/.ssh/id_ed25519
cat id_ed25519.pub
nano ~/.ssh/authorized_keys
一共三行,Termius pub、其他两台服务器的pub
6. 配置Alias
nano ~/.bashrc
alias nc='ssh -p 特殊端口 jay@ipX'
alias cc='ssh -p 特殊端口 jay@ipY'
alias hd='ssh -p 特殊端口 jay@ipZ'
source ~/.bashrc
nc (netcup)
cc (clawcloud)
hd (hostdzire)
或者
nano ~/.ssh/config
Host nc
HostName X
Port 特殊端口
User jay
Host cc
HostName Y
Port 特殊端口
User jay
Host hd
HostName Z
Port 特殊端口
User jay
ssh nc
ssh cc
ssh hd
还可以加上“ProxyJump cc”连 xxx 之前先跳到 cc
#ssh #sshd #pub #alias #ProxyJump #authorized_keys #termius #ufw #fail2ban
Show Original Post
royalapps (@royalapps@dotnet.social)
Royal Apps Security Week Day 3 🔐 Managing credentials shouldn’t slow you down ⏰ with Royal Passwords, your logins are encrypted, organized, and just one click away—right in your browser. Read more: https://www.royalapps.com/go/kb-all-web-autofill
#security #password #devops #itadmin #remotemanagement #RDP #remotedesktop #ssh
Show Original Post
corsac (@corsac@mastodon.social)
Publication par l'ANSSI de trois fiches techniques sur la transition vers la cryptographie post-quantique (PQC):
IPsec: https://messervices.cyber.gouv.fr/guides/Transition-post-quantique-protocole-IPsec
SSHv2: https://messervices.cyber.gouv.fr/guides/Transition-post-quantique-protocole-SSHv2
TLS 1.3: https://messervices.cyber.gouv.fr/guides/Transition-post-quantique-protocole-TLS-1-3
#pqc #infosec #cybersecurity #cryptographie #ipsec #ike #ssh #tls #anssi
Show Original Post
kkarhan (@kkarhan@infosec.space)
@siklist Good question.
@Waterfox should be able to import things and if you're on #Linux all you need is to sync the subdirectory at $HOME/.config/ with any tool you want.
@fuchsiii does sync her stuff with @nextcloud as it has the #Nextcloud #Bookmarks sync option and she's using multiple devices, OSes and browsers at the same time.
Personally, I do backup, sync and restore my stuff to by personal mini-server at home via #SSH onto an encrypted drive.
Tho my default browser is @torproject / #TorBrowser and that is best used on @tails_live / @tails / #Tails which can also do manual syncing via SSH on the local network.
- I've not bothered to setup an #OnionService because it's beyond what I personally need but some folks do need it.
But what pisses me off is #Mozilla's tone-deaf ignorance of LITERALLY EVERYONE that uses #Firefox that they need to STOP #Enshittifying NOW!
- Because the only folks that love "#AI" / #AIslop are financial assholes like #A16z that push the whole "AI" #PumpAndDump #scam because they lost out when #Shitcoins and #NFTs didn't became mainstream and they gamble that the #Trump regime won't #PopTheBubble because it's already "#TooBigToFail" and will make the #GreatRecession look like the time (not so long ago) when #Switzerland deregulated [#CHF - #EUR] exchange rates in comparison!
Cc: @mozilla_support
Show Original Post