Tag Archives: Tech

Server Management for Middle Schoolers Part 1: sshd_config

I may be crazy, but I know there are some Middle Schoolers who can run a server. So I’m teaching them headless shell management and scripting, all so they can play Minecraft (the carrot, in this case.) They are learning surprisingly well, but then, so am I. I’ve never had to create a fully group setting on Linux, and didn’t anticipate all the issues I’d run in to. Wanting to have 17 kids in an ssh group, with access to a games folder that consistently outputs files they can all use, and allows them to run an instance of Minecraft they can all access… It is a lot to figure out. This series is going to cover the settings I came up with.

Setting up a good sshd_config

There are some really great settings in the sshd_config script (/etc/ssh/sshd_config) that shouldn’t be overlooked. Options like changing the default port, assigning an approved group, and, optimally, using RSA keys are a must here, at least eventually.

Changing the Default Port

Because I need this server to be secure, it is attached to our school network after all, and because I want a group of lively administrators to have a sandbox to work on, I need a way to lock out unwanted access. The first step, which a student in the group duly noted, is to change the port number away from the default 22. That’s a simple fix, just look for the line and change it:

 # What ports, IPs, and protocols we listen for
Port 22

You can’t pick arbitrarily, but you can assume that most numbers below 1000 will be useful here. Settle on a port that isn’t used by another popular program as a default and you should be okay on traffic issues. Just as a point of reference, I got 2200 hits against Port 22 in the weekend before I could get our network admin to change the routing table to our new Port. They ranged from attempts to login using every possible username from ‘root’ to ‘techhelp’, to attempting to negotiate RSA keys. The saving grace from these attacks was the next step I took.

Setting Up an SSH Group

I’d prefer to use RSA keys for login, but haven’t had a chance to fully explain that process to the students yet, so we’re using passwords for now. Getting away from port 22, which is often attacked by bots as a pre-trial for an actual attack, was the first step. The next step is a bit of an extra measure. I knew I was going to need a group for these kids with special privileges, but I certainly wasn’t about to give them su. Inside the sshd_config there’s a setting to grant ssh privileges to a group of users, you can change it like this:

# Allow only certain UserGroups to access the ssh
AllowGroups myGroupName

This way, all of the random tries for usernames (even for root) will result in a failure, but it won’t tell the attempter why. This also accounts for attempts to attach with an RSA key, so bonus there. Only users in this group will be allowed to remote shell, however, so be sure to add yourself to the group. I speak from experience here.

Creating a Banner for Good Measure

It’s a good idea to also set up a banner for good measure. There should be a commented line in the sshd_config file that looks a bit like this one:

Banner /etc/issue.net

That gets printed out on an attempted login, say someone guesses a name that is in the userGroup approved to remote ssh. This may happen, and this file will, at the very least, show that you are paying attention to details. Most hackers won’t actually care, honestly, but amateurs might get a moment of pause. You can make yours funny for the added measure of giving a potential hacker a chuckle, may save you some time down the line. Currently, mine’s a mix of legal disclaimer, and boring threat. I’m working on something snappy.

Conclusions for SSH Access

This was a good lesson in the config files for ssh for me. I knew about some options, but not others. I think the real gem here is the setup of an allowed group. Keeping in mind that each user typically has their own group in a UNIX setup is a valuable thought for a broader sense of server management, and the idea that you could set multiple allowed groups through this setting is also quite useful. Next time I’ll talk about the Group ID and setting the group bit on a folder so that the whole group can access files and run services that are interoperable.

Amazon Fire Phone in hand

Amazon Fire Phone, a surprise, a warning, and a review

A couple of weeks ago I got a new Amazon Fire Phone. Due to family issues, I wasn’t able to really sit down and give it a full review until today. So here’s the review.

I really like this phone. My perspective might be a bit tainted from coming from a Galaxy S3 (from all experience I’ve heard the Galaxy line is all talk, no walk.) this phone is snappy, interesting, and just the right size. Having the five cameras facing front is a little bizarre, but makes sense when you get used to the hand movements for certain commands. I wonder if the accelerometer wouldn’t have been better for the most part in all the functionality, but I’m not that much of a mobile programmer yet, so I can’t say that authoritatively. My favorite feature with this phone is that it grabbed the LTE from MetroPCS immediately. It surprised my Metro guy, he says he nearly always has to do some back end stuff to get BYODs on the network properly. Having an S3 BYOD before this one, I can say I never got LTE with that phone. It also fits my hand much better than the S3 seems to have, though the sizes are very similar.

The lock screen is the first thing new users notice, and the 30 3D active scenes are gorgeous. They have apparent depth to them, and change perspective as you move the phone. The featured image is currently of my lock screen, and the cave walls on the right and left seem to conceal a larger cave in the back that shifts with your tilting the phone. This brings me to the warning, this phone can be very disorientating to someone who is not used to ‘forced 3D’ (I’m at home because of my time working with Blender, but the Metro guy was a little thrown off.) This is probably the biggest barrier to this phone being more than a niche / geeky phone.

Fire Phone Carousel ScreenshotOne thing you notice as a user is that this is definitely an Amazon phone. The two homescreen options are for a rotating carousel of apps (updated according to use, but modifiable to an extent) and an app list (like you would find on most phones by pulling up an app menu, but modifiable to contain ‘folders’.) My biggest gripe with this setup is the lack of ability to change the background from the dark gray scales, but more on that in a minute. I say you notice this is an Amazon phone because in the carousel you see a big picture of the app logo (which wiggles around as you tilt the phone, literally everything in the home area feels like it is floating around your movements) and then beneath it, you see suggestions of apps you might like similar to that app. This function is changed beneath relevant apps, like your email which shows you the most recent emails you’ve received. As far as I’m concerned it’s a bit of a space waster, but it might work well for some people, particularly if they have fat fingers. The carousel swipes left and right with a definite end, and apps can be ‘pinned’ to the carousel so that they appear at the far left on the homescreen. There is no way to organize them other than to pin them in order, which sucks if you get a new app you want to pin, but not at the front of the list. At the bottom of the carousel you have four quick slots to add apps that you use a lot (really only three because it is a phone, after all, and that one will always be there.) Fortunately, the OS always defaults to the last homescreen you were on, so the app menu is the one I use all the time, though it puts the four quick buttons at the top, rather than the bottom.

Amazon Fire Phone Left TrayThere are a couple of useful gestures that are available due to the cameras on the front. A quick left tilt left provides a menu on the left side of the screen, a right tilt docks it. Same for the other side. These gestures aren’t easy at first, but become second nature pretty quickly. A quick flick of the phone pulls down the ‘utilities’ menu (airplane mode, wireless, settings, bluetooth, etc.) The hard-coded default menu on the left is very Amazon: Apps (takes you to the appstore), Games (takes you to your game tray), Web (Silk web app), Music, Videos, Photos, Books (yay, all my Amazon books!), Newstand, Audiobooks, Docs, Shop, Prime (which is sorta useless based on the rest, as far as I can tell.) The tray on the right is non-customizable (seeing a theme here yet?) and provides the ‘latest updates’ including the weather, emails, alerts, calendar items, etc. These menus vary based on the app you are in.

If you are interested in browsing on this phone, don’t ever look back. The distinct lack of an ‘offscreen’ back button will be a challenge for nearly all android users. Silk isn’t a bad browser, though, and I haven’t felt a need to load anything else, which I nearly always do on mobile. The nav buttons (and many other things on the phone generally, like the bars/battery/time bar) have a tendency of disappearing until you tilt the phone to get them back. This can lead to confusion, but does provide a nicer experience with the whole screen being available when looked at face on.

Probably the coolest function of the physical buttons is the Firefly app. Hold the camera button and you get a menu that allows you to listen to music or shows and have them pulled up in the Amazon store or on IMDB (if they aren’t available in Amazon.) The prediction tech is pretty quick, and accurate as far as I have seen. It seems to work on audio only, but that works well enough in my experience with it. It even picks up shows that are ‘now airing’ like “Marvel’s Agent Carter,” or “Galavant.”

The headphones aren’t the most amazing I’ve ever used, but they are better than what I sometimes expect from ‘comes with the device.’ For that matter, the in phone speakers are loud and good enough, if a little tinny, to play music throughout my house (we were cleaning this weekend.) They are positioned on the bottom, so cases won’t cover them, though your hand might when playing.

The phone is NFC enabled, though I haven’t tried that function out yet, I’m excited about it. I have put my card into my on phone wallet, and plan on using it as soon as the program’s password protection starts working (haven’t been able to get it to pull up yet.)

The real drawback to this phone is that it is half android. Having to load apps from the Amazon store means that many of the apps are a few versions behind. The onus is on the developers to fix this, and they likely won’t as the sales from the Amazon app store aren’t as significant a portion of their business as the other two big contenders. It also means no G+ app (which I know isn’t a big deal to most people, but it is to me and other users) and no access to my google music (which is the biggest hit to me, because I have to offload everything and figure out how to upload it to Amazon.) So if you are in for this phone, you need to be in for a migration, or already have a pretty full Amazon account. Side-loading apps isn’t a big deal, but you do have to turn off the default “Use only Amazon apps” setting in the menu, thankfully it isn’t hard to find. I’ve read that you can sideload the Google apk to get the store and things, but haven’t gotten that desperate for it yet. Time will tell.

There is also no external storage, no removable back to have backup battery (though it eats next to nothing anyway), and the phone tends to run a little hot under gaming use. There’s only a little over a Gig worth of the 32GB internal storage used for the OS, so you don’t have to worry about the bloat you’ll get from time to time with other phones. The camera is pretty good, takes nice pictures, and is quick to load, which has me excited after a long stint of missing stuff with my S3. It nicely loads it’s drivers onto both Windows and Linux devices, haven’t tried my Mac yet, but I can’t see it being much different. (I think Amazon has learned from the overall Kindle experience here.)

If you are going to get this phone, remember to factor in the $90 for a year of Prime, which is credited to your current account when you purchase it. Also, realize that you have digital copies of many of the CDs that Amazon sells you on your account (I didn’t know this until I searched my music and found the Frozen soundtrack there and was baffled until I remembered that’s what my daughters have been pestering me with since Christmas.) Ting (which is a well rated mobile company) is opening to the GSM network now, so it might be a good time to try them out. My service with Metro is so vastly improved with this phone, however, that I’m probably going to stay with them for the time being.

Did I miss something you are interested in? Did this review help? Leave a comment or hit me up on one of my social networks (linked to the right.)