The following configuration disables root logins on the remote machine. Only users belonging to the group ssh-users may establish a connection. Access to the remote machine is tied to the local user’s private key.
In this example, the name of the remote machine is debian-server, which has the address 192.168.1.10 on the network. sid is a user on debian-server, whereas bookworm is a user on the local machine. Choose an encryption passphrase to secure the private key that you will generate in Step 5.
On the remote machine
Install the secure shell server with the following command:
$ sudo apt install --yes openssh-server
If you are using ufw as a host-based firewall
Configure ufw to allow connections to the secure shell server.
$ sudo ufw limit ssh
If you are using firewalld as a host-based firewall
Configure firewalld to allow connections to the secure shell server.
When prompted to confirm the authenticity of the host debian-server, type yes and press [Enter].
The authenticity of host 'debian-server (192.168.1.10)' can't be established.
ED25519 key fingerprint is SHA256:C9RxLLVbvFwVJc0L4JHzcuHQSaPHJZe/GrRDvqy6rAG.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
In the next step, enter the passphrase for your private key.
Enter passphrase for key '/home/bookworm/.ssh/id_ed25519-debian-server':
On the remote machine, download a file to harden the ssh server. You are encouraged to inspect its contents.
Begin to connect the client to your OneDrive account.
$ onedrive --synchronize
You will be presented with a message similar to the following:
Configuring Global Azure AD endpoints
Authorize this app visiting:
Enter the response uri:
In the above dialog, copy or [Ctrl + Click] the URI beginning with https://login.microsoftonline.com/.
In a web browser
Use the URI from the previous step to sign into your Microsoft account. You will be redirected to a response URI displaying a blank page. Copy the response URI from the address field of your browser.
In the terminal
Paste the response URI into the terminal. On successful authentication, the OneDrive Client will connect to your Microsoft account and begin to download your data.
Initializing the Synchronization Engine …
Syncing changes from OneDrive …
Creating local directory:
Downloading file … done.
Uploading differences of ~/OneDrive
Uploading new items of ~/OneDrive
After downloading your data to ~/OneDrive, validate the configuration of the client.
Currently available Espanso packages fail to install on Debian 12 because of unmet dependencies. Given that I depend on Espanso to expand text shortcuts and insert special characters, I was stuck on Debian 11. Until now!
The following instructions have also been tested with Debian 11.
After completing the installation, Espanso 2.2.0 for Wayland will be installed on your system and enabled for the current user.
nullmailer can be configured to use Fastmail as a smarthost and hence ensure the deliverability of your messages. In principle, these instructions should also be applicable to service providers other than Fastmail.
In the following example configuration, debian is the hostname, bookworm the local username and email@example.com the Fastmail username.
The usefulness of this project cannot be overstated.
Running the Syncthing stable channel
Syncthing is included in the Debian and Ubuntu repositories, respectively. These instructions are targeting the latest release of the Syncthing stable channel. It is therefore necessary to add the Syncthing repository to your list of APT sources.
In the following example, bookworm is the local username.
Add the Syncthing release key for validation of packages downloaded from the Syncthing repository.
By default, the Cockpit web console listens on port 9090 for connections. If you want to make changes from the default, use the following command to edit /etc/systemd/system/cockpit.socket.d/override.conf.
$ sudo systemctl edit cockpit.socket
The example below changes the web console port from 9090 to 9091 and restricts access to the localhost.
### Editing /etc/systemd/system/cockpit.socket.d/override.conf
### Anything between here and the comment below will become the new contents of the file
### Lines below this comment will be discarded
Use the following command for your changes to take effect.
Debian GNU/Linux was first released in 1993 and has been under active developement ever since. Today, the Debian Project unites thousands of contributors from across the globe with the aim of producing “an operating system distribution that is composed entirely of free software”.
This guide is intended to assist those who are installing Debian for the first time. It describes a straightforward path to a GNOME desktop. The number of applications is less in comparison to the default. Choose from more than 60000 official packages to tailor the system to your own requirements.
Debian and the new package formats
Debian stable is, above all else, focused on the task of maintaining bug-free software packages. It is the reason why Debian, in over 30 years, has gained a reputation for being “like a rock in an ever-swirling sea of updates”. It is also the reason why Debian stable does not keep up with the latest versions.
Universal package formats, such as Flatpak, Snap or AppImage, are managed separately from conventional packaging systems and thus provide the end-user with added flexibility and choice. They solve the problem of stale distribution packages because newer versions can be installed without compromising the integrity of the underlying core.
Before you begin
In addition to the target computer, you should have access to a reasonably fast connection to the Internet. Ideally, your device would connect to your router by Ethernet cable. If your laptop does not have an Ethernet port, consider using the Plugable USB 3.0 Gigabit Ethernet Adapter.
Depending on your acutal requirements, there are different Debian CD images to choose from. In all likelihood, you are following these instructions to install on x86-64 hardware, for which a network install CD image amd64 would be the correct choice. It supports Intel as well as AMD processors and “includes non-free firmware for extra support for some awkward hardware”.
Choose a hostname and a username for your setup. In the examples which follow, debian is used as the hostname and bookworm as the username. Just remember to make the substitutions when executing commands that reference either.
Choose 1) an encryption passphrase to encrypt your storage device, 2) a user password to secure your user account, and 3) a root password to secure the root account.
Ensure that all of your data is safely backed up because formatting your storage device will erase all of its data.
After completing the installation, Debian GNU/Linux will be the only operating system on your computer.
Installing Debian GNU/Linux
If your computer uses the Unified Extensible Firmware Interface (UEFI) and you are unsure about which settings to use, you may wish to disable the Secure Boot option.
After booting the system from the USB stick that you have prepared, continue by selecting the text based installer.
Keep English as the language for the installation.
[!!] Select a language
Keep United States as the location for your system. This will also set United States as the default locale for the system environment. You will have an opportunity to set additional locales and adjust time zones at a later point during the installation.
[!!] Select your location
Country, territory or area: United States
Use the keymap that is the correct one for your particular keyboard.
[!!] Configure the keyboard
Keymap to use: your keyboard
You will likely be asked to select the primary network interface for use during the installation. If network autoconfiguration fails, go back to try another network interface from the list.
[!!] Configure the network
Network configuration method:
Retry network autoconfiguration
Retry network autoconfiguration with a DHCP hostname
Configure network manually
Do not configure the network at this time
Set the hostname for your system. In this example, we use debian as the hostname.
[!] Configure the network
Select Show Applications from the the panel at the bottom of the screen or press [Super + a] and open the Settings application. On most keyboards, the [Super] key is the one with the Windows logo printed on it. Continue by adding the following keyboard shortcuts:
From within the GNOME desktop, open Firefox ESR by using the shortcut [Super + b] and re-open these instructions at edafe.de/step25.
Open a terminal with the shortcut [Super + t] and, where applicable, use copy and paste to enter the commands set out on this page. Be careful not to miss any punctuation.
Set the time zone for your area.
$ sudo dpkg-reconfigure tzdata
Geographic area: your area
Configure locales for all the languages that your system is going to be used with. Use UTF-8 locales wherever possible.
$ sudo dpkg-reconfigure locales
In this example, German and Japanese locales are generated in addition to the default locale for the system environment.
Locales to be generated:
[*] de_DE.UTF-8 UTF-8
[*] en_US.UTF-8 UTF-8
[*] ja_JP.UTF-8 UTF-8
Keep en_US.UTF-8 as the default locale for the system environment.
Default locale for the system environment:
The Desktop was disabled in GNOME 3.28. This decision was not universally popular at the time. However, developers pointed to the fact that, as an unmaintained feature, it stood in the way of other improvements. The following command hides the now orphaned Desktop folder from view.
$ echo Desktop >> ~/.hidden
Install additonal Debian packages to give you a functional GNOME desktop.
The snap directory in your home folder is not supposed to be accessed manually. Use the following command to hide it from view.
$ echo snap >> ~/.hidden
By default, Debian installs the Extended Support Release (ESR) version of Firefox. The ESR receives crash fixes, security fixes and policy updates as needed.
The flatpak, on the other hand, installs the Rapid Release version of Firefox. In contrast to the ESR, the Rapid Release receives major updates at least every four weeks. Both versions can be used concurrently and are available on your desktop as Firefox ESR and Firefox Web Browser, respectively.
Install Firefox Rapid Release and set it as the default browser.
With the eyeD3 command you can easily set the compilation tag for compatibility of your MP3 files with Apple gear. Just change to the directory containing the files making up the compilation (or soundtrack) and execute the following command:
“We wanted the book to be freely available (that is under the terms of a license compatible with the Debian Free Software Guidelines of course). There was a condition though: a liberation fund had to be completed to ensure we had a decent compensation for the work that the book represents. This fund reached its target of €25K in April 2012.” Raphaël Hertzog and Roland Mas hope that you will enjoy the book. debian-handbook.info
Begin to configure your postfix installation by choosing satellite system as the general type of configuration. Enter the local machine name as the mail name (eg mycomputer.edafe.de) and the SMTP server address of your email service provider as the SMTP relay host (eg smtp.relayhost.com). Edit the file /etc/postfix/main.cf and add the following:
The localuser is the system administrator. Substitute firstname.lastname@example.org with the email address that you would like mail for the root user to be redirected to. Finally, update /etc/aliases.db using the following command:
user@ubuntu:~$ sudo newaliases
Mail for the local root user from now on will automatically be forwarded to email@example.com , using smtp.relayhost.com as the relay host. www.postfix.org, help.ubuntu.com
SMART stands for Self-Monitoring, Analysis and Reporting Technology and is built into most modern hard disks. The smartd daemon is part of smartmontools and monitors a disk’s SMART data for any signs of hardware problems. SMART is available with Parallel and Serial ATA disks, drives appearing as either /dev/hd* or /dev/sd*, respectively. Use the following command to obtain relevant information for your system:
Verify that the local root user has received a test message from the smartd daemon. From now on, the smartd daemon will monitor the disk and, in the event of impending disk failure, alert the local root user by email.
“In a world of repressive governments and a growing reliance on insecure networks, there’s no way anyone can be sure their most sensitive messages aren’t intercepted by the forces of darkness. But you can make it mathematically improbable that all but the most well-funded snoops could ever make heads or tales of your communications.” Use Dan Goodin’s step-by-step guide to email encryption and keep your communications private. www.theregister.com
“Bicycle fitting is a subject most people find quite mysterious. Fitting systems with charts and graphs, computer software, measuring devices and ‘rules of thumb’ make for a lot of confusion. But I believe it’s really quite simple”, writes Peter Jon White. peterwhitecycles.com