Recorded our latest podcast with @zaivala in which I reviewed Ubuntu 19.10 Gnome 3 DE and Moss reviews Zorin OS.
1 Like
As I’ve mentioned a few times, I mostly use quite old hardware. Budgeting requirements 
One of my main devices now has a malfunctioning screen which cost me about £100 to have fixed about five years ago when that happened. This week I’m going to try to get a cheaper machine looked at whose power supply or battery is failing, not sure which, and hope it’s not an expensive repair. Sure am looking forward to a good new device when “budget allows”! Meantime with Linux it’s just settling in to use my finally stable Virtualbox VM to build LFS which I made a start on last week, but only a little as I’m going to have to do it very piecemeal. Time constraints are also an issue!
After contemplating how I would add 2FA to SSH login, as simply as possible, here’s what I came up with:
I have a couple of VPS’, and I was able to hide their world-accessible ssh ports inside a Wireguard tunnel (on each). So now there is no way to log into those VPS’, except by way of first establishing a Wireguard connection. Why would I do this? Wireguard acts the second factor of authentication I was wanting; as in, Wireguard is my own poor-man’s 2FA for SSH.
To limit SSH’s access to the Wireguard tunnel, I had to add only one line to my /etc/ssh/sshd_config:
ListenAddress 10.11.12.1
… where 10.11.12.1 is the IP address of the VPS within the Wireguard tunnel. Then I SSH to that address, once the tunnel is established, not the public IP address of the VPS.
Should Wireguard not start a boot time, for some strange reason, I have a backdoor to debug it: my hosting provider offers a serial console to these VPS’ over SSH. So two logins are required for that backdoor: once into the serial console server, and then once again on the command line (so I sort of have 2FA there as well, but not involving Wireguard).
This arrangement has been working well for about a month now. I haven’t needed to bail myself out with that serial console back door yet. I only mention this all now, after feeling confident that I can trust this arrangement.
PS: One of the VPS’ is running ISPconfig, which has a web interface for administrative tasks. I hid that web interface inside the Wireguard tunnel as well. From time to time, ISPconfig announces some security vulnerability with that web admin interface, and ISPconfig unfortunately does not upgrade itself thanks to Debian’s “unattended-upgrades” package, which I have installed. Note that I’ve hand-installed ISPconfig (an arrangement I really don’t like, and use as infrequently as possible).
This config was a bit trickier. In the file /etc/nginx/sites-enabled/000-ispconfig.vhost, at the top, I changed
server {
listen 8080 ssl;
listen [::]:8080 ssl ipv6only=on;
…to:
server {
#listen 8080 ssl;
listen 10.11.12.1:8080 ssl;
#listen [::]:8080 ssl ipv6only=on;
…then restarted nginx. This config change unfortunately did not persist across an ISPconfig update, which I hand-installed. I had to put it back again after the ISPconfig update.
2 Likes
I finally have time and so I moved further in developing my application.
1 Like
My week (Linux or in general) has been doing not much after a fall at home that has buggered my always dodgy back. I landed hard (sometimes I’m grateful the padding my fat arse provides) and the jarring means sitting or standing for more than a few minutes sends my back into spasms.
Luckily the Thinkpad X230 is nice and small and light, has 4 distros on the 1TB SSD and I can use it semi-reclined - looking at the ceiling just listening to Audible would have been boring.
Backs are tricky buggers.
I’ve spent my week testing elementary OS for BDLL. Otherwise I’ve been using Linux Mint 19.3 Cinnamon Beta which is mostly fine (LTS base woes still). I hopped over to Fedora 31 Workstation as my alternate install yesterday and am back enjoying GNOME again. None of the crashes and difficulty I was having on Ubuntu so far.
1 Like
What’s BDLL? I’ve found Fedora 30 and Fedora 31 amazingly stable and for some reason I trust RedHat more than Canonical; maybe because I used RedHat almost from the start, even before Fedora Core 1…
1 Like
Seriously? BDLL - Big Daddy Linux Live - 8pm EST Saturdays on YouTube (possibly Twitch too)
https://www.youtube.com/channel/UCtZRKfyvx7GUEi-Lr7f4Nxg))
Actually, I think this Saturday is also the once a month European edition at 3 pm EST / 8 pm GMT, 2nd Saturdays of the month
Rocco, the main host of BDLL was also one of the original founders of Destination Linux and it has it’s own Discourse (it had it before this one) at
https://discourse.bigdaddylinux.com/
A lot of cross-over of personnel and members
3 Likes
Pardon my ignorance! I started listening to DL some months back, I think perhaps I saw him in one of the episodes at a big event, not sure. Thanks for the info though 
[And hope you’re suffering less back pain today, unless I’m muddling details!]
2 Likes
You’re not the only one that didn’t know what BDLL means. 
I’d heard of Big Daddy Linux but I assumed it was a distro or something. The odd name put me off looking into it (sorry Terry 
)
We’ve all come from different Linux circles I suppose.
2 Likes
Yes, thank you, today my back is just grumbling and not screaming at me, and I have some free twisting movement, so I can walk without looking like a bad 1950’s Hollywood robot
3 Likes
It’s OK, in todays world “Big Daddy” can have some strange connotations in some cirles. Rocco is however 100% family friendly, but I can’t help thinking of the British wrestler I used to watch as a kid in the 1960s - Big Daddy (a.k.a. Shirley Crabtree).
I must admit most people come from DL from BDLL as 3 or the 4 hosts used to be regulars on BDLL, and Zeb still is, (I don’t recall seeing Noah on there) and originally DL was another of Roccos shows untill life and he handed it over to Ryan, Michael and Zeb. They took it, ran with it and grew it and here we are.
Anyone who knows better let me know if I missed anything or got smething wrong.
2 Likes
I’m thinking Forbidden Planet…!
Didn’t Big Daddy do an advert for Daddies Brown Sauce back in the day? If not they missed a trick there.
Yep, like Robby, wobbling from side to side to walk (but add a walking stick). I couldn’r rotate at the waist a bit, now I got an inch or two of movement, I hope I never get the full 360
1 Like
I think you might be right… ahhh, Saturday afternoon wrestling on World of Sport with Dickie Davis, fish and chips for tea… and yes, contrary to tradition I would often have Daddies Brown Sauce on my chips, (not the fish).
1 Like
You are correct. I personally do a lot with Big Daddy Linux and yes, the name can be a bit off putting but it is a great community and all the DLN folks are part of both communities. Zeb co-hosts the weekly stream (Saturdays at 8 PM Eastern US time) and I help out on the stream and with the website and Discourse forum. @CubicleNate is usually on the stream and @MichaelTunnell and @dasgeek will hop on from time to time.
Funny enough, I found DL and BDL via This Week in Linux. I watched BDL for a month or so and then decided to join in. I’ve been hooked ever since. It’s the one time every week where I get to hang out with some friendly Linux folks and chat. Basically, a virtual LUG.
3 Likes
Destination Linux History:
1.0= Rob and Rocco
2.0= Rocco and Ryan
3.0= Rocco, Ryan, Zeb and Michael
4.0= Ryan, Michael and Zeb
5.0= Ryan, Michael, Zeb and Noah
This is the summarized version of the history.
7 Likes