remove key from known hosts: ssh-keygen -R ============================= ifconfig - all network interfaces iwconfig - wifi network interfaces hostname -I ============================= to send a file from mac to pi over ssh rsync -v -e ssh ./bashaliases.txt pi@ ============================= HTML:
stops floating and imposes line break ============================= copy ssh credentials ssh-keygen -t rsa -b 2048 ssh-copy-id -i ~/.ssh/ mv .ssh/authorized_keys /etc/dropbear/authorized_keys ============================= Namecheap D DNS setup select A+Dynamic DNS Record for Type and enter @symbol as a Host: You may use any dummy IP address, like for Value. Once your Dynamic DNS client is configured, this IP address will be updated automatically to your current one. namecheap client setup ======================== Restart the web server: /etc/init.d/uhttpd restart ======================== Create Dynamic DNS with namecheap sudo apt-get install ddclient sudo vi /etc/ddclient.conf Here is a sample "normal" configuration file for ddclient: # /etc/ddclient.conf use=web, protocol=namecheap password=password @ try deleting the cache, or changing the ip in the cache: sudo rm /var/cache/ddclient/ddclient.cache Maybe run ddclient with the force option and see if you get the SSL message in the output? sudo ddclient -debug -verbose -noquiet -force sudo rm /var/cache/ddclient.cache use=web, web= address is NOT FOUND Certification and apache redirect: ==================================== for Stretch: add source to debian sources list: sudo vi /etc/apt/sources.list.d/raspi.list deb stretch-backports main sudo apt-get update then sudo apt-get install python-certbot-apache -t stretch-backports then install certs for apache: sudo certbot --apache Certificates stored: /etc/letsencrypt/live/$domain /etc/letsencrypt/live/ /etc/letsencrypt/live/ ======================== Namecheap guide to SSL on Apache: ======================== Apache: link a web file: sudo su ln -sT /home/pi/uptimelog uptimelog /etc/apache2/apache /var/www restart apache server: sudo /etc/init.d/apache2 restart /etc/apache2/sites-available/000-default.conf DocumentRoot /var/www/ ServerName DocumentRoot /var/www/ SSLEngine on SSLCertificateFile /etc/ssl/hayfarm_app.crt SSLCertificateKeyFile /etc/ssl/private/server.key SSLCertificateChainFile /etc/ssl/ NameVirtualHost *:80 ServerName Redirect / ServerName DocumentRoot /usr/local/apache2/htdocs SSLEngine On # etc... ======================== simple HTML:

Hay Farm

Page for alarms.

Alarms ======================== ngrok config: pi@raspberrypi:~/.ngrok2 $ cat ngrok.yml authtoken: CD012345678901234567890123456789 ssh-access: addr: 22 proto: tcp ======================== dd client sudo apt-get install ddclient sudo nano /etc/ddclient.conf # Configuration file for ddclient generated by debconf # # /etc/ddclient.conf protocol=namecheap use=web ssl=yes password='CD012345678901234567890123456789' @ ======================== Ddlicnet with two or more names: /etc/ddclient.conf: # Configuration file for ddclient generated by debconf # # /etc/ddclient.conf use=web, protocol=namecheap postscript=/usr/sbin/ddpost password=CD012345678901234567890123456789 @ # # # /usr/sbin/ddpost #!/usr/bin/python import argparse import tempfile import os import subprocess import syslog import sys parser = argparse.ArgumentParser(description='run ddclient on secondary hosts') parser.add_argument('ip_addr', help='script should be passed current ip address') args = parser.parse_args() ip_addr = args.ip_addr host_passwords = { '': 'AA012345678901234567890123456789', '' : 'BB012345678901234567890123456789', '': 'CC012345678901234567890123456789', '': 'DD012345678901234567890123456789' } host_subdomains = { '': ['blog', 'api'], '' : ['@'], '': ['@'], '': ['@'] } config_template = """ use=ip ip={ip_addr} protocol=namecheap login={host} password={password} {subdomain} """ ddconfig_template = """ddclient -file /tmp/{host}.conf -cache /tmp/{host}.cache -quiet""" for host in host_passwords.keys(): password = host_passwords[host] for subdomain in host_subdomains[host]: config_name = "/tmp/{0}.conf".format(host) cache_name = "/tmp/{0}.cache".format(host) config = config_template.format(**locals()) with open(config_name, "w") as f: f.write(config) ddconfig_cmd = ddconfig_template.format(**locals()) sys_msg = None try: subprocess.check_call(ddconfig_cmd.split(' ')) sys_msg = "SUCCESS: [ddclient postscript] updating {subdomain}.{host}: good: IP address set to {ip_addr}".format(**locals()) except subprocess.CalledProcessError: sys_msg = "FAILED: [ddclient postscript] updating {subdomain}.{host}".format(**locals()) syslog.syslog(sys_msg) for fname in [config_name, cache_name]: try: os.unlink(fname) except OSError: pass ======================== firewall ports ssh 22 http 80 https 443 vnc 5900 node-red 1880 ======================== generating cert on pi: cname dns authentication: ======================== NameVirtualHost *:80 ServerName Redirect / ServerName DocumentRoot /usr/local/apache2/htdocs SSLEngine On # etc... Save and close the file, then restart the HTTP sever like this. $ sudo systemctl restart apache2 ======================== sudo apt-get install sshfs ======================== It is possible to use homebrewto install OSXFuse and sshfs. To start we will need to create a local directory in which to mount the droplet's file system. sudo mkdir /mnt/droplet <--replace "droplet" whatever you prefer Now we can use sshfs to mount the file system locally with the following command. sudo sshfs -o allow_other,defer_permissions /mnt/droplet or sudo sshfs -o allow_other,defer_permissions,IdentityFile=~/.ssh/id_rsa /mnt/droplet sudo mkdir /tmp/droplet sudo sshfs -o allow_other,defer_permissions pi@ /Users/robinlefever/mount sudo umount /Users/robinlefever/mount unnecessary to use sudo. Drive appears in drive list in Folder on Mac sshfs pi@ ~/RemoteFS umount /Users/robinlefever/RemoteFS ======================== sudo apt-get update sudo apt-get install fail2ban sudo vi /etc/fail2ban/jail.local [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log bantime = 900 banaction = iptables-allports findtime = 900 maxretry = 3 sudo service fail2ban restart ======================== hostname -I sudo apt-get install nmap sudo nmap -sP grep for onions: sudo nmap -sP |grep -A1 '40:A3:6B' or sudo nmap -sP |grep -A1 '40:A3:6B\|22:23:F6' ======================== scp @: ======================== wpa_supplicant.conf file is: ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev update_config=1 country=GB network={ ssid="Rowling" psk="password" key_mgmt=WPA-PSK } ======================== ======================== ======================== ======================== ======================== ======================== ======================== ========================