SSH

Monday, June 8, 2026 at 17:10:05

Disallowed SSH password connections on port 22, set another port as an alternate, on larger system.

Here is the info (locked myself out a couple times first)

Cmd: systemctl edit ssh.socket
## This will allow alternate or multiple ports
## to be used with ssh. Each port must be set
## up individually for use with ip4 or ip6 or both.
## Alt. port must be open through firewall.
[Socket]
ListenStream=
ListenStream=0.0.0.0:YOUR_PORT
ListenStream=0.0.0.0:YOUR_ALT_PORT
ListenStream=[::]:YOUR_PORT
ListenStream=[::]:YOUR_ALT_PORT

## Restart stuff
cmd: systemctl daemon-reload
cmd: systemctl restart ssh.socket

## Check stuff
ss -tlnp | grep ssh

——————————–
## Edit file in /etc/ssh/sshd_config.d/*.conf

Port 22
Port 2222

PubkeyAuthentication yes
PasswordAuthentication no

Match LocalPort 2222
PasswordAuthentication yes

## Restart stuff
cmd: systemctl restart ssh
cmd: systemctl daemon-reload
cmd: systemctl restart ssh.socket

——————————–
## Login to specific alternate port using password.

ssh -o PubkeyAuthentication=no -o PreferredAuthentications=password root@systemname -p 2222

So now, at least in theory, most of the login attacks will be thwarted just by only allowing pubkey logins on port 22. I will probably go through the other systems and do the same. At least the other ‘S’ system.

libredtail

Friday, May 15, 2026 at 17:12:20

Getting scanned on one of the system by libredtail-http. So I’m blocking it on that server.

I tried adding this to apache2.conf, didn’t work:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond "%{HTTP_USER_AGENT}" "libredtail-http" [NC]
    RewriteRule ^ - [F,L]
</IfModule>

So i tried moving it within the file, I tried adding the same thing to global-redtailban.conf in apache2/conf-available and running a2enconf global-redtailban, also didn’t work.

So I finally found something that said to add this to the apache2.conf file (replacing BadBot with the one I want to ban):

<If "%{HTTP_USER_AGENT} == 'BadBot'">
    Require all denied
</If>

That seems to have done the trick.

Router rerouting

Sunday, April 12, 2026 at 18:31:20

After discovering a number of issues, and having to fix network problems, I again tried to get the dual-wan up and running. I was successful, but the speed dropped from either WAN connection from about 900Mbps download (and 40Mbps upload) to 80Mbps give or take 15 for download, and 10-20Mbps upload. So I ran some more testing, and finally came up with a compromise setup, where everything can stay the same, except the gateway used will need to be changed on systems from 10.0.0.1 to 10.0.0.2. All else can remain the same. Oh, and it needs to be updated on local LAN dns server pintobean.

+--------------------+             +--------------------+
|                    |             |                    |
|                    |             |                    |
|    XFinity         |             |     T-Mobile       |
|                    |             |                    |
|   10.0.0.1         |             |                    |
+^---------------+---+             +-------------^------+
 |               |                               |       
 |               |                               |       
 |               |      +--------------------+   |       
 |               |      |                    |   |       
 |               |      |                    |   |       
 |               +------>    Dual-WAN        +---+       
 |                      |                    |           
 |                      |  10.0.0.2          |           
 |                      +--------------------+           
 |                                                       
 |                     ########                          
 |                   ####      ########                  
 |                  ##                 ######            
 |                 #                        ###          
 |                ##                           ##        
 |                #      LAN                    #        
 +----------------#                             #        
                  ##                            #        
                    ##                          #        
                      #####                     #        
                          #######             ###        
                                ###### ########          

--> Ascii chart made on Asciiflow.com 

Apache2 woes

Tuesday, January 20, 2026 at 21:41:57

Something that runs around 6:19am on vps is shutting down apache2, then trying to restart/graceful restart it, but the restart fails because it runs BEFORE apache2 shuts down.

I’m currently attempting to edit /etc/needrestart/needrestart.conf (found this after hours of searching):
changed this:

#$nrconf{restart} = ‘i’;

to this:

$nrconf{restart} = ‘a’;

Fingers crossed.

Also, added this block to /etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Post-Invoke-Success {
    "if systemctl list-units --all --type=service | grep -q 'apache2'; then systemctl restart apache2; fi";
};

Top of Page