Yes that’s the right way to block root login. An added filter you can use the ‘match’ config expression to filter logins even further.
If you’re on the open network, your connection will be heavily hit with login attempts. That is normal. But using another service like Fail2Ban will stop repeated hits to your host.
Ssh listens on port 22, as soon as a connection is made the host moves the connection to another port to free up 22 for other new connections.Btw: I wasn’t thinking clearly here. Out going connections won’t be using port 22, but the listening incoming port is always 22.
Yes that’s the right way to block root login. An added filter you can use the ‘match’ config expression to filter logins even further.
Not sure what you meant about the ‘match’ config expressions here. Could you elaborate a bit further?
If you’re on the open network, your connection will be heavily hit with login attempts. That is normal. But using another service like Fail2Ban will stop repeated hits to your host.
Hehe, yeah, I’ve noticed… The reason I get a little anxious whether I did this correctly, is that 95% of the login attempts are to root, so I want to make sure it is disabled. I have set up Fail2Ban, but I am using default settings, which may be a bit laxer than they need?
I’ve also been advised and considered moving to ssh keys, but I have not gotten to that yet.
Ssh listens on port 22, as soon as a connection is made the host moves the connection to another port to free up 22 for other new connections.
Makes sense. One question that comes from this is: is it possible to disable that? I would never need two ssh-logins at the same time on my server. And the second question is what I asked above regarding whether I should change the port ssh listens to in order to reduce unwanted malicious login attempts?
Match blocks allow you to restrict who/what is allowed or not allowed to connect to the server. There is a large number of options to utilize. Put this near the bottom of sshd_config. There should be an example there.
Ssh listens on port 22, as soon as a connection is made the host moves the connection to another port to free up 22 for other new connections.
There’s no limit on the number of concurrent connections on a single port, and SSH runs completely on the one port it is configured to use. Otherwise allowing just the port 22 in firewall wouldn’t be enough to have a functional SSH connection with default settings.
You can verify that quite easily for example by spinning up three barebone Debian VMs connected to a single virtual network, configuring the firewall on the “server” VM to drop everything other than port 22 and then connecting from both client VMs - it will work just fine.
Maybe you’re confusing it with the fact that only one process can listen on a given port at a time? But that’s only for establishing new connections. Existing connections can be passed off to another running process or a child process just fine, and that’s how SSH handles separation between connections.
Edit: oh, you’re talking about the high port OP is wondering about. That’s just the source port, which is chosen randomly by the client OS when making a connection. Using port 22 (or any other port below 1025) as a source port would require root privileges on the client and would also conflict with the SSH server that could be running there. Still, it has nothing to do with SSH “moving connections over”
Edit: oh, you’re talking about the high port OP is wondering about. That’s just the source port, which is chosen randomly by the client OS when making a connection. Using port 22 (or any other port below 1025) as a source port would require root privileges on the client and would also conflict with the SSH server that could be running there. Still, it has nothing to do with SSH “moving connections over”
Ah, I see, so the port numbers shown in auth.log are all client side ports. I guess I thought that the listening port would be in the log and assumed that the port listed there would be it, but when I read the lines again, it clearly says “from ip.ad.dr.ess port 12345”
before anyone gets too excited, this doesn’t seem like it applies to DG2 gaming cards, ATSM and PVC are compute cards
<span style="color:#323232;">+SR-IOV Capability
</span><span style="color:#323232;">+=================
</span><span style="color:#323232;">+
</span><span style="color:#323232;">+Due to SR-IOV complexity and required co-operation between hardware, firmware
</span><span style="color:#323232;">+and kernel drivers, not all Xe architecture platforms might have SR-IOV enabled
</span><span style="color:#323232;">+or fully functional.
</span><span style="color:#323232;">+
</span><span style="color:#323232;">+To control at the driver level which platform will provide support for SR-IOV,
</span><span style="color:#323232;">+as we can't just rely on the PCI configuration data exposed by the hardware,
</span><span style="color:#323232;">+we will introduce "has_sriov" flag to the struct xe_device_desc that describes
</span><span style="color:#323232;">+a device capabilities that driver checks during the probe.
</span><span style="color:#323232;">+
</span><span style="color:#323232;">+Initially this flag will be set to disabled even on platforms that we plan to
</span><span style="color:#323232;">+support. We will enable this flag only once we finish merging all required
</span><span style="color:#323232;">+changes to the driver and related validated firmwares are also made available.
</span><span style="color:#323232;">+
</span><span style="color:#323232;">+
</span><span style="color:#323232;">+SR-IOV Platforms
</span><span style="color:#323232;">+================
</span><span style="color:#323232;">+
</span><span style="color:#323232;">+Initially we plan to add SR-IOV functionality to the following SDV platforms
</span><span style="color:#323232;">+already supported by the Xe driver:
</span><span style="color:#323232;">+
</span><span style="color:#323232;">+ - TGL (up to 7 VFs)
</span><span style="color:#323232;">+ - ADL (up to 7 VFs)
</span><span style="color:#323232;">+ - MTL (up to 7 VFs)
</span><span style="color:#323232;">+ - ATSM (up to 31 VFs)
</span><span style="color:#323232;">+ - PVC (up to 63 VFs)
</span><span style="color:#323232;">+
</span><span style="color:#323232;">+Newer platforms will be supported later, but we hope that enabling will be
</span><span style="color:#323232;">+much faster, as majority of the driver changes are either platform agnostic
</span><span style="color:#323232;">+or are similar between earlier platforms (hence we start with SDVs).
</span>
I have extensions that do small QOL things. I can still use GNOME just fine without a single one of them enabled.
How do you cope with the lack of a dock and system tray?
I don’t cope with that. I don’t really see a huge benefit to having a system tray. Before GNOME 44 added the background apps view to the quick settings menu I just put anything that was ‘background’ into a workspace. Even after 44 I still have this habit and rarely actually need the background view.
As for the dock argument I’m not sure what an always visible dock would provide that the current dash does not. I think I might even prefer the current dash over an always visible dock. Whenever I want to switch windows I just go to the overview and pick out whatever window I want. It’s a lot easier to hit a huge window than to have to target a small icon at the bottom of the display.
I understand that some people might disagree but I actually love what GNOME does (most of the time).
I’m not sure which programs you’re using so hopefully something here can help but here’s some stuff I’ve read/done:
For MS Office, I believe you can just use it in your web browser or use LibreOffice as an alternative.
If you use anything Adobe-based, you’ll probably have to keep a Windows partition around or find an alternative. I haven’t seen anything for running Adobe in WINE or WINE-based tools and I’m not sure if Adobe functions in a virtual machine or not.
Most gaming-related issues can be dealt with via Proton (Steam’s compatibility tool). I’ve successfully gotten just about every game I play to run in Proton, with the only issues being EA’s launcher (the game still launches though).
If you have any specific programs that you have questions about, feel free to ask. Hope this helps!
Get the list of programs you commonly use and figure out if they’re on Linux or have alternatives. Libreoffice, VLC and Okular are good for your case. If you find it limiting and need MS features then browser Office 365 is very good.
The best option would be to buy a used laptop and install Linux, Linux works great on old hardware so you could find something 3-7y old and it’ll run very well.
If you’re coming from Apple try anything with Gnome that’s popular (Ubuntu, Fedora).
If you’re coming from windows try anything that uses KDE (Kubuntu, Fedora w KDE, KDE neon).
If you don’t tinker with things under the hood generally you’ll have a painless polished experience.
Being able to get a modern OS that runs smoothly on a 200$ used laptop is the major selling point for you, rest is extra.
We use browser office 365 at work. It’s on a Windows computer. I gotta say it sucks ass if your stuff doesn’t all live in an associated onedrive. We have a shared drive that common files live in and accessing them from the browser office is a mess.
I mean, who would have thought 10 years ago that this would one day be a valid reason to switch away from the OS with the biggest marketshare. Weird times.
i know i’ve wanted something like this for a while. i really didn’t want to have to figure out how to get the existing keyman keyboard layout to work on linux, because fcitx works fine for all my other input needs, and i already knew how fcitx worked as i made an addon to get on-screen keyboards to work with it a while back…
as i know not many people would dare venture in the world of fcitx addons, due to the quite horrendous state the documentation is in… so if i wasn’t gonna do it, likely no-one else was, so i did it! and shared it with everyone, because the worse that could happen is that someone helps me make it better!
You can’t be sold on Linux. Anyone ‘sold on’ or ‘lead to’ Linux isn’t going to stick with it. The desire to learn to use and be productive with Linux is purely an internal one. Selling you on it would be like trying to push you into a religion. For this, you need to sell yourself on Linux. Install it, run it, make it your daily system for a few weeks or months… then you can decide if it is for you. The questions you’ll need to find answers to are, but not limited to:
Will it run the software I need? You mention PDF’s… Viewing non-encrypted PDF’s is no problem. For encrypted PDF forms that I’ve seen from some government sites, I needed Windows or Mac to fill them out reliably. I was able to do some within Wine, but that wasn’t stable enough to depend on.
Be aware there are desktop choices. Linux comes in many flavours, some can present and work similar to a Windows desktop workflow, some more similar to Mac (but not quite), and some are just either heritage UNIX styles or just Linux unique. Finding what you prefer can take some trial and effort.
I suggest Linux distributions that offer disk encryption (and be sure to use it). If you were my lawyer, I wouldn’t want the documents we share to be left around un-encrypted anywhere.
Check out some Linux periodicals, as well. They can help wet your whistle with reviews on various Linux distributions and often some introductory articles on software and How-To’s. If that kind of thing interests you, you’ve already half sold yourself on Linux.
Linux is vastly superior. I’ve been on Linux desktop for over 20 years now, I’ll never go back.
As a typical example: this weekend I install Linux (with download and making iso) takes 20 minutes, I install windows (first time in decades, something for my son), took fucking 6 hours, 14 attempts, loads of problem searching on internet.
Having said that, there are some things to keep in mind. Linux mostly (to users) is slightly different on a few details, and because of Microsoft, there are some things to keep in mind.
You’re a lawyer, so you might have to deal with Microsoft documents. Those you can process with LibreOffice (I don’t like it very much, like Microsoft office), google drive (works very nice, but is still closed source, google) or your own hosted linux server with nextcloud and only office (a bit harder to setup but then it’s all yours and under your control)
Look into any closed source windows applications that are required. Most windows programs run also under Linux (wine, proton, and these days various other solutions up to a virtual machine with windows for those few exceptions that won’t work on Linux for some reason)
Video formats are non-issue, Linux eats everything and mostly out of the box.
Then, Linux has distributions. See it as different car brands. They’re all cars, based on the same tech, just different brand names that do details slightly different. You gotta choose a distro (distribution). I HIGHLY recommend either fedora or (my person Lal preference) a Ubuntu variant. I personally have been using kubuntu for over a decade now. The graphical user interface works mostly like windows (just better) and most programs have Ubuntu ready Linux versions available, making installing them super easy. Install VirtualBox (free, as usual) to run windows in a virtual machine if needed, and setup multiple desktops so that you can easily switch to a windows desktop when needed (hopefully, and likely, never)
Nobara is a great suggestion by @el_gringo_loco, but I’d also throw out a suggestion for Bazzite if you want the “SteamOS”/Steam Deck experience.
It does have the KDE desktop environment underneath to do all the non-gaming stuff as well, but if gaming is your number one focus, it’s a pretty cool setup.
I’m a selfhoster, I setup a home assistant VM and Cosmos Cloud running a bunch of Docker containers, all setup using Cockpit.
Easier, and better looking UI than Proxmox. Also this setup enabled me to use Docker instead of LXD and save on one virtualization layer, which as a beginner every layer adds complexity.
It has been rock solid, it has better hardware support than Debian due to the faster release cycle, only drawback is the lack of documentation or tutorials in comparison to Debian which has a colossal community.
linux
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.