JDPFu.com 2025

Updated 10/2019

Use ed25519 keys, if you can:

ssh-keygen -t ed25519
ssh-copy-id -i ~/.ssh/id_ed25519.pub userid@remote

Updated 10/2015

If you have an ssh server running on your network that is accessible to the outside world, on the internet, chances are your systems are being attacked. If you aren’t aware of this, just take a look at your ssh logs in /var/log/auth.

$ egrep -i Failed /var/log/auth.log*

This article is for Linux/UNIX users, but the ideas should apply to any OS running an ssh daemon.

Ssh Setup For Higher Security

The order below based on how easy it is to accomplish or setup. None of these configuration changes are hard. All of them can be accomplished in under 5 minutes if you know what you’re doing or 15 minutes if you need to read up a little.

• Listen on a non-standard port
• Use ssh-key-based connections
• No remote root logins with a password – without-password
• Allow only key-based logins from non-LAN IPs (basically any remote ssh connection cannot use a password)
• Lock account after X failed attempts – Fail2Ban
• Automatically block IPs with login failures – Fail2Ban
• Monitor hack attempts – Fail2Ban

FTP, File Transfer Protocol, has been around since the beginning of the internet in the early 1970s. It transfered files when the internet was a safer, more trusting, place. That isn’t the case anymore. Using FTP to host files is probably a bad idea for almost everyone. FTP is like Telnet. No encryption is used for anything. These days, we know that is bad.

In the mid-1990s most organizations stopped using telnet and switched to ssh, secure shell. FTP needs to be replaced for the same reasons. Below I’ll describe why very few people should use plain FTP anymore to remotely access files.

I’ve been a Skype user for many years. I’ve even had the paid subscription for months at a time. Generally, it did what I needed better than other solutions, until I tried to make it my home phone too. That worked, but not as well (quality) as I’d like.

Anyway, I find myself trying to get the latest versions of Skype for my systems this morning and ran into a few issues.

Here are things that didn’t work for me – for a normal user, these would be show stoppers.

Over the years, we all come across software that we decide to uninstall and never use again (unless forced to do so by a company). I expect that some software on my hate it list is loved by someone. Most of those tools that make it to this list became bloated, lost their core purpose or did something nasty like installed a search bar or some other spyware.

Anyway, here’s my list for Windows.

Each of us use a computer for various reasons. Some just want a system that works, without any hassle. Most of us want to run specific software, work with specific file types, connect with everyone else, and possibly just do what the people around us are doing to be the same.

I’ll be as honest as I can and put the reasons in order.

Some of you know that I’m a fan of Linux. Ok, so that is an understatement. Would you like to convert? I’ll help you! Linux lets me do what I want while still providing nearly complete control over the hardware, for free. I like it and I’m shocked when other computer users don’t like it too. In fact, I think that almost every Grandmother should be running Linux these days.

Here’s a story, Linux Experiment Gone Horribly … Perfect, about a tech trying to solve problems with a client’s laptop. After exhausting all other solutions to a virus infected, spyware running, root kit loving Vista install, he got to the point of needing to reinstall Vista, but no reinstall disks were available. The client didn’t have them or any backup. The answer? Ubuntu Desktop 10.04 (Lucid Lynx).

In short, unsophisticated computer users will probably do better with a properly configured Linux system. I’d try Ubuntu, Mint or PCLinux on end users for the best outcomes. All are based on Debian, very stable and work on almost any hardware.

Would you like to try Linux? I’ll help you!

2014 Update:
Adobe is at it again. This time violating paid customer privacy.
Adobe spies on readers: EVERY page you turn, EVERY book you own leaked back to base

Time to start blocking adobe domains, if you don’t already.
adelogs.adobe.com is one.

Adobe has been plagued with security issues in their most popular tool, like Acrobat and Reader. These issues seem to be on all platforms, but are mostly targeted by hackers on MS-Windows. For years, we’ve known that Acrobat allowed PDF documents more access than most people need by default – JavaScript and the ability to start other programs running on the system. 99% of Acrobat Reader users do not need or want either of those features, yet, they are enabled by default.

Adobe has been slow to correct issues and claimed to be on a quarterly patch cycle. This is for Flash, Shockwave, Reader and all products including PhotoShop. For almost all of these tools, there are alternatives that are not the main targets of hackers.

So, I gotta ask …

Why are you still using Adobe Tools?

How to ask for help for Linux issues.

All of us need a little help now and again. Linux users aren’t any different than MS-Windows or Mac users in that regard. The difference is that to get help for Linux, you need to do a little more research first.

We’ll assume you don’t have a nearby Linux knowledgeable friend that knows everything. You’ll need to ask people you do not know for help. Or, perhaps you are the Linux guru in your circle of friends and your questions are more complex than most.

Below, I’ll suggest a few methods to use to get help and outline the data you should include in your requests to optimize the ability of others to actually be helpful to you.

Like many people, I recently updated my main desktop Ubuntu installation to 10.04, Lucid Lynx. As a long time Linux user, we’re used to some special keystrokes to force the system to do things. Keystrokes like:

• Reboot – {cntl}-{alt}-{del}
• Restart X/Windows – {cntl}-{alt}-{backspace}

The Solution