Whether you want to access the Internet safely and securely while connected on an untrusty public Wi-Fi network, bypass Geo-restricted content or allow your coworkers to connect securely to your company network when working remotely, using a VPN is the best solution.

A VPN allows you to connect to remote VPN servers, making your connection encrypted and secure and surf the web anonymously by keeping your traffic data private.

There are many commercial VPN providers you can choose from, but you can never be truly sure that the provider is not logging your activity. The safest option is to set up your own VPN server.

This tutorial will explain how to install and configure OpenVPN on Debian 9. We will also show you how to generate clients certificates and create configuration files

OpenVPN is a fully featured, open-source Secure Socket Layer (SSL) VPN solution. It implements OSI layer 2 or 3 secure network extension using the SSL/TLS protocol. weiterlesen

Learn how to use BIND to set up your own server for resolving domain names.

Pixelated globe

In this article, I show you how to build your own name server using BIND (Berkeley Internet Name Domain). It is not as difficult as you might think, especially because you can do it in two stages.

In this article, you will start by learning how to create a caching name server, then you will move on and learn how to upgrade that to a complete primary (master) domain name server for your network, complete with forward and reverse zone files.

weiterlesen

Learn how to eliminate SSH keys and use a GNU Privacy Guard (GPG) subkey instead.

 

Many of us are familiar with Secure Shell (SSH), which allows us to connect to other systems using a key instead of a password. This guide will explain how to eliminate SSH keys and use a GNU Privacy Guard (GPG) subkey instead.

Using GPG does not make your SSH connections more secure. SSH is a secure protocol, and SSH keys are secure. Instead, it makes certain forms of key distribution and backup management easier. It also will not change your workflow for using SSH. All commands will continue to work as you expect, except that you will no longer have SSH private keys and you will unlock your GPG key instead.

By having SSH authenticated by your GPG key, you will reduce the number of key files you need to secure and back up. This means that your key management hygiene still has to be good, which means choosing good passphrases and using appropriate key preservation strategies. Remember, you shouldn’t back your private key up to the cloud!

Additionally, today SSH keys are distributed by hand and oftentimes directly. If you want to grant me access to a machine, you have to ask me for my SSH key. You may get lucky and find one posted on my website. However, you still have to decide if you trust my website. If I use a GPG key for SSH, you can select a known, good key for me using the GPG web of trust from a public keyserver. This is what The Monkeysphere Project is working on. Otherwise, nothing you do here affects the web of trust used for GPG encryption and signing.

weiterlesen

Now that you are able to create various forward or reverse SSH tunnels with lots of options and even simplify your live with ~/.ssh/config you probably also want to know how make a tunnel persistent. By persistent I mean, that it is made sure the tunnel will always run. For example, once your ssh connection times out (By server-side timeout), your tunnel should be re-established automatically.

I know there are plenty of scripts out there which try to do that somehow. Some scripts use a while loop, others encourage you to run a remote command (such as tail) to make sure you don’t run into timeout and various others. But actually, you don’t want to re-invent the wheel and stick to bullet-proof already existing solutions. So the game-changer here is AutoSSH.

TL;DR

autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -L 5000:localhost:3306 cytopia@everythingcli.org

or fully configured (via ~/.ssh/config) for background usage

autossh -M 0 -f -T -N cli-mysql-tunnel

weiterlesen

Introduction OpenVPN is a full-featured SSL VPN (virtual private network). It implements OSI layer 2 or 3 secure network extension using the SSL/TLS protocol. It is an open source software and distributed under the GNU GPL. A VPN allows you to connect securely to an insecure public network such as wifi network at the airport or hotel. VPN is also required to access your corporate or enterprise or home server resources. You can bypass the geo-blocked site and increase your privacy or safety online. This tutorial provides step-by-step instructions for configuring an OpenVPN server on Debian Linux 10 server.

weiterlesen