I want to know if Redditors think there are any huge security blunders here. I have a server that was1 running ubuntu 12.04 and I wanted to add more security for ssh and add some convenience at the same time. I wanted public key and two factor authentication, unless I logged in from home, in which case, I wanted just public key authentication. Here is what I did:
- running ubuntu 12.04
- upgraded to openssh-server 6.2 from saucy
- added two factor authentication with libpam-google-authenicator
set up sshd_config with:
set up /etc/pam.d/sshd with:
auth sufficient pam_access.so debug accessfile=/etc/security/root_access.conf
auth sufficient pam_google_authenticator.so
#@include common-auth (this is commented out)
set up /etc/security/root_access.conf with this:
- : root : 192.168.0.1
- : ALL : ALL
I wanted to use public keys to login to the server and have two factor authentication, which is why I needed to upgrade openssh to version 6.2.
I also wanted to bypass the two factor authentication if I logged in from my home computer. This also allows me to run rsync via cronjobs and not have to use the two factor authentication. The server doesn't get much use, but I decided to use a different access.conf file from pam_access.so so that I didn't lock out any other users.
If I log in from elsewhere, I still have to use the two factor authentication.
Does anyone see any glaring security issues? I'm not too familiar with PAM aside from the all the warnings in the sshd config file about security risks. meh, warning schwarning
1 I wrote was running 12.04 because I accidentally left saucy in the apt repositories and ran apt-get upgrade one morning before I had my tea. I did see that there were about 300 packages to upgrade, but it didn't register and I let it fly. It reports 13.10 now.
edit: formattingsubmitted by gee-one
[link] [1 comment]
I've been having some wireless issues, fairly randomly, since upgrading. It happened immediately after the first 13.10 update, then became less of an issue (That time it was the proprietary drivers) but now it has returned after installing some updates and I can't find many other posts about it online.
It doesn't necessarily "drop" the internet connection, as it SAYS it's maintaining the connection with the router the entire time. Instead it will be working perfectly fine for an amount of time and then halt entirely. Pages don't load, and if I'm try pinging a website it won't work.
I get results around 20-30ms regularly, but when this halting occurs the process stops entirely and no new ping can be received. I should also mention that this occurs every 1-2 minutes, where websites load consistently fast and then freeze immediately for about a minute, and then continue.
Sorry if my description is not totally helpful. If anybody knows what I'm talking about though it would be hugely appreciated.submitted by roland23
The 18.5 x 9.4 x 8.5-inch device runs Linux on a Raspberry Pi SBC, or for $110 more, on a quad-core, Freescale i.MX6 based Udoo Quad, which also runs Android. Each SBC furnishes Bluetooth and WiFi streaming, as well as I/O made available at the rear of the system.
Red Hat has proven many times that it can acquire and oversee open source projects without tainting them with commercial efforts or otherwise fouling them up. I expect most CentOS users, like the project itself, stand to gain from wearing Red Hat. As for Red Hat, joining with CentOS represents a net win in terms of growing community, ecosystem and paying customers.
A Seattle-based band called netcat - not to be confused with the networking tool of the same name - has perked ears in the software community by releasing its debut album as a Linux kernel module (among other more typical formats.)
The fans of the Opera Internet browser have long given up the hope of seeing their favorite software get a Linux version. There are still a few stranglers that still hang on to the old version, but there is no indication that anything will happen on the Linux front.
Geeky Gadgets: This week the new BeagleBone Black Rev C development board has been unveiled offering a similar board to that offered by the Raspberry Pi mini PC and Arduino UNO.
While the Catalyst 14.4 OpenGL Linux graphics driver offers OpenGL 4.4 support, bug-fixes, and other improvements, it seems the performance improvements are limited -- at least in terms of raw frame-rate performance and frame latency. Some Phoronix readers have been boasting about the Catalyst 14.4 Linux driver being better with some Steam Linux games, but from my tests of a few Source Engine games, there didn't seem to be any major differences. The Catalyst 14.4 Linux driver only showed measurable performance boosts in a few benchmarks, where the biggest performance change for the four tested graphics cards was 6~9% faster.