LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Blogs
User Name
Password

Notices

Old

OpenSSH common mistakes, tips, and tricks

Posted 10-14-2014 at 11:09 PM by sag47

Here's a post about common mistakes I see made with SSH. A few shortcuts to being more productive when you have a complicated server network. And other neat tips and tricks.

authorized_keys Permissions

The most common problem I see new users attempting to use public key auth is to get the permissions wrong either on their home directory, .ssh directory, or authorized_keys file. Luckily, the openssh project provides a helpful FAQ answer.

The Almighty...
Senior Member
Posted in Uncategorized
Views 132 Comments 0 sag47 is offline
Old

My iptables firewall

Posted 10-14-2014 at 10:33 PM by sag47

Recently I posted about my firewall. Here I'm reposting that to my blog.

Here's a redacted version of my firewall rules. I'll point out a couple of things. This firewall is designed similarly to how the new RHEL7 firewalld behaves. When evaluating RHEL7 I saw some cool firewall tricks and incorporated it into my firewall (this way you can take advantage of doing things like dynamically adding and removing rules without having to refresh the firewall).

At the top...
Senior Member
Posted in Uncategorized
Views 128 Comments 0 sag47 is offline
Old

Securing your passwords in KeePass

Posted 12-04-2013 at 11:14 AM by sag47
Updated 12-04-2013 at 11:22 AM by sag47

The Linux port of KeePass is called KeePassX.

The following knowledge base article discusses the encryption mechanisms involved with securing keepass databases.

http://keepass.info/help/base/security.html

That's a good read and I highly recommend everyone read it. It tells you about mitigating brute force attacks by modifying iterations of hashes. It even has a little button that computes 1 seconds worth of hashes automatically so that it takes one second...
Senior Member
Posted in Uncategorized
Views 491 Comments 0 sag47 is offline
Old

iptables workstation config

Posted 11-17-2013 at 10:03 AM by sag47
Updated 11-17-2013 at 11:07 AM by sag47
Tags iptables, ufw

Here's a decent iptables for a workstation that doesn't normally serve hosted applications. It is meant to just block the network while allowing the user to still use the network unhindered. If services will need to connect to your system then you'll have to open ports in the firewall.

Code:
#load firewall config with iptables-restore < iptables.rules
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
#The following rules required
...
Senior Member
Posted in Uncategorized
Views 378 Comments 0 sag47 is offline
Old

podupti.me statistics for Diaspora

Posted 10-21-2013 at 11:24 AM by sag47
Updated 10-21-2013 at 01:59 PM by sag47

If you've not heard of Diaspora I recommend you check it out.


Today I was playing with SSL statistics with podupti.me which is a list of publicly hosted Diaspora pods. After viewing their source I found that I could knock against their API to pull domain names. This was more for a personal scripting exercise than anything. I'm sharing the results with you, the reader.

Getting secure host names

I basically ran python code like the following......
Senior Member
Posted in Uncategorized
Views 440 Comments 0 sag47 is offline

  



All times are GMT -5. The time now is 07:50 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration