ssh – secure shell

Secure shell is a remote login client. The following is from the man page

DESCRIPTION
       ssh (SSH client) is a program for logging into a remote machine and for executing  commands on a remote machine.  It is intended to provide secure encrypted communications between two untrusted hosts over an insecure network.  X11 connections, arbitrary  TCP  ports  and  Unix-domain sockets can also be forwarded over the secure channel.

So as mentioned before, vfsync can't do everything, so if you do need a full Linux system to log in to and install what you want. By this, I am saying you also need to at least have sudo access to that remote system, even if this is a Raspberry Pi.

While being able to log in with

ssh user@host 

Is useful, you still need a password, which is fine. If you want to use some services provided by [vern.cc] then you need to be able to log in with an authentication key. This can be generated with

ssh-keygen

DESCRIPTION
       ssh-keygen generates, manages  and  converts  authentication  keys  for  ssh(1).  ssh-keygen can create keys for use by SSH protocol version 2.

Which will generate a public / private key pair

man ssh-copy-id 

NAME
       ssh-copy-id  —  use locally available keys to authorise logins on a re‐mote machine

DESCRIPTION
       ssh-copy-id  is  a script that uses ssh(1) to log into a remote machine  (presumably using a login password, so password  authentication  should be enabled, unless you've done some clever use of multiple identities).  It  assembles  a  list of one or more fingerprints (as described below) and tries to log in with each key, to see if any of  them  are  already installed (of course, if you are not using ssh-agent(1) this may result  in  you being repeatedly prompted for pass-phrases).  It then assembles a list of those that failed to log in and, using ssh(1), enables logins with those keys on the remote server.  By default it adds the  keys  by appending  them  to  the remote user's ~/.ssh/authorized_keys (creating  the file, and directory, if necessary).  It is also capable of  detecting if the remote system is a NetScreen, and using its ‘set ssh pka-dsa
       key ...’ command instead.

There is some good information here too

• ssh cheat sheet

The following allowed me to remote login to my Raspberry Pi from my desktop

cd .ssh (I did this so I was in the right place to generate the key)
ssh-keygen
ssh-copy-id -i ~/.ssh/Pi4.pub paul@xxx.xxx.xxx.xxx
ssh paul@xxx.xxx.xxx.xxx

Login with password, and you will be asked for the passphrase the first time you do this. After which, you will be able to just ssh in without the password.

Replace the x's with your IPv4 address.

While using vern, I had to use

ssh-keygen -lf ./key.pub

To address an error, it came up with about keyboard authentication. This worked for me, but should not 'just' be used in every situation.

Graphical ssh

With Linux mint, it is also possible to connect the file manager nemo to a remote server.

File –> Connect to server, then fill in the credentials.

With folder, it is probably a good idea to enter the path to your home directory on the remote server, so for a Raspberry Pi with a default username of pi, this is:-

/home/pi

Chat

I am on the Devon and Cornwall Linux user group mailing list and also their matrix channel as zleap, it is better to ask there, that way others can answer too.

Tags

#Bash,#Linux,#ssh,#RemoteAccess,#Security,#SSHKeys,#SecureShell

---

Mastodon	ShellLabs	Join Mastodon

AI statement : Consent is NOT granted to use the content of this blog for the purposes of AI training or similar activity. Consent CANNOT be assumed, it has to be granted.

More security : fail2ban

Fail2ban is a program that will help you with the security of your system.

There is a tutorial for this at Linux Handbook, so I have quoted the description, or part of, below.

This is where a tool like Fail2Ban comes into picture. Fail2Ban is a free and open source software that helps in securing your Linux server against malicious logins. Fail2Ban will ban the IP (for a certain time) if there is a certain number of failed login attempts. [1]

Links

[1] Linux handbook : fail2ban

Chat

I am on the Devon and Cornwall Linux user group mailing list and also their matrix channel as zleap, it is better to ask there, that way others can answer too.

Tags

#Linux,#Bash,#ssh,#Security,#fail2ban

---

Mastodon	ShellLabs	Join Mastodon

AI statement : Consent is NOT granted to use the content of this blog for the purposes of AI training or similar activity. Consent CANNOT be assumed, it has to be granted.

CyberSecurity part 17

SSH or Secure shell, allows a user to remotely login to another computer. This can be achieved using the OpenSSH server software. The video below is a beginners guide to this.

• OpenSSH for beginners

Hopefully it covers enough so that people understand the basics. I find ssh useful when I am running a raspberry pi headless (without a monitor) and need to gain access via my desktop.

Links

• login link
• OpenSSH
• Tuxiversity Forum

Tags

#CyberSecurity,#ssh,#OpenSSh

---

Mastodon	ShellLabs	Join Mastodon

AI statement : Consent is NOT granted to use the content of this blog for the purposes of AI training or similar activity. Consent CANNOT be assumed, it has to be granted.

Bullseye – Official Announcement

Reposting

---

The Debian Project https://www.debian.org/ Debian 11 “bullseye” released press@debian.org August 14th, 2021 https://www.debian.org/News/2021/20210814

---

After 2 years, 1 month, and 9 days of development, the Debian project is proud to present its new stable version 11 (code name “bullseye”), which will be supported for the next 5 years thanks to the combined work of the Debian Security team [1] and the Debian Long Term Support [2] team.

1: https://security-team.debian.org/ 2: https://wiki.debian.org/LTS

Debian 11 “bullseye” ships with several desktop applications and environments. Amongst others it now includes the desktop environments:

• Gnome 3.38,
• KDE Plasma 5.20,
• LXDE 11,
• LXQt 0.16,
• MATE 1.24,
• Xfce 4.16.

This release contains over 11,294 new packages for a total count of 59,551 packages, along with a significant reduction of over 9,519 packages which were marked as “obsolete” and removed. 42,821 packages were updated and 5,434 packages remained unchanged.

“bullseye” becomes our first release to provide a Linux kernel with support for the exFAT filesystem and defaults to using it for mount exFAT filesystems. Consequently it is no longer required to use the filesystem-in-userspace implementation provided via the exfat-fuse package. Tools for creating and checking an exFAT filesystem are provided in the exfatprogs package.

Most modern printers are able to use driverless printing and scanning without the need for vendor specific (often non-free) drivers.“bullseye” brings forward a new package, ipp-usb, which uses the vendor neutral IPP-over-USB protocol supported by many modern printers. This allows a USB device to be treated as a network device. The official SANE driverless backend is provided by sane-escl in libsane1, which uses the eSCL protocol.

Systemd in “bullseye” activates its persistent journal functionality, by default, with an implicit fallback to volatile storage. This allows users that are not relying on special features to uninstall traditional logging daemons and switch over to using only the systemd journal.

The Debian Med team has been taking part in the fight against COVID-19 by packaging software for researching the virus on the sequence level and for fighting the pandemic with the tools used in epidemiology; this work will continue with focus on machine learning tools for both fields. The team's work with Quality Assurance and Continuous integration is critical to the consistent reproducible results required in the sciences. Debian Med Blend has a range of performance critical applications which now benefit from SIMD Everywhere. To install packages maintained by the Debian Med team, install the metapackages named med-*, which are at version 3.6.x.

Chinese, Japanese, Korean, and many other languages now have a new Fcitx 5 input method, which is the successor of the popular Fcitx4 in “buster” ; this new version has much better Wayland (default display manager) addon support.

Debian 11 “bullseye” includes numerous updated software packages (over 72% of all packages in the previous release), such as:

• Apache 2.4.48
• BIND DNS Server 9.16
• Calligra 3.2
• Cryptsetup 2.3
• Emacs 27.1
• GIMP 2.10.22
• GNU Compiler Collection 10.2
• GnuPG 2.2.20
• Inkscape 1.0.2
• LibreOffice 7.0
• Linux kernel 5.10 series
• MariaDB 10.5
• OpenSSH 8.4p1
• Perl 5.32
• PHP 7.4
• PostgreSQL 13
• Python 3, 3.9.1
• Rustc 1.48
• Samba 4.13
• Vim 8.2
• more than 59,000 other ready-to-use software packages, built from more than 30,000 source packages.

With this broad selection of packages and its traditional wide architecture support, Debian once again stays true to its goal of being”The Universal Operating System”. It is suitable for many different use cases: from desktop systems to netbooks; from development servers to cluster systems; and for database, web, and storage servers. At the same time, additional quality assurance efforts like automatic installation and upgrade tests for all packages in Debian's archive ensure that “bullseye” fulfills the high expectations that users have of a stable Debian release.

A total of nine architectures are supported: 64-bit PC / Intel EM64T / x86-64 (amd64), 32-bit PC / Intel IA-32 (i386), 64-bit little-endian Motorola/IBM PowerPC (ppc64el), 64-bit IBM S/390 (s390x), for ARM, armel and armhf for older and more recent 32-bit hardware, plus arm64 for the 64-bit “AArch64” architecture, and for MIPS, mipsel (little-endian) architectures for 32-bit hardware and mips64el architecture for 64-bit little-endian hardware.

If you simply want to try Debian 11 “bullseye” without installing it, you can use one of the available live images [3] which load and run the complete operating system in a read-only state via your computer's memory.

3: https://www.debian.org/CD/live/

These live images are provided for the amd64 and i386 architectures and are available for DVDs, USB sticks, and netboot setups. The user can choose among different desktop environments to try: GNOME, KDE Plasma, LXDE, LXQt, MATE, and Xfce. Debian Live “bullseye” has a standard live image, so it is also possible to try a base Debian system without any of the graphical user interfaces.

Should you enjoy the operating system you have the option of installing from the live image onto your computer's hard disk. The live image includes the Calamares independent installer as well as the standard Debian Installer. More information is available in the release notes [4] and the live install images [5] sections of the Debian website.

4: https://www.debian.org/releases/bullseye/releasenotes 5: https://www.debian.org/CD/live/

To install Debian 11 “bullseye” directly onto your computer's hard disk you can choose from a variety of installation media such as Blu-ray Disc, DVD, CD, USB stick, or via a network connection. Several desktop environments — Cinnamon, GNOME, KDE Plasma Desktop and Applications, LXDE, LXQt, MATE and Xfce — may be installed through those images. In addition, “multi-architecture” CDs are available which support installation from a choice of architectures from a single disc. Or you can always create bootable USB installation media (see the Installation Guide [6] for more details).

6: https://www.debian.org/releases/bullseye/installmanual

There has been a lot of development on the Debian Installer, resulting in improved hardware support and other new features.

In some cases, a successful installation can still have display issues when rebooting into the installed system; for those cases there are a few workarounds [7] that might help log in anyway. There is also an isenkram-based procedure [7] which lets users detect and fix missing firmware on their systems, in an automated fashion. Of course, one has to weigh the pros and cons of using that tool since it's very likely that it will need to install non-free packages.

7: https://www.debian.org/releases/bullseye/amd64/ch06s04#completing-installed-system

In addition to this, the non-free installer images that include firmware packages [8] have been improved so that they can anticipate the need for firmware in the installed system (e.g. firmware for AMD or Nvidia graphics cards, or newer generations of Intel audio hardware).

8: https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/

For cloud users, Debian offers direct support for many of the best-known cloud platforms. Official Debian images are easily selected through each image marketplace. Debian also publishes pre-built OpenStack images [9] for the amd64 and arm64 architectures, ready to download and use in local cloud setups.

9: https://cloud.debian.org/images/openstack/current/

Debian can now be installed in 76 languages, with most of them available in both text-based and graphical user interfaces.

The installation images may be downloaded right now via bittorrent [10] (the recommended method), jigdo [11], or HTTP [12]; see Debian on CDs [13] for further information. “bullseye” will soon be available on physical DVD, CD-ROM, and Blu-ray Discs from numerous vendors [14] too.

10: https://www.debian.org/CD/torrent-cd/ 11: https://www.debian.org/CD/jigdo-cd/#which 12: https://www.debian.org/CD/http-ftp/ 13: https://www.debian.org/CD/ 14: https://www.debian.org/CD/vendors

Upgrades to Debian 11 from the previous release, Debian 10 (code name”buster”) are automatically handled by the APT package management tool for most configurations.

For bullseye, the security suite is now named bullseye-security and users should adapt their APT source-list files accordingly when upgrading. If your APT configuration also involves pinning or APT::Default-Release, it is likely to require adjustments too. See the Changed security archive layout [15] section of the release notes for more details.

15: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information#security-archive

If you are upgrading remotely, be aware of the section No new SSH connections possible during upgrade [16].

16: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information#ssh-not-available

As always, Debian systems may be upgraded painlessly, in place, without any forced downtime, but it is strongly recommended to read the release notes [17] as well as the installation guide [18] for possible issues, and for detailed instructions on installing and upgrading. The release notes will be further improved and translated to additional languages in the weeks after the release.

17: https://www.debian.org/releases/bullseye/releasenotes 18: https://www.debian.org/releases/bullseye/installmanual

About Debian

---

Debian is a free operating system, developed by thousands of volunteers from all over the world who collaborate via the Internet. The Debian project's key strengths are its volunteer base, its dedication to the Debian Social Contract and Free Software, and its commitment to provide the best operating system possible. This new release is another important step in that direction.

Contact Information

---

For further information, please visit the Debian web pages at https://www.debian.org/ or send mail to press@debian.org.

---

Mastodon	ShellLabs	Join Mastodon

AI statement : Consent is NOT granted to use the content of this blog for the purposes of AI training or similar activity. Consent CANNOT be assumed, it has to be granted.