search

Tag - Encryption

Hardening SSH configurations Thu, Oct 26, 2023 01:00 CEST

Install ssh-audit: pacman -S ssh-audit Server Audit the current server configuration: ssh-audit localhost If any fail or warn level log line appear, try implementing the following sections. Explicitly allow only selected algorithms Restrict key exchange algorithms, ciphers, message authentication codes, and asymmetric keys: # File: /etc/ssh/sshd_config.d/01-ssh-audit_hardening.conf # Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com # hardening guide. KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com Force usage of public key authentication and prevent root login # File: /etc/ssh/sshd_config.

Remote LUKS unlocking with TinySSH Wed, Oct 20, 2021 01:00 CEST

Goodbye keyboards and monitors!

Encrypted Install on Btrfs with Arch Linux on UEFI Sat, May 1, 2021 01:00 CEST

So easy!

Automatically Mount LUKS Encrypted Device with Crypttab and Fstab Thu, Nov 12, 2020 20:00 CET

Put that second drive to use!

Decrypt Storage Using Hidden Key Material Sun, Dec 1, 2019 04:54 CET

To make it even harder for predatory institutions to find your keys.

Encrypted Install With Arch Linux on BIOS Sat, Oct 12, 2019 02:00 CEST

So easy!

Backup LUKS header Thu, Oct 10, 2019 17:15 CEST

LUKS partitions cannot be recovered once the header is lost.

Unlock Partition Automatically With Keyfile on External Device Linux Fri, Jun 21, 2019 23:46 CEST

Useful in specific situations.

LUKS encrypted storage device. Mon, Apr 8, 2019 01:00 CEST

So easy to encrypt a USB key, or external or internal drive!

Encrypted Install With Arch Linux on UEFI Thu, Jan 3, 2019 00:27 CET

So easy!