Connect with us


Anxious to get your Linux server SSH access locked down? Jack Wallen shows you one more step you can take–one that will only take seconds.

Image: iStockphoto/metamorworks

If you’re a Linux administration, chances are really good you spend a lot of time logging in to remote machines with SSH. It’s also very likely that you’ve taken numerous steps to lock down SSH access to those remotes servers. In fact, you’re probably using SSH key authentication and denyhosts. Together, those two solutions go a very long way to hardening access to your remote Linux servers.

But, there’s one more step you can take, one that’s so easy and obvious most admins forget it’s even an option. This particular step doesn’t require any third-party software and can be taken care of in seconds.

Curious? Let’s do this.

SEE: SSL Certificate Best Practices Policy (TechRepublic Premium)

What you’ll need

You should also have access to the remote server’s console, in case something goes wrong and you lock yourself out of the server, but this is the case anytime you monkey with SSH.

How to allow a client IP address

The first thing we have to do is allow the IP address of any client you use into the remote server with SSH. Once you have a list of the IP addresses, you can add them to /etc/hosts.allow. To do this, issue the command (on the remote server):

sudo nano /etc/hosts.allow

At the bottom of that file, add the following:

sshd: IP

Where IP is the IP address of the remote client that needs access to the server. If you have a number of IP addresses, or IP address ranges, you could enter them like so:

sshd: 10.83.33.77/32, 10.63.152.9/32, 10.12.100.11/28, 10.82.192.0/28

Or like so:

sshd : 192.168.1.0/24
sshd : 127.0.0.1
sshd : [::1]

Note above: We’ve even included the loopback address for the server.

Save and close the file.

How to block all other addresses

Now that we’ve allowed an IP address or list of addresses, it’s time to block all other addresses. One thing to keep in mind is that the Linux system will first look at hosts.allow (from top to bottom) followed by hosts.deny (from top to bottom). So an SSH connection attempt from an IP address in hosts.allow will be allowed through, even though hosts.deny clearly blocks ALL.

So, to block all other IP addresses, open the necessary file with the command:

sudo nano /etc/hosts.deny

At the bottom of that file, add the following:

sshd: ALL

Save and close the file.

At this point, any client listed in hosts.allow will be allowed through (via SSH) and any client not listed will be denied. There’s no need to restart the SSH daemon to make this work.

With the combination of SSH key authentication, denyhosts, and hosts.allow/deny, secure shell access to your Linux servers will be about as tight as you can get it. 

Also see



Source link

0
Continue Reading

Technology

Amazon Prime Day 2020 starts Oct. 13: How to get the best deals

amazon prime day

Get details and tips about one of Amazon’s biggest sales of the year.

Image: Ray Pawulich/CNET

Amazon Prime Day is a two-day sale on Amazon’s website, exclusively for its Prime members (an Amazon Prime membership is $119/year). The event usually takes place in July, but due to the coronavirus pandemic, the date for the 2020 Amazon Prime Day will take place “later than usual,” according to the company. 

When is Amazon Prime Day 2020?

This year, Amazon Prime Day took place in India on August 6-7, but the online event has been postponed in the US three times. Sister site CNET is now independently reporting that Prime Day will start on October 13; Amazon has not confirmed the date of the event. 

A spokesperson for Amazon stated, “Stay tuned for more details on Prime Day. Customers can also say, ‘Alexa, keep me posted on Prime Day.’ If customers make this Alexa request, they will be notified when [Amazon] announces the dates and when Prime Day begins.” 

SEE: IT hardware procurement policy (TechRepublic Premium)

What are the best tech deals on Amazon Prime Day 2020?

Amazon Prime Day usually offers massive discounts on hardware, software, TVs, gaming consoles, Amazon’s own hardware (Echos, Kindles, Fire Sticks, tablets, etc.), and much more. When the Amazon Prime 2020 deals are available, we’ll update this article with details.

As of September 9, 2020, Amazon has begun offering deals on the Echo Dot, Echo Show, and Echo Plus in the US and UK. Below are some of the current deals:

Amazon device deals in the US

On September 24, 2020, Amazon announced several new products, features, and services, some of which may be available on Prime Day. Be sure to look for discounts on the Amazon Echo smart speakersEero 6 Mesh routers, Ring security products, and Fire TV.

What are shopping tips for Amazon Prime Day 2020?

According to GameSpot, Amazon typically features different types of deals during Prime Day, including: 

  • Early Access or Countdown Deals: These deals will appear on Amazon prior to the Prime Day event.

  • Spotlight Deals: These deals last for 24 hours and may happen in the lead-up to or during the Prime Day event. 

  • Prime Day Exclusive Deals: These deals run for the duration of Prime Day but selected products may run out of stock. 

  • Lightning Deals: These are limited-time, limited-stock deals and typically run out of stock quickly. In order to stay up-to-date with the deals, GameSpot recommends that you “keep up with them through the Amazon app on your iOS or Android phone. You can get a sneak peek at the day’s Lighting Deals by pressing ‘Today’s Deal’ in the top left app menu, then the ‘Upcoming’ tab. Find a deal that you want and tap ‘Watch This Deal’ to get notified when it starts.”

More about Amazon Prime Day 2020

This article will be updated as more information becomes available about Amazon Prime Day 2020. Also, check out the Amazon Prime Day 2020 coverage on sister sites CNET and Chowhound.

Also see

Source link

0
Continue Reading

Technology

Adaptive Meta-Learning for Identification of Rover-Terrain Dynamics

pia23378 16

The dynamics of extraterrestrial rovers is dependent on the terrain. The high-level terrain classification used in most current rovers is often not enough to ensure safe path selection, as the experience with NASA’s Curiosity and Spirit shows.

Adaptive Meta Learning for Identification of Rover Terrain Dynamics

Credits: NASA/JPL-Caltech/MSSS

A recent paper suggests a model of the terrain parameters that govern wheel-terrain interaction. Knowing the terrain may help to predict whether the neighboring regions are traversable, plan the safest route, and prevent damage.

A linear model, which relates terrain parameters (namely cohesion and internal friction angle) and rover dynamics is supplemented by a meta-learned neural network. The interpretability of the model is enhanced by the orthogonality of nominal and meta-learned features. The model is capable of rapid adaptation and provides low estimation errors (the largest error is less than 5%).

Rovers require knowledge of terrain to plan trajectories that maximize safety and efficiency. Terrain type classification relies on input from human operators or machine learning-based image classification algorithms. However, high level terrain classification is typically not sufficient to prevent incidents such as rovers becoming unexpectedly stuck in a sand trap; in these situations, online rover-terrain interaction data can be leveraged to accurately predict future dynamics and prevent further damage to the rover. This paper presents a meta-learning-based approach to adapt probabilistic predictions of rover dynamics by augmenting a nominal model affine in parameters with a Bayesian regression algorithm (P-ALPaCA). A regularization scheme is introduced to encourage orthogonality of nominal and learned features, leading to interpretable probabilistic estimates of terrain parameters in varying terrain conditions.

Link: https://arxiv.org/abs/2009.10191