ufw is disabled, so it shouldn't matter if it is set up or not, right? As far as I can tell I don't have any other firewall software running - I've not installed anything, so it would be the default Linux Mint-stuff that I would have installed and enabled in that case.
I am very happy using FreeTube as an alternative frontend. No ads, all my subscriptions and watch history are local.
Alright, cheers - I'll leave it be as well then :)
Just keep in mind that security through obscurity is not considered secure in itself.
Do you consider it to not be a helpful measure to take at all?
I have fail2ban configured - since it is reading from the auth.log, I guess I would not have to make any changes to the configuration there to have it work with a new port?
Yes that’s the right way to block root login. An added filter you can use the ‘match’ config expression to filter logins even further.
Not sure what you meant about the 'match' config expressions here. Could you elaborate a bit further?
If you’re on the open network, your connection will be heavily hit with login attempts. That is normal. But using another service like Fail2Ban will stop repeated hits to your host.
Hehe, yeah, I've noticed... The reason I get a little anxious whether I did this correctly, is that 95% of the login attempts are to root, so I want to make sure it is disabled. I have set up Fail2Ban, but I am using default settings, which may be a bit laxer than they need?
I've also been advised and considered moving to ssh keys, but I have not gotten to that yet.
Ssh listens on port 22, as soon as a connection is made the host moves the connection to another port to free up 22 for other new connections.
Makes sense. One question that comes from this is: is it possible to disable that? I would never need two ssh-logins at the same time on my server. And the second question is what I asked above regarding whether I should change the port ssh listens to in order to reduce unwanted malicious login attempts?
Yes, this is something I did when setting up the server some time ago, and as a step in the process I rebooted the system after changing the config.
Ok, thanks - so if I understand correctly then, it is listening on port 22 as a default, and not accepting traffic on any port.
That brings of the question: wouldn't I be better off changing the SSH-port? And is that so easy as to uncomment the #Port 22
line in the config file and changing the port number to something random, and saving that somewhere? Would I then be able to connect by running ssh myuser@mydomain.com:
, or would I need to do anything else to successfully connect?
Never heard that song. For me, the most famous number would be 32 16 8.
Agreed. I made the switch after Mendeley pushed their online manager with only a new limited desktop client, which was awful. Couldn't believe I hadn't gone with Zotero in the first place. Originally only used for my thesis, now I use for work and personal interests as well.
My FP4 lasts two days on one charge, and charges fully in about 30 minutes. In most cases it shouldn't be an issue finding a 15-30 minute interval within two days where you don't listen to music in order to charge. Not all arguments against the removal are equally good, in my opinion.
However, I agree that dongles are wasteful. I burned through many such 3.5mm to Lightning on my previous iPhone. They had the durability of a snowman in Summer, and also cost about 10 bucks each for the official one. Since Fairphone claims sustainability as the main reason to remove the port, I'd love to see an actual calculation on the impact of broken ports vs broken dongles. I think the dongles will lose.
Here is the output from running that command:
root 1635 0.0 0.0 22208 8928 ? S aug.06 0:00 \_ apt-get update
_apt 1654 0.0 0.0 27528 9600 ? S aug.06 0:00 \_ /usr/lib/apt/methods/https
_apt 1655 0.0 0.0 27528 9600 ? S aug.06 0:00 \_ /usr/lib/apt/methods/https
_apt 1656 0.0 0.0 27528 9600 ? S aug.06 0:00 \_ /usr/lib/apt/methods/https
_apt 1657 0.0 0.0 27528 9760 ? S aug.06 0:00 \_ /usr/lib/apt/methods/https
_apt 1658 0.0 0.0 27528 9760 ? S aug.06 0:00 \_ /usr/lib/apt/methods/https
_apt 1659 0.0 0.0 27528 9760 ? S aug.06 0:00 \_ /usr/lib/apt/methods/https
_apt 1660 0.0 0.0 27528 9760 ? S aug.06 0:00 \_ /usr/lib/apt/methods/https
_apt 1661 0.0 0.0 27528 9600 ? S aug.06 0:00 \_ /usr/lib/apt/methods/https
_apt 1662 0.0 0.0 20908 6880 ? S aug.06 0:00 \_ /usr/lib/apt/methods/mirror+file
_apt 1663 0.0 0.0 27528 9760 ? S aug.06 0:00 \_ /usr/lib/apt/methods/https
_apt 1664 0.0 0.0 27528 9920 ? S aug.06 0:00 \_ /usr/lib/apt/methods/https
_apt 1667 0.0 0.0 27532 10080 ? S aug.06 0:00 \_ /usr/lib/apt/methods/https
_apt 1669 0.0 0.0 20864 7680 ? S aug.06 0:00 \_ /usr/lib/apt/methods/file
Very strange - I just installed it, and as soon as I ran it, the output in Termux went from "Destionation Host Unreachable" to responses from my machine. Outbound pings from my machine also now get a response. I assume this was only supposed to help diagnose and not fix the issue? :p
KDE Connect is still acting up though, but at least they can talk to each other now! Thanks :)