Thanks! I was trying to implement this, and was trying to figure out how to pass all the arguments! This worked for me! I got some other errors, but they don’t seem related to this, so now to find out what they are all about 😅
Yeah, I tried this, and it works from my session, but I still got the same error from trying to run the program. I figured it was because it is called outside the bash session so the run commands have not been run, but is that perhaps not true?
It is not my package, but I could of course go ahead and change the source code directly to handle this. But I’d prefer a solution that would persist through updates.
I have an InfinityBook Pro 14 Gen 7, with the RTX 3050 Ti laptop, 2x2TB SSD, Intel i7-12700H and I believe also a 53 Wh battery (did not go for the battery edition with increased capacity, but instead the storage edition).
Even when using the integrated Intel GPU, the battery life is quite bad. With any kind of browser activity, I get about 2-2.5 hours. If I only do reading in Zotero with dark mode, I get up to 5 hours. For my use case, it is fine, but I could not have used this if I was dependent on working with no access to a power outlet.
Otherwise I am quite happy with Tuxedo though, and their support is usually very good. I hope they will succeed long term if they can also continue to improve on their products.
I love Linux since switching nearly a year ago. Yet, I still once in a while find myself in situations where I screw up and I think to myself “Oh, I’m glad this is not my work computer”. If you have no experience with Linux from before, maybe you should consider getting a personal laptop, install Linux on that, and get comfortable using it before transitioning your business to it. That way, the first time you accidentally uninstall your desktop environment (I managed to do this not once, but twice…), it is not 10 minutes before an important client meeting.
Having an Nvidia-card, should I be worried about this? So far I’ve read so many “Nvidia bad, Wayland no work” posts that I have just stayed clear waiting for a final confirmation that everything is smooth sailing.
Edit: oh, you’re talking about the high port OP is wondering about. That’s just the source port, which is chosen randomly by the client OS when making a connection. Using port 22 (or any other port below 1025) as a source port would require root privileges on the client and would also conflict with the SSH server that could be running there. Still, it has nothing to do with SSH “moving connections over”
Ah, I see, so the port numbers shown in auth.log are all client side ports. I guess I thought that the listening port would be in the log and assumed that the port listed there would be it, but when I read the lines again, it clearly says “from ip.ad.dr.ess port 12345”
Just keep in mind that security through obscurity is not considered secure in itself.
Do you consider it to not be a helpful measure to take at all?
I have fail2ban configured - since it is reading from the auth.log, I guess I would not have to make any changes to the configuration there to have it work with a new port?
Yes that’s the right way to block root login. An added filter you can use the ‘match’ config expression to filter logins even further.
Not sure what you meant about the ‘match’ config expressions here. Could you elaborate a bit further?
If you’re on the open network, your connection will be heavily hit with login attempts. That is normal. But using another service like Fail2Ban will stop repeated hits to your host.
Hehe, yeah, I’ve noticed… The reason I get a little anxious whether I did this correctly, is that 95% of the login attempts are to root, so I want to make sure it is disabled. I have set up Fail2Ban, but I am using default settings, which may be a bit laxer than they need?
I’ve also been advised and considered moving to ssh keys, but I have not gotten to that yet.
Ssh listens on port 22, as soon as a connection is made the host moves the connection to another port to free up 22 for other new connections.
Makes sense. One question that comes from this is: is it possible to disable that? I would never need two ssh-logins at the same time on my server. And the second question is what I asked above regarding whether I should change the port ssh listens to in order to reduce unwanted malicious login attempts?