Well, Gentoo isn’t all bad. It has a very nice prompt. It displays the root user in RED and the non-root user in GREEN. So in order to have a nice looking prompt in Rocky Linux, just copy the Gentoo /etc/bash/bashrc to /etc/bashrc in Rocky.
Read ArticleCategory: Entwicklung
Webentwicklungg, Programmieren, Software, Server… irgendwie alles was in den Bereich Computer und Entwicklung fällt
Anything regarding web-development
sshd sftp chroot jail howto
Problem description: You would like to jail users to their home directories and not allow shell access, only sftp access. Solution: SFTP chroot jail 1. Create a system group. Here I call it sftponly.
|
1 |
groupadd -r sftponly |
2. edit the sshd_config file, usually residing in /etc/ssh/sshd_config (in weird opensuse it’s in /usr/etc/sshd/ ) and append (it needs…
Read ArticleToday I learned about NATS, microservice API and security
Actual security, as in identity, is still a 3rd party thing, aka you still need a OIDC IDP (or oauth2 in the broadest sense or similar). All NATS security does is validate that the credentials you pass the a client are valid and enforce limits, if configured. The microservice API was necessary, since simple request/reply…
Read ArticleKeycloak ED25519 is being worked on
If you’re like me and trying to use NATS Jetstream with JWT auth and Keycloak… Well right now you’re SOL, because Keycloak so far only supports RSA, HMAC and AES, and NATS requires ED25519 signatures. But a certain individual named tnorimat aka Takashi Norimatsu is apparently working on ED25519 support. EdDSA Keycloak Issue on Github…
Read Articleupstream sent too big header while reading response header from upstream
If you’re getting this error message “upstream sent too big header while reading response header from upstream” in the nginx error log and are using fcgi, in my case I was running a PHP script via PHP FPM 8.2 and received a 502 response from nginx. I fixed the issue.
Read Article