Mot-clé - network

Fil des billets - Fil des commentaires

mercredi 8 juin 2016

Light-weight port-knocking to protect SSH

A bit more than a year ago, I hardened my SSH server, which resulted in the near-disappearance of automated SSH login attempts. Alas, the script-kiddie tools have finally caught up with the current state of cryptography; or at least with the level of cryptography that I dare require, and still maintain compatibility with most devices that I use.

Fail2ban, although dormant all this time, still ran like the ever-vigilant Argos, and resumed its usual work as the attacks came back. But I do not like relying solely on fail2ban. So I decided to add port-knocking as a protection.

Lire la suite...

dimanche 17 janvier 2016

Secure personnal backup in the Cloud(s) using Linux

Like everyone, I have important data on my computer. Like everyone, I have a backup (several, actually) of this important data —you do too, don’t you?— But while this backup is good enough in case I have a hardware failure, it won’t help me if my apartment gets flooded or catches fire. That’s because the data and its backup are stored in the same place. Several solutions exist.

Lire la suite...

lundi 3 août 2015

Synchronisation de fichiers légère, pour ownCloud et WebDAV

J’ai récemment commencé à utiliser ownCloud pour la synchronisation de fichiers. En fin de compte, malgré quelques problèmes à la marge, l’expérience est vraiment satisfaisante, à tel point que j’ai déplacé sur ownCloud tout mon « nuage personnel », précédemment sur un partage NFS. Néanmoins, si le client ownCloud standard convient lorsqu’il est disponible, il ne l’est pas toujours. En particulier :

  • Je transporte avec moi sur clef USB un bureau Linux léger basé sur TinyCore Linux, et pour lequel ce client n’existe pas.
  • Je possède aussi un vieil ordinateur portable qui doit se contenter d’un système d’exploitation obsolète à cause d’un composant vidéo bogué, qu’aucun système plus récent ne supporte (bien que cette même référence de composant graphique sur un autre ordinateur portable soit parfaitement supportée…).

Pour de telles situations, j’ai essayé d’utiliser DavFS, qui s’est avéré bien trop lent ; cela reste toutefois un bon second choix. Puis j’ai essayé le programme Java WebDAV-Sync, mais bien que celui-ci ait correctement effectué l’import initial, on ne peut pas dire que la synchronisation ait vraiment fonctionné : l’ensemble des données était à nouveau intégralement téléchargé à chaque nouvelle tentative de synchronisation !

Donc j’ai créé mon propre outil de synchronisation, dont les seules dépendances sont curl et bash, et optionnellement ssh. Ces dépendances sont disponibles partout, même sur Windows et quelques systèmes embarqués ;-)

This article is also available in English.

Lire la suite...

dimanche 2 août 2015

Lightweight file synchronization for ownCloud and WebDAV

I recently began using ownCloud for file synchronization. All in all, although there are some minor hindrances, the experience is really satisfying. So much so, that I moved all my “personal cloud” data to ownCloud, from the previous NFS share. However, although the regular ownCloud client is just fine where available, it is not available everywhere. In particular:

  • I carry around on a USB stick a lightweight Linux desktop based on TinyCore Linux, for which the client is not available.
  • I also have an old laptop that is stuck with an obsolete operating system because the video chipset is buggy, and no newer OS will support it (even though the “same” chipset reference in another laptop works just fine…).

For these situations, I tried using DavFS, but this solution was much too slow; it is a great fall-back, though. Next I tried the Java program WebDAV-Sync, but although the initial download went fine, sync did not work all that well: the whole share was fully downloaded again each time!

So I created my own synchronization tool, the only dependencies of which are curl and bash, and optionally ssh. These dependencies are available everywhere, including Windows and some embedded systems ;-)

Cet article a été traduit en français.

Lire la suite...

samedi 22 février 2014

Multiplex SSH and HTTPS on a single port

I want to allow both SSH and HTTPS on port 443 of my server, because port 22 is often blocked by firewalls. The usual tool for this task is the excellent sslh tool, which can recognize SSH and HTTPS connections, but also HTTP, OpenVPN, tinc, and XMPP! Besides, sslh does not rely only on the “who speaks first, server or client?” technique, which makes it compatible with more SSH clients; an excellent port multiplexer indeed!

There is one drawback, though: sslh listens to a port on the server, receives an incoming connection from a remote client, detects the protocol, and then forwards packets for this connection to the adequate service; the problem is that the latter is seeing packets coming from the server itself (usually localhost), not from the IP address of the remote client.

Lire la suite...

vendredi 31 mai 2013

Lightweight Windows Network Neighbourhood for TinyCore Linux

TinyCore is a Linux distribution, the aim of which is to be tiny. Although one can still install the whole KDE or Gnome desktop on TinyCore (it is still Linux after all), I prefer to keep it small. Thus, the “network neighbourhood” client proposed here is a rather lightweight Samba client, yet still with most needed features.

Lire la suite...