This Is Justin – Being At Your Best

Securing OpenSSH Server on Debian 11

2022-04-24 2022-04-24 / Leave a Comment

OpenSSH is a networking utility that allows the secure connectivity to a remote host via the SSH protocol. It’s made up of a number of utilities that you’re probably already familiar with, including ssh-keygen and scp. Debian 11 can include the default setup of OpenSSH on a new installation, so it’s important to understand how to secure the SSH service from unintended consequences.

SSH is an easy target for attackers as it’s a common entry point for legitimate remote access by system administrators and users, alike. Here are a few simple steps to enhance the default security settings for the OpenSSH server on your Linux host.

Although the title of this post states Debian 11, these settings are specific to OpenSSH and should be the same across other Debian/Ubuntu distributions.

0. Requisites

Before you can make OpenSSH secure, you’ll need to have it installed, and have the configuration open.

$ sudo apt install openssh-server

You’ll find the SSH configuration file at /etc/ssh/sshd_config. You can open the file for editing in nano with the command below.

$ sudo nano /etc/ssh/sshd_config

1. Disable PasswordAuthentication

Disabling PasswordAuthentication is a very important first step. SSH brute force attacks are extremely common due to the power of computer hardware, and the amount of leaked password lists that exist. Find the line in your SSH configuration, uncomment it, and make sure it’s set to no. If the line doesn’t exist you can simply add it.

PasswordAuthentication no

2. Disable PermitEmptyPasswords

Find the line that starts with PermitEmptyPasswords and set it to no. This will prevent any accounts without passwords from bring utilized by SSH.

PermitEmptyPasswords no

3. Disable PermitRootLogin

Next, we’ll disable PermitRootLogin. As implied, this setting controls whether the root account can login via SSH. Change this setting to no; just make sure that you have an alternate sudoer account available with an SSH key in that accounts ~/.ssh/authorized_keys.

Find the line below line, uncomment it, and make sure it’s set to no.

PermitRootLogin no

4. Enable PubkeyAuthentication

With PasswordAuthentication disabled, we’ll enable PubKeyAuthentication to ensure that SSH explicitly knows that public key authentication is expected. Find the line below line, uncomment it, and make sure it’s set to yes.

PubkeyAuthentication yes

5. Optional: Change the default SSH port

Changing the default SSH port is not a ‘security’ enhancement, per se. It will, however, make your host less apt to be found by internet scanners looking for SSH on default ports.

You’ll find the Port line near the very top of your SSH configuration. Any port in the 1025-65565 range should work for you.

#Port 22
Port 2200

6. Restart The SSH Service

You’ll need to restart the SSH service in order for the changes to take affect.

$ sudo systemctl restart sshd

Other Settings

The /etc/ssh/sshd_config file contains a variety of settings that can be used to explicitly configure settings, as well as add new features, like Kerberos integration. The full list of settings is available on the sshd_config Debian Man page.

Installing PHP8.0-FPM on Debian 11

2022-04-10 2022-04-23 / Leave a Comment

PHP-FPM is a session manager used for handling the use of multiple versions of PHP, on the same host. PHP-FPM is commonly used by web hosting providers to provide multiple versions of PHP on the same shared host, but PHP-FPM is great when you’re running two different PHP applications on the same server that require different PHP versions.

PHP7.4 is the only current version of PHP-FPM available in the default Debian 11 repositories, as seen in the screenshot below. So, some additional steps are required to make PHP8.0 available

Search of the default Debian 11 repositories looking for PHP-FPM versions

1. Update Repositories and Install the Prerequisites

First, install a few software libraries that are required in order to add the new software repository, safely.

$ sudo apt update
$ sudo apt install -y install apt-transport-https lsb-release ca-certificates curl

2. Import the Repository Key

In order for apt to communicate with the repository securely, it needs the public key available for the repo. The below command adds the public key for the sury-php repository to apt.

A software developer by the name of Ondřej Surý who has been providing the official builds of PHP on both Ubuntu and Debian repos via his website since 2000.

$ sudo curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg

3. Add the Repository

This will create the appropriate package details for your kernel version and save it in /etc/apt/sources.list.d/sury-php.list.

$ sudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'

4. Update APT Repositories

The following command updates the local APT cache from the available repositories.

$ sudo apt update

5. Install PHP8.0-FPM

Now, you can simply install PHP8.0-fpm via APT.

$ sudo apt install php8.0-fpm

PHP-FPM is installed to /etc/php/php8.0/fpm. The php.ini file contained within that directory controls the PHP configuration for instances of FPM running that version of PHP.

The (Over)Stimulating World That We Live In

2022-03-20 2022-03-20 / Leave a Comment

Stimulation is not a new concept, but few of us in this world have the capability of, or have the willingness to, sit back and see what this constant stimulation is doing to our well-being. For someone like me, someone with Attention Deficit Hyperactivity Disorder (ADHD), the stimulation coming from every direction can not just be overwhelming, but it can have long-lasting effects on the brain. This isn’t just the case for an ADHD brain, and non-ADHD brains can be severely impacted by the amount of stimulation presented to it at any given time.

What Is Stimulation?

Stimulation may mean different things to different people. For many, being stimulated is the feeling of being around or excited. This is a wonderful feeling; when it comes from the appropriate source. Stimulation can also be defined as the raising of the levels of certain chemicals in our brains; in this context we are thinking about stimulation at a physiology level. W will be referring to stimulation in this sense for the purpose of this article.

The human brain needs stimulation; that’s a fact. When you sleep, your brain is very active (or stimulated), this type of stimulation is good for the brain. Sleep, allows your brain to disengage from some of the “keeping you alive” activities, and performs more “repair and restore” activities.

Anything and everything that may interact with one of our five human senses (vision, hearing, touch, taste and smell) can be considered a stimuli. Our brain takes the information that our senses send it, and react accordingly.

What Stimulates Us?

In 2022, there are more stimulation’s than I can list, and certain stimuli will impact each of us differently at any given time. Let’s run through a fictitious day-in-the-life.

06:30 – Wake-up and check your phone
06:45 – Take a shower while listening to music on the radio
07:15 – Leave for your hour long drive to work, driving above the speed limit
07:45 – Get McDonald’s breakfast and a coffee on the way to work
08:30 – Get to desk at work, open your laptop with a modern screen that uses light in the 415nm – 455nm range.
10:30 – Refill your coffee
12:00 – Eat lunch. Your didn’t pack one, so you use your earnings to buy takeout.
16:30 – Leave work for hour long drive home, driving above the speed limit.
17:15 – Stop and buy gas; purchase a lottery ticket with it.
17:30 – You’re tired from working all day, so you order a pizza for supper.
18:00 – Call kids for supper. The kids have been off school for 3 hours, and have spent that time playing video games.
18:20 – Kids finally make it to the table because they “just need to finish what they’re doing”.
18:25 – Kids done eating and return to video games.
18:45 – Kids “snacky” because they didn’t eat a complete meal for supper.
20:00 – Kids bed time routine begins.
21:30 – Kids are in bed.
21:45 – You get into bed. Watch some television and grab your phone to check for updates.
22:30 – Attempt to fall asleep
23:30 – Finally fall asleep.

Sound familiar? It should. I’m sure that most of you can look at your day-to-day and find some aspect of using stimulants to make the discomforts of our lives, bearable.

So, How Is That A Problem?

If you read the list above and thought, “that doesn’t sounds so bad”. You’re not wrong. Stimulation’s are subjective. One thing that stimulates your brain, may not stimulate my brain in the same fashion. For those who are unable to modulate their senses, or for those who process stimuli differently, the day above may be disastrous. How so? Let me explain.

Not all of our brains are able to modulate the amount or the type of stimuli that it processes at any given time. As someone with ADHD, I process all the stimuli in my environment regardless of whether or not it is relevant to my current physical state. This is a perfect example of executive dysfunction. The brain lacks the executive function, in that moment, to quiet the stimuli that are not relevant.

Should I Change My Habits?

Nothing, necessarily. You may find that you get just enough stimulation for your lifestyle. If that’s the case, good for you! But, if you find yourself becoming overwhelmed in situations where others don’t seem to be, or you find that your days are a roller coaster of energy and emotion, then you may want to consider that over-stimulation may be your issue.

This may sound counter-intuitive to some. Why would over-stimulation be causing you to experience low energy, motivation, or emotional stability? It’s because the brains function isn’t simply on/off. The brain, as well as the body, must be maintained a balanced state. This dynamic is called homeostasis and is your body’s way of self-regulating itself according to the current moment. For example, It is what makes your body sweat when the body’s temperature increases in the response to exercise.

In Summary

The human brain is constantly stimulated from various sources.
The human brain is only capable of processing certain and specific information at any given time.
Brain neurological diversity has a big impact on how stimulants are modulated.
The human brain requires balance, and achieves this through the process of homeostasis.
Overstimulating the brain means giving it too much of what it doesn’t need, when it doesn’t need it. You’ll feel like you’ll want more, and will never get enough. It’s because your brain can’t intrinsically care about what it needs to, if the neurons are busy processing other stimuli.

How To Get Cardano Assets with DripDropz

2022-03-10 2022-04-15 / Leave a Comment

2022-04-15 Update: DripDropz now provides an estimated asset value!

If you’re already familiar with cryptocurrencies then you’ve probably heard of Cardano. If not, check out Cardano Foundation to learn more. In short, Cardano is a first-layer decentralized cryptocurrency, like Bitcoin and Ethereum, and is the first to establish itself based on peer-reviewed research based on evidence-based methods. It is currently, as of 2022-04-10, the 8th traded cryptocurrency by volume, according to coinmarketcap.

Cardano assets are available natively on the Cardano blockchain which is a big difference between Cardano and other cryptocurrencies like Bitcoin and Ethereum. DripDropz takes advantage of this capability by supporting the distribution of various tokens that are distributed by Cardano dApps directly to Cardano wallets, and chain-wide distributions.

Cardano doesn’t currently have a functionality to deliver assets directly to wallets that have been initiated by a dApp. DripDropz acts as a broker for this process. Given your wallet address, DripDropz searches the Cardano blockchain to identify any assets that have been offered to your wallet address, and allows you to move the asset to your wallet, by storing it in transaction. Let me explain.

Assets on Cardano can’t be transferred by themselves. They are a second-layer of data that can only be moved from wallet to wallet as part of a first-layer transaction. In other words, Cardano assets can only be transferred when ADA is also moved in the transfer. This is why DripDropz requires you to send 3-5 ADA to obtain your assets. They take a small administrative fee, and the transaction fee that DripDropz is charged when they send you your tokens; about 1.9 ADA. They then send you back the remainder of your ADA, with your tokens attached.

DripDropz currently distributes over 20 tokens and that continues to grow each and every epoch.

How Does It Work?

It’s actually quite simple. You head on over to DropDropz.io, enter your Cardano Wallet, and hit ‘Check my Dropz’. The service will then search the blockchain to determine if any tokens are available. You must have a wallet that has staked for at least one epoch. The tokens available to your wallet will then be displayed. You can select 10 tokens at a time, a constraint of the current block size. Once you select the tokens you want, and claim them you’ll be asked to send 5 ADA as a transport vehicle (assets can’t move by themselves).

Your 5 ADA is used to pay for any transfer fees ~1.9 ADA, and the remainder is sent back to your wallet with the tokens you chose, attached. Your transactions will look a little something like this.

Screenshot of a DripDropz Transaction on the Eternl Cardano Wallet

If you have fewer than 10 tokens to claim you may be asked to send less than 5 ADA. The transfer fees remain the same.

How Often Can I Drip?

Each and every epoch you can return to DripDropz and claim the tokens that have have been made available for claiming by your wallet. Check out this Cardano Epoch Calendar to keep track.

Tokens distributed to your wallet during previous epochs can’t be claimed, at this time. So make sure you go back and claim your dripz every epoch!

What Are They Worth?

That depends. Many of the tokens distributed are meme assets which carry little to no value outside of other people interested in those assets. This type of meme economy doesn’t grow well.

Other assets available include in-game currencies for games built on the Cardano blockchain. These tokens are often used for in-game items and may carry more value over your standard meme coin as in-game economies can drive up the value of these types of tokens. These assets can be highly volatile.

The value of tokens is in the growth of the Cardano block chain. A higher usage of the blockchain means an increased demand on a decreased supply, which drives up the value of everything on it! As these tokens begin to reach the end of their distribution cycles their values will quickly become apparent.

What Assets Available on DripDropz Are The Best?

Again, that depends. The value of Cardano assets, like real assets are are completely dependent on how the real-world chooses to value them. Personally, I’m not interested in meme tokens, but do claim a couple of different one’s to diversify my asset holdings.

Recently, DripDropz added some categorization to tokens to allow you to distinguish asset types.

Screenshot of DripDropz asset categories

Each asset category will have value to everyone differently. Governance and DeFi assets hold the most inherent value by offering their holdings either voting powers, as is the case with governance tokens, and yield farming, as is the case with DeFi assets.

Utility and Game tokens have the same general purpose of providing a digital representation of a real world object. Utility and Game tokens allow you to take your ADA and transfer it into whatever local currency may be needed.

Meme tokens are the most volatile and typically hold the least value.

As of April, 2022, DripDropz.io now provides an estimated value on tokens where the value can be calculated. You’ll see the estimated value listed on each token card, in both ADA and US Dollars. Use the estimated values to decide whether a token will be of valuable to you, or others.

Can DripDropz Remember My Favourite Assets?

You bet! Sign-up for an account to gain access to the Token Preferences feature in the account dashboard. This will give you the option to choose assets that you like that will automatically be selected (up to 10) any time that you Drip It, and your least favorite assets that will be hidden completely.

Screenshot of DripDropz Account Dashboard with Token Preferences highlighted

Proper Permissions of ~/.ssh

2022-03-05 2022-05-15 / Leave a Comment

If you accidentally changed the permissions of your ~/.ssh folder, or created the folder without setting the appropriate permissions your operating system may not be able to read your private key files. In order to prevent them from being read by other accounts, it’s important to set the appropriate permissions on both Private and Public Keys.

Here are the appropriate permissions to have on your ~/.ssh and its standard files.

~./ssh (drwx——) – 600
~/.ssh/authorized_keys (drwx——) – 600
~/.ssh/[Private Key] (-rw——-) – 600
~/.ssh/[Public Key] (-rw-r–r–) – 644
~/.ssh/known_hosts (-rw-r–r–) – 644

You can test your identity file using the ssh to connect to the account on the server that the private key is associated with.

~$ ssh churppy@[Server] -i ~/.ssh/[Private Key]