Unlocking enrypted Server – Remotely via SSH

Well… the headline said everything, basically…

I had problems with my server and had to drive to it to unlock it, after a power-failure.

That was annoying, so i followed this guide (https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/) to be able to unlock it!

Works like a charme. The only downside is that the signature of the server changes so i have to clean the known-host line every reboot.

Apart from that its quite nice.

After connecting you simply have to type

cryptroot-unlock

and then your password.

Docker – First steps and basic commands

As i have to use docker, i decided to write this (mostly for myself) to be able to look up useful docker things.

I got them from https://docker-curriculum.com/ – so visit there for more details!

Definitions:

Images: The blueprint and environment for containers

Containers: Are created from images with run and are the processes of the images (so to speak)

Commands:

#install container
docker pull $containername

#run container
docker run $container
docker run -d $container #detached
docker run -P $container #attach internal ports to random (outside) ports

##mostly used:
docker run -d -P --name $customname $container

#run container with terminal
docker run -it $container sh

#show containers
docker ps -a

#show used ports
docker port $customname

#stop containers
docker stop $customname #or container id

#delete exited containers (caution)
docker container prune

#show local images
docker images

Simple one-liner to generate secure passwords in linux

I recently checked my firefox-account and my logins and passwords.

Bad idea…

I noticed that i use pretty weak passwords in general, but i dont want to use a password-manager (anymore).

So… i wrote a simple line to get me random characters from /dev/random and put it into my .bashrc.

Here it is:

echo \ && head -c 100 /dev/urandom | tr -cd '[:alnum:]' | head -c 18 && echo \ && echo \ 

The echos at the beginning and end are for line-breaks to make the output more distinguishable from the rest in the terminal. head gives you the first (in this case) 100 characters from /dev/random, tr filters them, and the next head gives you a nice alphanumerical password of the length 18. its unlikely to not get at least 18 alphanum characters out of 100 random ones, so it works. you can tweak the length yourself, but remember to make the input (100) longer if you change your output-length!

After that i put it into my .bashrc to be able to run it from my terminal anytime. An easy way to do that is:

echo "alias passgen='echo \ && head -c 100 /dev/urandom | tr -cd '[:alnum:]' | head -c 18 && echo \ && echo \ '" >> .bashrc

Now i am able to just type “passgen” into my terminal and i get 18 random characters for me to use!

Quite nice.

X-forwarding with XPRA

I have a server, as some maybe know. I am using mosh for ssh connections, and as a “normal” admin i was using vnc for remote graphical connections.

The problem: Its shit.

Maybe i was using it wrong all those years, but my client informed me quite often that an 8 character password was the best the server could do.

However – i was running a graphical programm for quite some time, when i was notified that i was disconnected because of too many connection attempts.

I had to kill the vnc-server and the running programm with it – and restart it.

Apparantly i am on some kind of list now, because i had too many failed attempts again, a short while later.

Thats when i thought about ssh with x forwarding.

Problem: The program stops when the pipe is broken.

Solution: Xpra ( https://xpra.org/ )

Its a program to forward an X-Display and you can detach and reattach whenever you want.

From the site:

xpra start ssh:SERVERHOSTNAME --start=xterm

To start a terminal (for test purposes, but you can start firefox as well, if you want)

xpra attach ssh:serverhostname

To reattach a running window.

Quite handy!

SSHFS – a useful tool

I got my NAS up and running.

To use the files remote (via internet) as if they were on my computer, i discovered a nice tool for mounting the filesystem via terminal and ssh, so no extra configuration is needed.

Here is the link to a wiki-page:

https://wiki.archlinux.org/index.php/SSHFS

And here is my line:

sshfs -o reconnect -o sshfs_sync $myserver:/path/to/mount /local/mountpoint

The reconnect option is useful if the internet isnt THAT stable ( or youre changing locations, for example when using a notebook) and sshfs_sync enables write-sync, so that the progressbar while copying is showing whats really already written, and its not put into some buffer or something and synced in the background. For using it over the internet with my notebook its useful, because you can tell if its already done, and know whats left to copy.

So… Nice tool!

Doing a Backup to a Remote-Server with Borgbackup

As i am paranoid, i wanted to do a backup of my server – as implicated in the wordpress-setup howtos i have some instances of wp on the server, as well as some files and gameserver.

Naturally i want to have a backup. The catch: I dont have local space, so i have to do it remote.

I know borgbackup for some years now, and so i used it. (https://borgbackup.readthedocs.io/en/stable/quickstart.html#)

It is mainly straight-forward, assuming that you can connect via ssh.

To do my backup i used the following commands which i try to explain down below:

First i had to create a new folder on my backup-destination-server, in this case $backupfolder. After that i used:

borg init –encryption=repokey myuser@mydestinationserver:/path/to/my/hdd/for/backups/$backupfolder

sudo borg create –stats –compression zstd,22 –progress myuser@mydestinationserver:/path/to/my/hdd/for/backups/$backupfolder::archivename /home/ /var/www/ /etc/apache2/

The init is needed to create the repo on the remote sever. You can use any location you want, but MAKE SURE you have enough empty space there. You will be asked for a repository-password that you shouldnt forget if you want to restore the data in the future.

Next i started the backup. the compression is set to high to use less bandwidth. The –stats will be shown after borgbackup has finished, while –progress is updated in realtime.

The archivename is just a name for the archive in the repository. they can be re-used or you can let them rot forever on your server. Mine was “june”, for example – because its june. My next backup will be in july – and the name will be “july”. Next year the archive will be overwritten.

The three folders at the and are my local folders that are being backed up.

Thats it!