Enabling DNS over HTPS on common Web Browsers

April 1, 2020 by AJNI No Comments

What is DNS over HTTPS ? Well it's basically an encrypted way of querying DNS. Normally DNS uses port 53 to communicate with the server and query the name we want. But all of that traffic is in plain-text and thus it is very easy to poison that communication. DNS over HTTPS is secure because it uses certificates to encrypt traffic (just like HTTPS websites).

Mozilla Firefox makes it very easy to enable this feature. Just open the settings and search for "DNS over HTTPS":

In the connection settings enable DNS over HTTPS. You could also add a custom provider. Here is a good list: https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers

Microsoft Edge does not have a user-friendly way of activating the feature (yet).

In the edge://flags/ search for "DNS" and you will find the corresponding setting:

Unfortunately Microsoft Edge does not allow custom providers. Hopefully they will one day.

Reading time: 1 min

Installing OpenVPN on Ubuntu 18.04 Minimal

March 16, 2020 by AJNI No Comments

A few days ago I bought a very cheap Virtual Private Server (VPS) – check my post here: https://www.ajni.it/2020/03/quick-tip-cheap-private-servers-on-the-cloud/

It was very cheap (4$ or 3.75€ annually), but with a lot of gotchas.

One of them is Ubuntu 18.04 Minimal, which means a lot of packages will not be pre-installed, causing a lot of pain when installing services like in my example OpenVPN.

Here is how I managed to install OpenVPN on Ubuntu 18.04 Minimal.

Updating the system:

apt update

apt upgrade

Install OpenVPN

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

The first problem occurs with the root CA certificates:

Install the root certificates in order to trust them:

apt-get install ca-certificates

After re-running the command, another error shows up:

Install the next package (iptables):

apt-get install iptables

And finally, the OpenVPN setup can be run:

I had to set a custom port, because only specific ones were NAT’d to my server. You might leave the port to default. I am also using 1.1.1.1 for DNS.

After the setup is finished, a configuration file will be created. This file contains the public certificates and private key that are mandatory for the connection. It can be imported into the OpenVPN client (Windows) through the GUI.

On Linux, a simple

openvpn configfile.ovpn

does the trick.

Reading time: 1 min

Configure SSH Key-Based Authentication on a Linux System

March 10, 2020 by AJNI 1 Comment

By default, Linux systems allow both password-based and key-based authentication over SSH. If you have a server with SSH open to the world, password-based authentication shouldn’t be allowed at all.

To disable password-based authentication, edit the SSH config file:

nano /etc/ssh/sshd_config

Add the following lines:

PasswordAuthentication no

PubkeyAuthentication yes

Now generate a new private/public key pair:

ssh-keygen

id_rsa is your private key

id_rsa.pub is the public certificate thumbprint that must be added to ~/.ssh/authorized_keys

nano ~/.ssh/authorized_keys

The SSH service must be restarted.

service ssh restart

Now you can connect to your server with key-based authentication only. If connecting from a Linux system the file’s permissions must be set to 600.

chmod 600 id_rsa

ssh -i id_rsa ip@username

If you like using Putty, you’ll have to load the file with PuttyGen and save the private key as .ppk.

PuttyGen can be downloaded here: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Links:

https://askubuntu.com/questions/346857/how-do-i-force-ssh-to-only-allow-users-with-a-key-to-log-in

Reading time: 1 min

Cheap private servers on the Cloud

March 9, 2020 by AJNI No Comments

Today I stumbled upon this very useful site that helps you find very cheap virtual private servers (VPS) around the globe. The public IPv4 address is shared and NAT'd across multiple servers. If that's no problem for you, the cheapest servers are 0.15€ a month with 128MB RAM and 1 vCPU.

Also, some public IP addresses are blocked in China and/or Russia.

Have fun!

https://www.serverhunter.com/

Reading time: 1 min

Enabling Bitlocker Drive Encryption without a TPM chip

March 7, 2020 by AJNI No Comments

I was trying to enable Bitlocker on my C: drive, but unfortunately my PC does not have a physical TPM chip built-in. Turns out there is a way to enable Bitlocker Drive Encryption without the TPM chip with help of Group Policies.

Open Local Group Policies (gpedit.msc) > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives > Require additional authentication at starutp

Enable this Policy and leave the default settings.

Now in Windows Explorer, Bitlocker can be turned on:

Because there is no TPM chip available, we either have the option to enter a password every time the OS boots or unlock the drive with a USB flash drive.

There are a few options for saving the recovery key. If you save it to your Microsoft Account, it can be accessed on this Microsoft site: https://account.microsoft.com/devices/recoverykey

Select the first option if you just re-installed Windows.

New should be better right?

Your PC will be restarted.

At boot, this is the prompt you'll get:

Don't forget to secure your Bitlocker Recovery Key just in case something breaks. You'll need that long string.

Links:

https://support.microsoft.com/en-us/help/4530477/windows-10-finding-your-bitlocker-recovery-key

https://www.howtogeek.com/192894/how-to-set-up-bitlocker-encryption-on-windows/

Reading time: 1 min
Page 1 of 51234...Last »

Tip Of the Day

Recent Posts

Categories

Archives

Secured By miniOrange