I recently posted about using stable IP addresses on a desktop managed by network manager.
This post will go into some detail about using the same tunnel, but server-side, and inside a network namespace.
You can then run servers in that namespace, and have them hosted on the internet, with a real IP address, without sharing the rest of your LAN.
In a previous post, I showed how the openssl rsautl tool can be used to encrypt small bits of data to an SSH host key.
One problem, is that rsautl cannot encrypt any data that is larger than the key size. One workaround however, is to use a symmetric key for the bulk encryption, and then use RSA to encrypt the smaller symmetric key.
AAISP offer an interesting product that, for £10/mo, you can give yourself a _real_ IP address on the internet.
There’s a pattern that I sometimes use, to store encrypted text files in git.
That doesn’t mean that you need to lose git’s power behind the encryption.
Say we have a bind9 server, and wish to update some DNS records remotely, without restarting the server.
RFC2136 defines a protocol and tooling to do it in a reasonably standard way.
This is probably a bad idea for forward secrecy reasons. But, did you know what every SSH server tells you how you can encrypt data for it?
#!/bin/bash
exec qemu-system-x86_64 \
-m 1G -smp 2 -enable-kvm \
-drive file=/usr/share/edk2-ovmf/OVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on \
$@
\set PROMPT1 = '%`date` %n@%m:%/%R%# ' \timing SELECT 1;
ffmpeg -i "${INPUT_VIDEO}" -vf cropdetect -f null -
opensmtpd is a tricky service to create fail2ban rules for. For starters, the IP address to match is logged to a different line to the authentication state.