Unlocking enrypted Server – Remotely via SSH

Well… the headline said everything, basically…

I had problems with my server and had to drive to it to unlock it, after a power-failure.

That was annoying, so i followed this guide (https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/) to be able to unlock it!

Works like a charme. The only downside is that the signature of the server changes so i have to clean the known-host line every reboot.

Apart from that its quite nice.

After connecting you simply have to type

cryptroot-unlock

and then your password.

Simple one-liner to generate secure passwords in linux

I recently checked my firefox-account and my logins and passwords.

Bad idea…

I noticed that i use pretty weak passwords in general, but i dont want to use a password-manager (anymore).

So… i wrote a simple line to get me random characters from /dev/random and put it into my .bashrc.

Here it is:

echo \ && head -c 100 /dev/urandom | tr -cd '[:alnum:]' | head -c 18 && echo \ && echo \ 

The echos at the beginning and end are for line-breaks to make the output more distinguishable from the rest in the terminal. head gives you the first (in this case) 100 characters from /dev/random, tr filters them, and the next head gives you a nice alphanumerical password of the length 18. its unlikely to not get at least 18 alphanum characters out of 100 random ones, so it works. you can tweak the length yourself, but remember to make the input (100) longer if you change your output-length!

After that i put it into my .bashrc to be able to run it from my terminal anytime. An easy way to do that is:

echo "alias passgen='echo \ && head -c 100 /dev/urandom | tr -cd '[:alnum:]' | head -c 18 && echo \ && echo \ '" >> .bashrc

Now i am able to just type “passgen” into my terminal and i get 18 random characters for me to use!

Quite nice.

vnstat is good

not long ago i was surfing on my notebook while outdoors (yes, in winter, i am a little bit insane on that regard – like him… https://stallman.org/favorite-photos.html ) and suddenly my mobile data was used up (that happens in germany because its really expensive – about 5€ a month per 1 GB data -so we generally dont have much data) and i couldnt surf anymore… if i had known, would have surfed less. the problem is that my provider only lets me check my data in the browser and books the traffic for that (about 2MB every time) from my available data…

so i had an idea:

I am using vnstat (https://wiki.archlinux.org/index.php/vnStat) for years now on my server(s).

Why not on my notebook?

I have to say: its working flawlessly and as long i only use my mobile-data-stick with my notebook it should be accurate…

TL/DR: Use vnstat – it is very good! Not only on your server but also on your mobile devices 😉

X-forwarding with XPRA

I have a server, as some maybe know. I am using mosh for ssh connections, and as a “normal” admin i was using vnc for remote graphical connections.

The problem: Its shit.

Maybe i was using it wrong all those years, but my client informed me quite often that an 8 character password was the best the server could do.

However – i was running a graphical programm for quite some time, when i was notified that i was disconnected because of too many connection attempts.

I had to kill the vnc-server and the running programm with it – and restart it.

Apparantly i am on some kind of list now, because i had too many failed attempts again, a short while later.

Thats when i thought about ssh with x forwarding.

Problem: The program stops when the pipe is broken.

Solution: Xpra ( https://xpra.org/ )

Its a program to forward an X-Display and you can detach and reattach whenever you want.

From the site:

xpra start ssh:SERVERHOSTNAME --start=xterm

To start a terminal (for test purposes, but you can start firefox as well, if you want)

xpra attach ssh:serverhostname

To reattach a running window.

Quite handy!

SSHFS – a useful tool

I got my NAS up and running.

To use the files remote (via internet) as if they were on my computer, i discovered a nice tool for mounting the filesystem via terminal and ssh, so no extra configuration is needed.

Here is the link to a wiki-page:

https://wiki.archlinux.org/index.php/SSHFS

And here is my line:

sshfs -o reconnect -o sshfs_sync $myserver:/path/to/mount /local/mountpoint

The reconnect option is useful if the internet isnt THAT stable ( or youre changing locations, for example when using a notebook) and sshfs_sync enables write-sync, so that the progressbar while copying is showing whats really already written, and its not put into some buffer or something and synced in the background. For using it over the internet with my notebook its useful, because you can tell if its already done, and know whats left to copy.

So… Nice tool!

Setting up Archlinux: aurutils

As i want to have “all” the packages for arch, i want to use the aur-repos with the user-maintained packages.

it is discouraged to use a utility for that because one should be able to fix and edit problems with those packages by themselves should some arise.

but… i am really lazy and after using gentoo (and after that arch) for some years, i think i will be able to at least google fo a solution.

having said that: aurutils…

i had to install them manually, obviosly, as i didnt have aurutils to install packages from aur.

Here is a guide for manual installation: https://wiki.archlinux.org/index.php/Arch_User_Repository#Installing_and_upgrading_packages

I used the following site to configure aurutils: https://gist.github.com/geosharma/afe1ea9ebe58cb67aaaba62a0d47bc7a

Some guidence on how to use aurutils may be found at https://www.reddit.com/r/archlinux/comments/bf4rvm/aurutils_guidance/ .

After that it worked and i could easily install packages from aur, without manually installing them via git.

Setting up Archlinux: dmenu

I installed i3 for archlinux and i could not start applications with “$mod+d”.

It was really stupid of me, but i nevertheless decided to drop some lines on that.

TL/DR: Install dmenu with “sudo pacman -S dmenu”

Turns out: when you install i3 on arch, it only installes i3 and the absolutely necessary packages for that. dmenu isnt necessary.

So i wasted about 10 minutes googleing the problem until i found some old comment in a forum and then installed dmenu.

Have fun!

Setting up Archlinux: Changing Backlight via Keypress

To change the brightness via keypress i hacked some scripts together (some time ago) because it was easier (faster) to do that than to do it properly.

Here are the scripts: https://github.com/d13g4/brightnesshack

In the i3 config i had to add the following lines to the end:

bindcode 233 exec .config/bright_inc.sh
bindcode 232 exec .config/bright_dec.sh

Your keycodes may be different, so make sure to get the right ones for you. These codes are the F5 (dec) and F6 (inc) keys on my (thinkpad a275 – german version) keyboard.

Setting up Archlinux: Touchpad Tapping

So… as I want to have tapping on my touchpad, i had to enable it via synclient.

I followed the instructions on https://wiki.archlinux.org/index.php/Touchpad_Synaptics .

To enable tapping i used the command: “synclient TapButton1=1”.

After that tapping worked for me… too good. So whenever i typed, i pressed a button. To fix that i had to use “synclient PalmDetect=1” and for it to work properly “synclient PalmMinWidth=8”.

After that it worked for me (on my thinkpad a275).

To make the changes permanant i had to edit the config file located in

“/usr/share/X11/xorg.conf.d/70-synaptics.conf”

The touchpad section config was edited like that:

Section "InputClass"
        Identifier "touchpad catchall"
        Driver "synaptics"
        MatchIsTouchpad "on"
		Option "TapButton1=1"
		Option "PalmDetect=1"
		Option "PalmMinWidth=8"

So after that the touchpad was working with tapping and i could move on to config the other things.

Archlinux – what I have ToDo

After installing the base-system and the minimum to work with, i decided that i want to have lxqt with i3 as windowmanager.

i encountered a couple of problems, some anticipated and some unanticipated. it were so many that i decided to post a todo-list. i wont write about every problem, but about the most interesting or annoying ones.

so here is the list: (items with an x behind them have a post on this site)

  • touchpad: tapping (x)
  • splash screen (boot)
  • powertop
  • i3lock
  • aurutils (x)
  • dmenu (x)
  • changing backlight via keypress doesnt work (x)
  • setting up mosh (locales primarily)
  • installing breeze-cursor
  • steam does not work
  • aurutils: password timed out error
  • network-manager and applet
  • sd-card reader doesnt work
  • installing and configuring redshift
  • automating setting neo keyboard layout by default
  • setting up a background-picture

As i said i wont write a post to evey item on the list but the intereseting ones.

if in the future someone should read this and has a problem with an item on that list and there is no post to it, feel free to comment.