“Aber der Satz und seine Verbreitung schaden viel mehr der Gesellschaft und anderen Menschen, als jenen, die ihn aussprechen. Deshalb sind mir die sozial orientierten Antworten darauf am liebsten: Weil man Menschen damit stigmatisiert, sie unsolidarisch behandelt, ihre Diskriminierungserfahrungen negiert, und weil es Demokratie und Widerstand untergräbt.” @reticuleena legt offen, wie wir unsere Vertrauenswürdigkeit aufs Spiel setzen.
Tag: internet
Install and configure SSH on Debian or Ubuntu
SSH is a protocol that enables secure connections over unsecured networks. It supports the use of asymmetric encryption for user authentication. Private keys are kept locally, while public keys are stored on the remote machine.
The following configuration disables root logins on the remote machine. Only users belonging to the group ssh-users may establish a connection. Access to the remote machine is tied to the local user’s private key.
In this example, the name of the remote machine is yourserver, which has the address 192.168.1.10 on the network. remoteuser is a user on yourserver, whereas localuser is a user on the local machine.
Begin by choosing an encryption passphrase to secure the private key that you will generate in Step 5.
On the remote machine
Step 1
Install the secure shell server on yourserver with the following command:
$ sudo apt install --yes openssh-server
Step 2
If you are using ufw as a host-based firewall
Configure ufw to allow connections to the secure shell server.
$ sudo -- bash -c 'ufw allow ssh && systemctl restart ssh.service'
If you are using firewalld as a host-based firewall
Configure firewalld to allow connections to the secure shell server.
$ sudo -- bash -c 'firewall-cmd --zone=public --add-service=ssh --permanent && firewall-cmd --reload && firewall-cmd --info-zone=public'
Step 3
Restrict access to yourserver to members of a specific group. Start by creating the group ssh-users.
$ sudo addgroup --system ssh-users
Add the user remoteuser to the group ssh-users.
$ sudo adduser remoteuser ssh-users
On the local machine
Step 4
Install the secure shell client with the following command.
$ sudo apt install openssh-client
Step 5
Generate a new key pair for the the user localuser:
$ cd ~/.ssh && ssh-keygen -t ed25519 -o -a 100
Save the key pair to the directory /home/localuser/.ssh/. Choose a name that facilitates easy identification.
Enter file in which to save the key (/home/localuser/.ssh/id_ed25519): id_ed25519-yourserver
The use of an appropriate passphrase to secure the private key is mandatory.
Step 6
Create the file ~/.ssh/config to configure the secure shell client.
$ nano ~/.ssh/config
Add the follwing minimal entry for the host yourserver.
Host yourserver
Hostname 192.168.1.10
IdentityFile ~/.ssh/id_ed25519-yourserver
IdentitiesOnly yes
Step 7
Deploy the public key with the following command.
$ ssh-copy-id -i ~/.ssh/id_ed25519-yourserver.pub remoteuser@yourserver
When prompted to confirm the authenticity of the host yourserver, type yes and press [Enter].
The authenticity of host 'debian-server (192.168.1.10)' can't be established. ED25519 key fingerprint is SHA256:C9RxLLVbvFwVJc0L4JHzcuHQSaPHJZe/GrRDvqy6rAG. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])?
Step 8
Log into the remote machine.
$ ssh -i ~/.ssh/id_ed25519-yourserver remoteuser@yourserver
In the next step, enter the passphrase for your private key.
Enter passphrase for key '/home/localuser/.ssh/id_ed25519-yourserver':
Step 9
On the remote machine, download this configuration file to harden the ssh server. You are encouraged to inspect its contents.
$ sudo -- bash -c 'wget -P /etc/ssh/sshd_config.d/ --show-progress https://edafe.de/debian/sshd_config.conf'
Activate the modifications on the remote machine.
$ sudo systemctl restart ssh.service
Step 9
On the local machine, open a new terminal window and run the following command.
$ ssh -i ~/.ssh/id_ed25519-yourserver remoteuser@yourserver
In the next step, enter the passphrase for your private key.
Enter passphrase for key '/home/localuser/.ssh/id_ed25519-yourserver':
Display the active configuration for the remote ssh server and verify its settings, paying particular attention to options for maxauthtries, permitrootlogin and passwordauthentication.
$ sudo sshd -T
All done!
For more in-depth information, please see stribika’s post-Snowden advice on hardening OpenSSH server installations.
The book SSH The Secure Shell by Daniel Barrett, Richard Silverman and Robert Byrnes is still useful today and has information on other clever stuff you can do with SSH.
The process of security
“Security is a process, not a product. Products provide some protection, but the only way to effectively do business in an insecure world is to put processes in place that recognize the inherent insecurity in the products.” Bruce Schneier acknowledges that in information technology perfect security probably doesn’t exist.
Trust the process, Tina!
What’s in a PR statement: LastPass breach explained
“LastPass likely could have prevented this if they were more concerned about keeping their users secure than about saving their face. Their statement is also full of omissions, half-truths and outright lies. As I know that not everyone can see through all of it, I thought that I would pick out a bunch of sentences from this statement and give some context that LastPass didn’t want to mention.” Wladimir Palant helps to decode what LastPass had to say about their latest security breach.
Das Fediverse: Social Media losgelöst von den Fesseln kommerzieller Interessen
“Soziale Medien werden von Plattformbetreibern dominiert, die das eigene Interesse in den Vordergrund rücken und jede Entscheidung daran messen, wie sich eine Profitmaximierung erzielen lässt. Hat man das einmal verinnerlicht, wirft sich einem unweigerlich die Frage auf, was an sozialen Medien eigentlich sozial ist. Sozial bedeutet anderen zu helfen, was auch bedeuten kann, die eigenen Interessen zurückzustellen. Also im Grunde genau das Gegenteil dessen, wie kommerziell ausgerichtete Plattformen wie Twitter, Facebook und Co. agieren.” @kuketzblog erklärt die Idee des Fediverse und unterstreicht damit, warum es sich so grundlegend von Platformen wie Twitter und Facebook unterscheidet. Dieser Beitrag ist von großer Wichtigkeit, nicht nur für Nutzer sozialer Medien.
They stormed the Capitol. Their apps tracked them.
“The location-tracking industry exists because those in power allow it to exist. Plenty of Americans remain oblivious to this collection through no fault of their own. But many others understand what’s happening and allow it anyway. They feel powerless to stop it or were simply seduced by the conveniences afforded in the trade-off. The dark truth is that, despite genuine concern from those paying attention, there’s little appetite to meaningfully dismantle this advertising infrastructure that undergirds unchecked corporate data collection.” Charlie Warzel and Stuart A. Thompson show the ease with which supposedly anonymised data from your smartphone is re-identified. From nothing to hide to nowhere to hide—we are all Americans now.
Die AAA-Bürger
“So wie Alibaba und Amazon wissen, wofür sich ihre Nutzer interessieren und was sie als Nächstes kaufen könnten, will der chinesische Staat aus den Datenspuren seiner Bürger ableiten, wie sie sich in der Vergangenheit verhalten haben und in der Zukunft verhalten könnten und sie nach einem Punktesystem entsprechend bewerten. Wer zum Beispiel über das Internet gesunde Babynahrung bestellt, soll Pluspunkte erhalten. Wer sich hingegen Pornos ansieht oder zu viel Zeit mit Computerspielen verbringt, muss mit Abzügen rechnen.” Da trifft es sich gut, daß Felix Lee nichts zu verbergen hat und ein solcher Umgang mit Nutzerdaten überhaupt nur in China in Erwägung gezogen wird…
With thanks to Michael August.
Swipe my race: If you’re only dating someone for their skin colour, you should consider why
Playing this video requires sharing information with Google. Read the privacy policy
“I don’t think the stereotypes evolve as quickly as society evolves. I don’t think we get enough varied stereotypes as society is varied, because society is moving so quickly. Especially in a city like London. We’re so diverse, all of us, and the stereotypes don’t keep up.”