●● IRC: #boycottnovell @ FreeNode: Saturday, November 07, 2020 ●●
● Nov 07
[07:48] *rianne__ has quit (Quit: Konversation terminated!)
[07:48] *rianne__ (~rianne@host81-154-169-118.range81-154.btcentralplus.com) has joined #boycottnovell
● Nov 07
[08:07] schestowitz >>>>> What about eNom? Do they provide a dynamic service as part of their
[08:07] schestowitz >>>>> normal DNS registration?
[08:07] schestowitz >>>> I have not checked, but as I said earlier the IP address won't changed
[08:07] schestowitz >>>> for weeks and if it does roll over, I can email you.
[08:07] schestowitz >>> Thanks. Yes, it's there in the headers.
[08:07] schestowitz >> Maybe I will look into this after all.
[08:07] schestowitz > It can save some time and effort. Then tracking the current address can
[08:07] schestowitz > be offloaded to ddclient. Some registrars provide dynamic DNS service
[08:07] schestowitz > for free these days, some for a fee, but either way you have to ask.
[08:07] schestowitz > That usually means opening a support ticket from the official account.
[08:07] schestowitz Should we consider registering a new domain for this as well? Maybe that would be cheaper and help isolate one server from another.
[08:16] schestowitz > If everyone is all set with key-based authentication, then the password
[08:16] schestowitz > authentication ought to be turned off, at least for the outside:
[08:16] schestowitz >
[08:16] schestowitz > ...
[08:16] schestowitz > PubkeyAuthentication yes
[08:16] schestowitz > ...
[08:16] schestowitz > # PasswordAuthentication yes
[08:16] schestowitz > PasswordAuthentication no
[08:16] schestowitz > ...
[08:16] schestowitz >
[08:16] schestowitz > Or
[08:16] schestowitz > ...
[08:16] schestowitz > PubkeyAuthentication yes
[08:16] schestowitz > ...
[08:16] schestowitz > PasswordAuthentication yes
[08:16] schestowitz > AuthenticationMethods publickey,password
[08:16] schestowitz > ...
[08:16] schestowitz >
[08:16] schestowitz > Or
[08:16] schestowitz > ...
[08:16] schestowitz > PubkeyAuthentication yes
[08:16] schestowitz > ...
[08:17] schestowitz > # PasswordAuthentication yes
[08:17] schestowitz > PasswordAuthentication no
[08:17] schestowitz >
[08:17] schestowitz > Match Address 192.168.1.0/24
[08:17] schestowitz > PasswordAuthentication yes
[08:17] schestowitz >
[08:17] schestowitz > in /etc/ssh/sshd_config
[08:17] schestowitz >
[08:17] schestowitz > If the system is already fully headless, be careful not to get locked
[08:17] schestowitz > out. Therefor test from a second daemon and config file first. For
[08:17] schestowitz > example,
[08:17] schestowitz >
[08:17] schestowitz > sudo cp -p /etc/ssh/sshd_config .
[08:17] schestowitz > sudoedit ./sshd_config
[08:17] schestowitz > sudo /usr/sbin/sshd -d -E /tmp/test.sshd.log \
[08:17] schestowitz > -p 2020 -f ./ssh_config
[08:17] schestowitz > sudo mv /etc/ssh/sshd_config /etc/ssh/sshd_config.old
[08:17] schestowitz > sudo cp -p ./sshd_config /etc/ssh/sshd_config
[08:17] schestowitz Thanks for the tip. For now, Rianne and I both use it with ssh -X and Barrier (from both our machines) and with password rather than keys. We're the only one with pi/admin access. We use that for monitoring systems and nothing else for now.
[08:17] schestowitz > That would allow a single test session on port 2020 to make sure you can
[08:17] schestowitz > get in from the LAN before replacing the main configuration file.
[08:17] schestowitz The head goes in and our. We might need to buy another (10th) screen when lockdown is over.
[08:17] schestowitz > PS. Since the default account is basically admin, it is good to avoid
[08:17] schestowitz > using it for daily activities and to treat it more or less like root.
[08:17] schestowitz Yes, it is not being used for anything but creating new accounts and Firefox.
[08:28] schestowitz >> Thanks for the tip. For now, Rianne and I both use it with ssh -X and
[08:28] schestowitz >> Barrier (from both our machines) and with password rather than keys.
[08:28] schestowitz >> We're the only one with pi/admin access. We use that for monitoring
[08:28] schestowitz >> systems and nothing else for now.
[08:28] schestowitz >>
[08:28] schestowitz >>> That would allow a single test session on port 2020 to make sure you can
[08:28] schestowitz >>> get in from the LAN before replacing the main configuration file.
[08:28] schestowitz >> The head goes in and our. We might need to buy another (10th) screen
[08:28] schestowitz >> when lockdown is over.
[08:28] schestowitz > Some monitors allow two or more inputs. You can then temporarily switch
[08:28] schestowitz > over to the RPi without moving cables. If you have the two inputs
[08:28] schestowitz > fighting over control of the monitor when one of them goes to sleep,
[08:28] schestowitz > save power by turning off RPi's HDMI temporarily
[08:28] schestowitz >
[08:28] schestowitz > $ tvservice -o
[08:28] schestowitz >
[08:28] schestowitz > and then back on when needed again
[08:28] schestowitz >
[08:28] schestowitz > $ tvservice -p
[08:28] schestowitz I did not know this was possible. The screen has multiple inputs, different typos, so it's not a problem, e.g. with a physical switch. It's an AOC. Not the politician.... bought in 2013.
[08:28] schestowitz >>> PS. Since the default account is basically admin, it is good to avoid
[08:28] schestowitz >>> using it for daily activities and to treat it more or less like root.
[08:28] schestowitz >> Yes, it is not being used for anything but creating new accounts
[08:28] schestowitz > Ok
[08:28] schestowitz >
[08:28] schestowitz >> and Firefox.
[08:28] schestowitz > :o
[08:28] schestowitz Better than Google Chromium.
[08:29] schestowitz > That and chromium would be best to have sandboxed in a separate account.
[08:29] schestowitz Only used to access a Nagios panel... for now. Not general browsing.
[08:34] schestowitz >> Better than Google Chromium.
[08:34] schestowitz > Yes. I mean that :O about browsers in general
[08:34] schestowitz Blame $employer
[08:34] schestowitz >>> That and chromium would be best to have sandboxed in a separate account.
[08:34] schestowitz >> Only used to access a Nagios panel... for now. Not general browsing.
[08:34] schestowitz > Ok.
● Nov 07
[09:05] schestowitz >> Yes, soldering seemed needed. I'll keep the message flagged as important
[09:05] schestowitz >> for future ref. I need to borrow a soldering gun from someone. Bad
[09:05] schestowitz >> timing until Dec 2.
[09:05] schestowitz > I'll try to send a reminder then. The buttons with LEDs are nice to
[09:05] schestowitz > have as a supplement.
[09:05] schestowitz Yes, I can even tinker further with these and share the changes.
[09:07] schestowitz Re: rms talk
[09:07] schestowitz > http://techrights.org/2020/11/06/tackling-surveillance-on-the-internet/
[09:07] schestowitz >
-- Leo's gemini proxy
-- Connecting to gemini.techrights.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/plain;lang=en-GB
-- Response ended
-- Page fetched on Sun May 19 12:36:12 2024