new tutos
This commit is contained in:
asus
@@ -37,7 +37,9 @@ syntax on
|
||||
|
||||
" use coloration 'torte' or other
|
||||
" and specify no coloration in the background
|
||||
colo elflord
|
||||
"colo elflord
|
||||
"colo murphy
|
||||
colo ron
|
||||
highlight Normal ctermbg=NONE
|
||||
highlight nonText ctermbg=NONE
|
||||
|
||||
|
||||
@@ -145,7 +145,7 @@ find | sort | grep -ve "node_modules/" -e ".git/" | sed 's#[^/]*/#|__ #g;s#__ |#
|
||||
**( cd /usr/share/applications && chmod 644 <name>.desktop )** maybe change permissions
|
||||
|
||||
**applications :**
|
||||
**ln -s /path/to/executable ~/.local/bin/**
|
||||
- add it to bin, so you can launch it with its name directly : **ln -s /path/to/executable ~/.local/bin/**
|
||||
add /usr/share/applications/<name>.desktop as explained above for appimages
|
||||
**maybe, example with firefox :**
|
||||
Download Firefox
|
||||
@@ -162,7 +162,7 @@ find | sort | grep -ve "node_modules/" -e ".git/" | sed 's#[^/]*/#|__ #g;s#__ |#
|
||||
Remove the snap version of Firefox:
|
||||
**sudo snap remove firefox**
|
||||
Launch the new Firefox by running this command in a terminal:
|
||||
**/usr/local/bin/firefox**
|
||||
**firefox** -> equivalent to '/usr/local/bin/firefox'
|
||||
Go to Dock -> right click on Firefox -> Add to Favorites -> Move it to the top
|
||||
|
||||
|
||||
|
||||
@@ -1,8 +1,30 @@
|
||||
ipv6 : fe80::d6ae:52ff:fec9:29d6
|
||||
netmask : 64
|
||||
gateway : fe80::226:bff:feef:59ff
|
||||
|
||||
# server :
|
||||
------------------------------------------------------------------------------------
|
||||
|
||||
## connect with ssh :
|
||||
- **ssh <username>@<server_ip>**
|
||||
- if first time after reinstalling on same ip, you need to remove local old keys :
|
||||
- **ssh-keygen -f "/path/to/.ssh/known_hosts" -R <ip>**
|
||||
- if you get a 'Too many authentication failures', force connection with password :
|
||||
- **ssh -o PreferredAuthentications=password <username>@<server_ip>**
|
||||
- or even :
|
||||
- **ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no <username>@<server_ip>**
|
||||
- to use key, you need to put the public key on remote :
|
||||
- **ssh-copy-id -o PreferredAuthentications=password -i /path/to/key.pub <username>@<server_ip>**
|
||||
- first time you authenticate by key :
|
||||
- **ssh -i /path/to/key <username>@<server_ip>**
|
||||
|
||||
|
||||
## list user : **cat /etc/passwd**
|
||||
|
||||
## install some packages :
|
||||
- **su**
|
||||
- **apt install sudo vim git wget curl htop**
|
||||
|
||||
## change users passwd :
|
||||
- **sudo passwd <username>**
|
||||
- first go on root with **su**
|
||||
@@ -11,13 +33,8 @@
|
||||
- so open a new terminal window without closing this one, and try to connect with new passwd
|
||||
- and now you can change root passwd too
|
||||
|
||||
## install some packages :
|
||||
- **su**
|
||||
- **apt install sudo vim git wget curl htop**
|
||||
|
||||
## allow connection with ssh key :
|
||||
- runn this in local : **ssh-copy-id username@server_ip**
|
||||
- then change ssh configuration file `/etc/ssh/sshd_config` :
|
||||
## allow connection with ssh key only :
|
||||
- change ssh configuration file `/etc/ssh/sshd_config` :
|
||||
- set **PubkeyAuthentication yes** to allow public key authentication
|
||||
- set **PasswordAuthentication no** to disable password-based authentication
|
||||
- set **ChallengeResponseAuthentication no** to disable any keyboard-interactive authentication
|
||||
@@ -376,3 +393,45 @@ When you get to the network configuration step in the Debian 11 installer, you c
|
||||
|
||||
Hostname: my-server
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
# security :
|
||||
---
|
||||
|
||||
## action that can be made :
|
||||
- **https://yunohost.org/en/security**
|
||||
|
||||
### updates :
|
||||
- install 'unattended upgrades' app to automate updates
|
||||
|
||||
### ssh settings :
|
||||
- authentication with key and not password :
|
||||
- in local : **ssh-copy-id -i ~/.ssh/id_rsa.pub <username@your_yunohost_server>**
|
||||
- **sudo yunohost settings set security.ssh.password_authentication -v no** -> change `/etc/ssh/sshd_config` file
|
||||
- change ssh port (no need if disabled password authentication) :
|
||||
- **sudo yunohost settings set security.ssh.port -v <new_ssh_port_number>** -> change ssh and fail2ban settings
|
||||
- then need -p to connect : **ssh -p <new_ssh_port_number> admin@<your_yunohost_server>**
|
||||
|
||||
### cipher compatibility :
|
||||
- I have no idea what it is
|
||||
- default uses 'intermediate' recommandations, good security and good compatibility with old devices (for who ? users ? visitors ?)
|
||||
- possibility to switch to 'modern' version : less compatible but better security
|
||||
|
||||
### disable yunohost web administration panel
|
||||
- disabling API to reduce attack surface :
|
||||
- **sudo systemctl disable yunohost-api**
|
||||
- **sudo systemctl stop yunohost-api**
|
||||
- now administration can only be done in command line
|
||||
|
||||
## summary actions to make :
|
||||
- install 'unattended upgrades' app to automate updates
|
||||
- authentication with key and not password :
|
||||
- in local : **ssh-copy-id -i ~/.ssh/id_rsa.pub <username@your_yunohost_server>**
|
||||
- **sudo yunohost settings set security.ssh.password_authentication -v no** -> change `/etc/ssh/sshd_config` file
|
||||
- disabling API to reduce attack surface (web admin panel will not be usable anymore, use command line instead) :
|
||||
- **sudo systemctl disable yunohost-api**
|
||||
- **sudo systemctl stop yunohost-api**
|
||||
|
||||
Reference in New Issue
Block a user