Screen kann sehr praktisch sein, insbesondere wenn man öfter kritische Arbeiten über instabile SSH Verbindungen abwickelt.
Infos bei der Uni Erlangen und dem LinuxWiki.
Monthly Archive for Juli, 2008
Sometimes people seem to think that bruteforcing a random server would a good idea. I don’t agree with them. They just fill up my auth.log and cause several alarm bells to ring. If you use fail2ban, fine, it will handle this for you. If you don’t use it, you could still ban them manually.
If you just want to ban a single source IP - beware of faked sources adresses - until the next reboot of your machine, use this:
iptables -I INPUT -s <sourceip> -j DROP
This reads as follows: Inside the input chain look for the source adress <sourceip> and the jump to chain “DROP”.
If you want to remove this entry you’ll just need to replace the -I in front of INPUT by -D.
Thought about Backup recently? What about Key-Backup?
If you happen to use OpenPGP to encrypt your files, you’ll probably want to do a key backup so you can decrypt them later if your OpenPGP installation should get lost. You’ll only need a few simple commands.
gpg -ao mypublic.key --export <keyid>
gpg -ao myprivate.key --export-secret-key <keyid>
This will export (-o) the public (–export) and private keys (–export-secret-key) of the keypair with the id <keyid> to two seperate files in ASCII (Base64) encoding (-a). How you find out the keyid? Use the parameter –list-keys.
OpenVPN is a great VPN solution: Easy to use, flexible and stable. But it lacks documentation. When trying to assign static ip adresses to my VPN clients I felt a bit lost. The solution is to create a directory inside the OpenVPN configuration directory and put the client-dependent configuration snippets there. Lets assume this directory is called “ccd” for “Client Configuration Directory”. Then you need to add the line “client-config-dir ccd” to your server.conf.
Inside the ccd you create one file for each client you want to configure and call the file exactly as the common name from the clients certificate. In this files you can use ordinary OpenVPN configuration statements. For assigning fixed IPs you would use “ipconfig-push 10.8.0.X 10.8.0.0″ if you use the suggested subnet of “10.8.0.0″.
Letzte Kommentare