So that high level prank from yesterday.

Senior Linux engineer, the fucker.

He somehow installed shitloads of cron jobs onto my system.

Every few minutes it would create a new user with a freaking complicated password. Then it would install openssh server in case it wasn't installed yet. After that it'd set all iptables rules to allow incoming AND outgoing connections on port 22.

That was one badass ansible script though!

I'm not sure what more there's to it because sometimes when i removed crons, they'd magically appear again later AND i forgot to check the boot scripts so i might be fucked again when I get to work today!

Plus side, i finally fully understand cron 😅

enabling firewall on a vps to secure my docker containers and forgetting to add openssh to allowed list --> ssh blocked 😃🔫

Windows 10 Native SSH client inside CMD is crazy nice, no more putty... given its a windows feature and all!

(Hidden in additional features if any one is interested, will need a reboot to work)

While updating a remote production server, accidentally uninstalled a package that was required for openssh to work. That was fun to recover... 😐

One of those things that put a smile on my face happened today.

I (like many devs) am fond of Linux. So I use Linux on everything.

I'm currently doing an internship abroad in Finland(Linus Torvald's country!) for my college.

So there is this Finnish student who uses Linux. And after a while he asked what I was using so I told him that I'm running linux(arch+i3 like all the cool kids).

So one day he was like; But can you game on Linux?
I was like, yeah sure, might not work as well as Windows but some games run native and some can be emulated through wine. He was like; Hmm maybe I'll try it out.

So he installed Linux mint on his laptop and came to work. I was rather proud (even though he installed the bastard child of Debian and Ubuntu).

So far I've helped him set up streaming games from his pc to Linux and port forwarding.

But then came the big boy. Since I always try to teach him some stuff since they don't teach him a lot at his school.

He asked me if I could help him set up a plex streaming server on Linux.

So we took an old computer and installed Ubuntu Server(Lot's of information for it).

Installed and configured plex server, qtbittorrent-knox and all kind of goodies.

I started showing him how to use ssh, how the rights system works, etc.

It broke my heart a little that he want to be able to teamviewer in it.(since it's running openSSH daemon)

So he installed Ubuntu's desktop ontop of it as well as teamviewer.

It ran slow as hell because the PC has an old crummy core2duo and ddr2 2gb of ram. It chokes when multitasking.

So seeing that as well as telling him everything that can be done with a GUI can be done in CLI.

I saw the lightbulb lighting up. He gets it now. He understand the power of Linux.

That just made me smile all the way home.

I once had to deal with GoDaddy customer support telling me their servers only support putty for SSH.
Well, fuck you! I use Linux and I SSH with a single command in terminal, no doubt putty is great but get your senses straight that putty is not the only way to SSH when you are being customer support for a tech company, don't just fucking recite a phrase list. Besides, they should understand Windows with putty is not the only way to SSH into servers, juicessh via Android, openssh via Linux, etc...

*btw, before you all rant about me buying from GoDaddy, I was lead dev for a startup few years back and they had already bought it from GoDaddy. Ofcourse they also provide free offers along with an order, which often includes email addresses, annoying support, gut-wrenching quality of service access...

Seriously? Microsoft does not support ed25519 SSH keys in neither Azure DevOps nor the actual Azure Virtual Machines? Like seriously? No there has to be a joke. There just ain't no way
It has been in OpenSSH since 2013.
2013.
We're in 2023, if you've forgotten.
10 years ago, OpenSSH implemented this standard.

Did you know what they tell you when you enter your valid Ed25519 SSH key into their system?
Did you know they tell you that "Your SSH key is invalid"?
WHAT DO YOU MEAN INVALID???!?! IT WORKS EVERYWHERE ELSE JUST FINE!!! YOU'RE THE ONE THAT HAS NO FUCKING BRAINS!!!

Composure.

I am calm, I am calm.

I have always. Been. CALM!

There is no one more calm than me....

I guess RSA it is then.
A second SSH key, just for Microsoft.

Last Monday I bought an iPhone as a little music player, and just to see how iOS works or doesn't work.. which arguments against Apple are valid, which aren't etc. And at a price point of €60 for a secondhand SE I figured, why not. And needless to say I've jailbroken it shortly after.

Initially setting up the iPhone when coming from fairly unrestricted Android ended up being quite a chore. I just wanted to use this thing as a music player, so how would you do it..?

Well you first have to set up the phone, iCloud account and whatnot, yada yada... Asks for an email address and flat out rejects your email address if it's got "apple" in it, catch-all email servers be damned I guess. So I chose ishit at my domain instead, much better. Address information for billing.. just bullshit that, give it some nulls. Phone number.. well I guess I could just give it a secondary SIM card's number.

So now the phone has been set up, more or less. To get music on it was quite a maze solving experience in its own right. There's some stuff about it on the Debian and Arch Wikis but it's fairly outdated. From the iPhone itself you can install VLC and use its app directory, which I'll get back to later. Then from e.g. Safari, download any music file.. which it downloads to iCloud.. Think Different I guess. Go to your iCloud and pull it into the iPhone for real this time. Now you can share the file to your VLC app, at which point it initializes a database for that particular app.

The databases / app storage can be considered equivalent to the /data directories for applications in Android, minus /sdcard. There is little to no shared storage between apps, most stuff works through sharing from one app to another.

Now you can connect the iPhone to your computer and see a mount point for your pictures, and one for your documents. In that documents mount point, there are directories for each app, which you can just drag files into. For some reason the AFC protocol just hangs up when you try to delete files from your computer however... Think Different?

Anyway, the music has been put on it. Such features, what a nugget! It's less bad than I thought, but still pretty fucked up.

At that point I was fairly dejected and that didn't get better with an update from iOS 14.1 to iOS 14.3. Turns out that Apple in its nannying galore now turns down the volume to 50% every half an hour or so, "for hearing safety" and "EU regulations" that don't exist. Saying that I was fuming and wanting to smack this piece of shit into the wall would be an understatement. And even among the iSheep, I found very few people that thought this is fine. Though despite all that, there were still some. I have no idea what it would take to make those people finally reconsider.. maybe Tim Cook himself shoving an iPhone up their ass, or maybe they'd be honored that Tim Cook noticed them even then... But I digress.

And then, then it really started to take off because I finally ended up jailbreaking the thing. Many people think that it's only third-party apps, but that is far from true. It is equivalent to rooting, and you do get access to a Unix root account by doing it. The way you do it is usually a bootkit, which in a desktop's ring model would be a negative ring. The access level is extremely high.

So you can root it, great. What use is that in a locked down system where there's nothing available..? Aha, that's where the next thing comes in, 2 actually. Cydia has an OpenSSH server in it, and it just binds to port 22 and supports all of OpenSSH's known goodness. All of it, I'm using ed25519 keys and a CA to log into my phone! Fuck yea boi, what a nugget! This is better than Android even! And it doesn't end there.. there's a second thing it has up its sleeve. This thing has an apt package manager in it, which is easily equivalent to what Termux offers, at the system level! You can install not just common CLI applications, but even graphical apps from Cydia over the network!

Without a jailbreak, I would say that iOS is pretty fucking terrible and if you care about modding, you shouldn't use it. But jailbroken, fufu.. this thing trades many blows with Android in the modding scene. I've said it before, but what a nugget!

Just got my raspberry pi, installed lubuntu, openssh and sshed into it.
Adjusting to command line only and ubuntu is hard.

I dont know where everything is located and how to get stuff done.

But I will keep on trucking till I figure it out!!

OpenSSH 8.2 is out. This release removes support for the ssh-rsa key algorithm. The better alternatives include:

1. RSA SHA-2 signature algorithms rsa-sha2-256/512. These algorithms have the advantage of using the same key type as "ssh-rsa" but use the safe SHA-2 hash algorithms (now used by default if the client and server support them).

2. The ssh-ed25519 signature algorithm.

3. ECDSA algorithms: ecdsa-sha2-nistp256/384/521.

In this release, support for FIDO/U2F hardware tokens. Also noteworthy, a future release of OpenSSH will enable UpdateHostKeys by default to allow the client to automatically migrate to better algorithms.

OpenSSL, Nginx, OpenSSH, Node.JS, V8 and Firefox

There are obviously many more :-)

So... I've been messing arround with my first VPS (with little knowledge of Linux).
First installed lxde to learn how to do it, then back to the terminal. then I started with Apache, watching online tuts ...
Then I changed for nginx... Looks way better.
Installed my sql, php and got stuck. Dropped it for a few days.
Today I restarted, deleted Apache, mysql, reinstalled nginx, my php (with lots of problems because of old instalations). Everything is working now except php.
After going round and arround I changed my focus to relax a bit, and remembered I still have Apache on the firewall...
OK Apache and other stuff that I installed.
Delete everything
New rules only for nginx and reset.
Cant ssh to the server... What?
Oh... Forgot to add rules to OpenSSH...
No matter, I can access the terminal directly on the website....
And it loads to ldxe, with no user set...
Fuckkkk.
Oh BTW I'm in a trial free period with no support...

OpenSSH has announced plans to drop support for it's SHA-1 authentication method.

According to the report of ZDNet : The OpenSSH team currently considered SHA-1 hashing algorithm insecure (broken in real-world attack in February 2017 when Google cryptographers disclosed SHAttered attack which could make two different files appear as they had the same SHA-1 file signature). The OpenSSH project will be disabling the 'ssh-rsa' (which uses SHA-1) mode by default in a future release, they also plan to enable the 'UpdateHostKeys' feature by default which allow servers to automatically migrate from the old 'ssh-rsa' mode to better authentication algorithms.

Trying to setup a ltsp server for fun. Neve done server things before.

The server and the thin client are in VMs. So I start, install openssh, and them when I try to ssh... WHY CAN’T I FUCKING CONNECT, I CHECKED THE IP WITH IFCONFIG, oh shit, forgot to configure the vm network... so ssh works! Then I setup dhcp (I really don’t know what I’m doing, just following the tutorial), the ltsp configs thing, build the client image and then, I HAVE NO FUCKING INTERNET CONNECTION. Continues, boot up the thin client... WHY CAN’T YPU FUCKING FIND THE SERVER!! Then I realise the vm is not an ubuntu one, so delete it and make a new one... WHY DOES IT STILL DOESN’T WORK!!!!!! Oh wait forgot to connect to the network! Goes to put the network adaptor, and: wait! I don’t need NAT! So I replace the NAT by the correct network, and: Wait it lets me choose the weird thingy intel/pce thingy, oh I remember now! It said we needed the “...III FAST...”! Activate it and... IT WORKS ! !!!! CONNECTS TO THE SERVER!!! GOT THE DHCP!!! WAIT!!!!! What is THAT 🤬 TFTP LOADING THING!!!:

TFTP open timeout

🤬 YOU!!!!!!!!>>

What are the symptoms of a broken openssh server?

I completely lost access with connection reset by peer, however, earlier today I kept having my session auto disconnect on only one server, the only way I could gain access is to remove and then install openssh again

But on this particular server, I have not even changed ssh port, why did it get broken?

Thanks openssh for responding to a malformed key, not by telling me it's malformed, but instead by asking for a passphrase on a key with no passphrase. That only cost me two hours of my life. :P

On Kali Linux. When I'm running
apt -get install openssh-server openssh-client for installating SSH server, I am getting 404 only. What should I do?
Any idea anybody?

So in Seahorse (the Gnome secret manager) deleting the OpenSSH key doesn't just remove an identity from agent, it actually deletes the keyfile.

I should've treated that scary confirmation message more seriously.

Also, my obsessive full disk backups every Monday are totally worth the time.

Why cant every server-application have a feature like openssh AuthorizedKeysCommand?!

So pretty much a command-hook for authentication.
You pass username, password and additional stuff to it, and its STDOUT and exit-status determine the authentication result.

No, instead of something so simple,
You're forced to use MySQL,LDAP...