Two-factor authentication (or simply 2FA) is a way of authentication where a user must provide additional verification after username and password login. The form of verification can be a string of characters delivered via text message or generated with TOTP client. Two-factor authentication improves security because compromised username and password are not enough to get […]
A couple years back we wrote a guide on how to create good OpenPGP/GnuPG keys and now it is time to write a guide on SSH keys for much of the same reasons: SSH key algorithms have evolved in past years and the keys generated by the default OpenSSH settings a few years ago are […]
In our previous article we described an idea setup for a modern server with btrfs for flexibility and redundancy. In this article we describe another kind of setup that is ideal only for a backup server. For a backup server redundancy and high availability are not important, but instead maximal disk space capacity and the […]
Btrfs is probably the most modern filesystem of all widely used filesystems on Linux. In this article we explain how to use Btrfs as the only filesystem on a server machine, and how that enables some sweet capabilities, like very resilient RAID-1, flexible adding or replacing of disk drives, using snapshots for quick backups and […]
Btrfs (pronounced Better FS) is a relatively new filesystem that operates on the copy-on-write principle (abbreviated COW, which stems a more friendly pronunciation for btrfs: Butter FS). Btrfs includes a lot of interesting functionality and replaces traditional Linux disk and filesystem tools like LVM (volume manager, disk snapshots) and mdadm (software RAID). In RAID usage btrfs is much more flexible […]
A great deal of our work as Linux system administrators is related to security. Each server we maintain is bombarded on daily basis in a never ending cyberwar. Some of our customers (e.g. the website of the former Finnish Minister of Foreign Affairs, government websites, high profile political organisations and media sites) are obvious targets but […]
The OpenPGP standard and the most popular open source program that implements it, GnuPG, have been well tested and widely deployed over the last decades. At least for the time being they are considered to be cryptographically unbroken tools for encrypting and verifying messages and other data. Due to the lack of easy-to-use tools and […]
Everybody knows what hand hygiene is: hands are disinfected every time we enter a hospital. In the same way as germ-free hands stops diseases from spreading, password hygiene helps to prevent the misuse of credentials. Password hygiene may feel useless when the effect is not immediately visible, but it is never the less very important […]