Posts

How to convert an SSH2 Public Key into an OpenSSH public key

When working with people who don’t use a Unix-based operating system, you’ll often come across the SSH2 Public Key format. PuTTY is probably the most famous software using this format and nearly everyone on Windows uses it. To give these windows ssh users access to a Linux system, SFTP server, Git repository or other systems that use the OpenSSH key format, you need to convert an SSH2 public key into the OpenSSH format. This article describes how to do exactly that.

For more Linux and programming tips, tricks, and videos, check out my channel here: https://www.youtube.com/c/tutorialinux — I have a completely free Linux Sysadmin course in this free Linux course playlist.

Okay, onto the openssh key converting goodness!

Read more

Sysadmin Links: Windows Package Management, SSH Wizardry, and Strategy Games!

Another episode of the “Sysadmin Timewasters” series just went up on YouTube. In this episode, we’re looking at several interesting projects:

0:01 Keep your eyes healthy! https://tutorialinux.com/want-to-keep-your-eyes-healthy-use-redshift/

3:01 How to choose a programming language: https://tutorialinux.com/which-programming-language-should-i-choose/

 

Read more

HTTP Strict Transport Security

I’m excited for this post, because I get to introduce one of my best friends (and favorite coworkers) to the tutorialinux horde. I’ve been working with Christian in some form or another for several years now. We met while working at a startup in 2012, where he is the lead developer, and have worked on several projects since then. Although right now he gets paid mostly for programming work, he’s a longtime sysadmin and has been a huge influence on my growing taste for using FreeBSD systems in production.

You know those people who seem to have started in IT when they were still in diapers? That’s Christian. It’s my pleasure to welcome him as a contributor to tutorialinux. He’s got some fantastic stuff to share, and a huge amount of real-world experience to back up everything he teaches.

Lately, Christian and I have become a bit obsessed with encryption and HTTPS (going to far as to write a mini e-book about it, teaching people to set up TLS on their websites). Can you blame us? With the recent Internet security scares and the enormous push for TLS by organizations like Firefox, Tor, Google, Let’s Encrypt, and others, it’s definitely at the forefront of many system administrators’ and developers’ minds.

In these conversations about website security and HTTPS, you’ll often hear people talk about HTTP Strict Transport Security (HSTS for short). But what exactly is HTTP Strict Transport Security? How does it work? And how can you set it up in a few simple steps?

You’re about to find out.

Read more

Sysadmin Links, August 2015

The time has come for another edition of tech-timewasters/sysadmin links. This time, there are a few interesting security articles (including one that will give you an idea of what the malware analysis process looks like).

  1. What is mathematics? (math geekery for amateurs like me): http://math.coe.uga.edu/tme/issues/v09n1/4rota.pdf
  2. The postgres guide!  (non-official): http://www.postgresguide.com/
  3. Rowhammer (A nontechnical security article) — http://www.slate.com/articles/technology/bitwise/2015/07/rowhammer_security_exploit_why_a_new_security_attack_is_truly_terrifying.single.html
  4. Malware Analysis; a much more technical article on cdorked: https://reverse.put.as/2014/02/05/linuxhackingteamrdorks-a-a-new-and-improved-version-of-linuxcdorked-a/
  5. Scaling LinkedIn; a really nice progression (including graphics) showing a few different popular infrastructures for serving web applications: http://engineering.linkedin.com/architecture/brief-history-scaling-linkedin
  6. Yay videogame music (from Star Wars: Knights of the Old Republic — I occasionally listen to this while working): https://www.youtube.com/watch?v=cz2wR2CFtrU

 

The Top 10 WordPress Security Mistakes

Sooner or later, we all deploy a PHP web application (Joomla, WordPress, Magento, etc.). I’m currently doing some security work, and I deal with a huge number of sites that have been hacked. The crazy thing is that 90+ percent of these compromises could have been prevented by a few security precautions. Here’s a list of the most common misconfigurations and security holes (from a System Administrator’s perspective), along with how to fix them.

We also look at some of the most popular goals of the attackers (‘consequences’).

Read more