Category Archives: Security

Restrict SSH access to port forwarding to one specific port

Allowing access to an unprotected service on a server is always a problem. Sometimes the easiest way is to not expose this service to the network but allow access via ssh port-forwarding, but how to limit the SSH account to … Continue reading

Posted in Linux Administration, Security | Tagged , | Comments Off on Restrict SSH access to port forwarding to one specific port

Generate public SSH key from private SSH key

A lost SSH public-key or a web service generates an SSH key but does not provide the public-key part to you. What to do now? There is a solution for this situation. Continue reading

Posted in Linux Administration, Security | Tagged , | Comments Off on Generate public SSH key from private SSH key

Restart hanging gpg-agent automatically using swatch on MacOSX

With a smart card reader, you can store your gpg keys on a card to sign, encrypt and even authenticate. What if you try to sign an email but your email client is not responding while signing the email? Or … Continue reading

Posted in MacOSX, Security | Tagged , | Comments Off on Restart hanging gpg-agent automatically using swatch on MacOSX

Harden the SSL configuration of your mailserver

I described in one of my earlier post how to Setup Postfix with SMTP-AUTH and TLS on CentOS. I will follow up on this article describing how to harden the configuration of your mail server related to SSL. Continue reading

Posted in Mailserver, Security | Tagged , , | Comments Off on Harden the SSL configuration of your mailserver

SSH-Key authentication is not working – SELinux

When configuring SSH passwordless login with ssh-key the ssh-key generated and transfered to the server seems to not work when I try to login. Whay is the ssh-key authentication failing? Continue reading

Posted in Linux Administration, Security | Tagged , , | 1 Comment

SELinux allow webserver to send email

When Wordpress tries to send email and you see “your host may have disabled the mail() function” it might be that SELinux is blocking it. Here is how to enable it. Continue reading

Posted in Linux Administration, Security | Tagged , , | Comments Off on SELinux allow webserver to send email

Migrate WordPress site with minimal downtime

Migrating a Wordpress installation from one server to the other sounds like a simple task. Just move the files, copy the database for Wordpress and lets go. But when you start dealing with the DNS entries the whole story gets tricky. Continue reading

Posted in DNS, Security | Tagged , , , | Comments Off on Migrate WordPress site with minimal downtime

Set up apache and the log path with SELinux

Depending on your backup strategy you might run into troubles of backup the entire /etc directory. Running a default installed Apache on CentOS will have the log directory of Apache linked from within the /etc/httpd/ directory. If you backup solution would backup those as well, the backups would contain the logs and get huge. Continue reading

Posted in Linux Administration, Security | Tagged , , | Comments Off on Set up apache and the log path with SELinux

Restrict SSH login using SSH keys to a particular IP address

Because most passwords are quite short so you can remember them as well as it is annoying to type the password all the time, You might have already considered creating SSH-keys and configured the SSH passwordless login with SSH-key for your server. But how to secure the access with SSH-key? Continue reading

Posted in Linux Administration, Security | Tagged , , , | Comments Off on Restrict SSH login using SSH keys to a particular IP address

Secure SSH server access

With a server running, SSH is one of the services nearly instantly gets checked out. Only after a couple of hours of going live with your server, you might already notice someone trying to login with passwords from a dictionary. There are some things you can do to reduce those hacking attempts to your SSH server. Continue reading

Posted in Linux Administration, Security | Tagged , , | Comments Off on Secure SSH server access