Category Archives: Security

Certificate Transparency and unauthorized certificates

I own a domain which was bought a few months back which is managed by CloudFlare’s service in DNS-only mode. As I intended to only use CloudFlare’s DNS service, I disabled every option except the DNS related features. You can imagin the surprise to see certificates issued for my domain without my knowledge. Continue reading

Posted in Security, Web technologies | Tagged , , , , , | Comments Off on Certificate Transparency and unauthorized certificates

Verifying SSH configuration with a scan

Managing a number of Linux servers and keeping them secure can be a challenge. Certain tools can make the life of an admin a lot easier. To ensure an ssh daemon complies with a desired security configuration the admin can use a scanner … Continue reading

Posted in Linux Administration, Security | Tagged , , , | Comments Off on Verifying SSH configuration with a scan

Debug SSH Connection issue in key exchange

Securing a server means hardening the SSH server settings, but doing so can also cause issues with ssh clients. Finding the cipher or algorithm causing a failled connection can be tricky. Depending on the client used, the error message might be very … Continue reading

Posted in Linux Administration, Security | Tagged , , , , | Comments Off on Debug SSH Connection issue in key exchange

Automount a luks encrypted volume on system start

Linux supports encrypted volumes with luks. When a luks encrypted volume is set up during installation to be booted from, the volume is already configured and set up. When an encrypted volume is set up afterwards, the volume remains locked until … Continue reading

Posted in Linux Administration, Security | Tagged , , , , , , | Comments Off on Automount a luks encrypted volume on system start

Harden SSH server settings

Many Linux Administrators use ssh on a daily basis. Many of the ssh servers are in their default configuration. Not changing the default configuration puts the security of the server at risk. That is why it is important to follow a few … Continue reading

Posted in Linux Administration, Security | Tagged , , , | Comments Off on Harden SSH server settings

Manage SSH-keys with the SSH-agent

Many webservices generate ssh keys to access their service. With the amount of services the number of SSH keys grows. To avoid dealing with the keys in the command line and the ssh_config(5), you can simply add the ssh-key to the … Continue reading

Posted in Linux Administration, Security | Tagged , , | Comments Off on Manage SSH-keys with the SSH-agent

Create a luks encrypted partition on Linux Mint

Encryption is not only for someone who has something to hide. There are simple concerns like a lost or stolen laptop that justify a full disk encryption. There are only a few steps necessary to create a encrypted partition. In … Continue reading

Posted in Linux Administration, Security | Tagged , , | Comments Off on Create a luks encrypted partition on Linux Mint

Perform a portscan using netcat

To perform a port scan, most of the time we think about a separate program. Sometimes it is not necessary to look that far. On most Linux systems netcat is already installed or can be installed easily from a repository. Continue reading

Posted in Linux Administration, Security | Tagged , , | Comments Off on Perform a portscan using netcat

Restrict SSH access to port forwarding to one specific port

Allowing access to an unprotected service on a server is always a problem. Sometimes the easiest way is to not expose this service to the network but allow access via ssh port-forwarding, but how to limit the SSH account to … Continue reading

Posted in Linux Administration, Security | Tagged , | Comments Off on Restrict SSH access to port forwarding to one specific port

Generate public SSH key from private SSH key

A lost SSH public-key or a web service generates an SSH key but does not provide the public-key part to you. What to do now? There is a solution for this situation. Continue reading

Posted in Linux Administration, Security | Tagged , | Comments Off on Generate public SSH key from private SSH key