What’s your favourite desktop and why?

In response to Voice of the Masses

My favourite Desktop is Unity because it is not MATE. This has been bugging me for quite some time.
Like almost everyone else on the planet, I was unhappy when in 2011 Canonical declared Unity Ubuntu’s new default desktop. After years of using GNOME 2, I just thought that Unity felt a bit awkward. But I stuck with it, mainly for a perceived lack of alternatives and my wish to avoid PPAs if at all possible.
Fast-forward a few years and, thanks to the excellent Martin Wimpress, I hear of MATE Desktop Environment almost every other podcast I listen to. With the release of Ubuntu 15.10, MATE is finally elevated to official flavour status and I was sure to be making the switch away from Unity.
I ended up using MATE for about one day before going back to Unity. It was quite an uncomfortable thing to have to admit, but there was a problem: After years of using Unity, I just thought that MATE felt a bit awkward…
ubuntu-mate.org

Executing Linux commands in the background using screen

The screen command allows you to detach a running process from a session and then reattach it at a later time. Its use is simple:

user@debian:~$ screen yourlinuxcommand

Now that yourlinuxcommand is executing, press Ctrl+A followed by D to detach the screen.
Obtain a list of all the running screen processes:

user@debian:~$ screen -ls
There is a screen on:
       18470.pts-0.server(02/03/14 10:03:43) (Detached)
1 Socket in /var/run/screen/S-user.

Note the screen id in the above output. Use the screen id to reattach the session at anytime:

user@debian:~$ $ screen -r 18470.pts-0.server

www.thegeekstuff.com, www.linuxjournal.com

Redirecting mail for the local root user

postfix is Ubuntu’s default mail transfer agent (MTA) and can be configured to deliver mail using a relay host that requires SMTP authentication. Get the necessary packages with the following command:

user@ubuntu:~$ sudo apt-get install postfix bsd-mailx

Begin to configure your postfix installation by choosing satellite system as the general type of configuration. Enter the local machine name as the mail name (eg mycomputer.edafe.org) and the SMTP server address of your email service provider as the SMTP relay host (eg smtp.relayhost.com). Edit the file /etc/postfix/main.cf and add the following:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

Create the file /etc/postfix/sasl_passwd and make the following entries:

smtp.relayhost.com user:password

Substitute smtp.relayhost.com with the address of the SMTP relay host and user:password with your login details. Continue by executing the following three commands:

user@ubuntu:~$ sudo chown root.root /etc/postfix/sasl_passwd
user@ubuntu:~$ sudo chmod 600 /etc/postfix/sasl_passwd
user@ubuntu:~$ sudo postmap hash:/etc/postfix/sasl_passwd

Instruct postfix to reload its settings with the following command:

user@ubuntu:~$ sudo /etc/init.d/postfix reload

Making changes to the alias table

The aliases table provides a system-wide mechanism to redirect mail for local recipients. Edit the file /etc/aliases to contain the following entries:

postmaster: root
root: localuser
localuser: user@yourdomain.com

The localuser is the system administrator. Substitute user@yourdomain.com with the email address that you would like mail for the root user to be redirected to. Finally, update /etc/aliases.db using the following command:

user@ubuntu:~$ sudo newaliases

Mail for the local root user from now on will automatically be forwarded to user@yourdomain.com , using smtp.relayhost.com as the relay host.
www.postfix.org, help.ubuntu.com

Monitoring hard disks with smartmontools

SMART stands for Self-Monitoring, Analysis and Reporting Technology and is built into most modern hard disks. The smartd daemon is part of smartmontools and monitors a disk’s SMART data for any signs of hardware problems. SMART is available with Parallel and Serial ATA disks, drives appearing as either /dev/hd* or /dev/sd*, respectively. Use the following command to obtain relevant information for your system:

user@ubuntu:~$ df -hl

If required, start by configuring postfix to redirect mail for the local root user. Get the necessary packages with the following command:

user@ubuntu:~$ sudo apt-get install smartmontools bsd-mailx

Configuring smartd

Edit the file /etc/smartd.conf and comment out any lines beginning with DEVICESCAN. If you are using a netbook or a laptop, add the following line for the smartd daemon to monitor the device /dev/sda:

/dev/sda -a -d ata -n standby -o on -S on -m root -M daily -M test

If you are using a desktop or a server, add the following line for the smartd daemon to monitor the device /dev/hda:

/dev/hda -a -d ata -n never -o on -S on -s (L/../../7/04|S/../.././02) -m root -M daily -M test

See man smartd.conf for more information on how to tailor the operation of smartd to your needs.

Starting smartd

Edit the file /etc/default/smartmontools and uncomment the line containing start_smartd=yes. Restart the smartd daemon with the following command:

user@ubuntu:~$ sudo /etc/init.d/smartmontools restart

Verify that the local root user has received a test message from the smartd daemon. From now on, the smartd daemon will monitor the disk and, in the event of impending disk failure, alert the local root user by email.

Desktop Linux for the Windows power user

“As a lifelong Windows user, system builder, ex-gamer, and performance freak, I’m not drinking anyone’s Kool-Aid. I just want the most amount of control over my system as possible, and at this point in time, Ubuntu is the best follow-up to Windows XP.” Adam Overa walks the Windows user through the Ubuntu installation process from downloading the CD image to finding help online.
www.tomshardware.com

Ubuntu Linux is for everyone

Ubuntu is a relatively new flavour of Linux. Since the release of ‘Warty Warthog’ in October 2004, it has become the most popular Linux distribution worldwide. Similar to its parent, Debian GNU/Linux, Ubuntu is based entirely on free software. It inherits outstanding package management and provides one-click access to thousands of downloadable applications. Ubuntu 8.10 (Intrepid Ibex) is the latest version and available for download from today.
www.ubuntu.com

Editing configuration files with nano

There are many different tools that you can use to edit configuration files. Because of its simplicity, I personally like to use Nano:

user@ubuntu:~$ sudo nano /path/to/the/file

You can change the default settings for nano by editing its configuration file. For example, to stop nano from wrapping text simply make the following changes to /etc/nanorc:

## Don't wrap text at all.
set nowrap

www.nano-editor.org

Public/private key authentication with SSH

Updated 09/10/2016

SSH is a protocol that enables secure logins over a network. It supports the use of asymmetric encryption for user authentication. Private keys are kept locally, while public keys are stored on the remote machine.

On the local machine

Use the following command to generate a new key pairs for the local user schmidt:

schmidt@exhaustpiano:~$ ssh-keygen -t ed25519 -o -a 100
schmidt@exhaustpiano:~$ ssh-keygen -t rsa -b 8192 -o -a 100

Use an appropriate passphrase to secure the private key (don’t be tempted to use an empty passphrase).
Deploy the public key with the following command:

schmidt@exhaustpiano:~$ ssh-copy-id schmidt@pizzaposition

On the remote machine

Delete any unused host keys with the following command:

root@pizzaposition:~$ rm /etc/ssh/ssh_host_dsa_key* /etc/ssh/ssh_host_ecdsa_key* /etc/ssh/ssh_host_rsa_key*

Create the group ssh-users with the following command:

root@pizzaposition:~$ addgroup --system ssh-users

Add the local user schmidt to the group ssh-users:

root@pizzaposition:~$ adduser schmidt ssh-users


Make the following changes in sshd_config to improve on the default configuration:

# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key

# Specify allowed key exchange algorithms
KexAlgorithms curve25519-sha256@libssh.org# Specify the ciphers allowed for protocol version 2
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128
gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

# Specifiy the available MAC (message authentication code) algorithms
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256
etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128
etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac
128@openssh.com

# Logging
LogLevel VERBOSE

# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key

RSAAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

ClientAliveInterval 15

MaxStartups 3:60:20

UsePAM no
UseDNS no

Restart the SSH server on the remote machine with the following command:

root@pizzaposition:~$ systemctl restart ssh.service

Setting these options will make root logins impossible. Only users belonging to the group ssh-users may establish a connection. Access is strictly tied to the private key and the passphrase used to encrypt it. Using the private key stored on exhaustpiano, local user schmidt should now be able to remotely log into pizzaposition:

schmidt@exhaustpiano:~$ ssh pizzaposition
Enter passphrase for key '/home/schmidt/.ssh/id_ed25519':
Last login: Sun Oct 9 15:51:15 2016 from 12.34.56.78
schmidt@pizzaposition:~$

For more in-depth information, please see stribika’s post-Snowden advice on hardening OpenSSH server installations.
stribika.github.io

The book SSH The Secure Shell by Daniel Barrett, Richard Silverman and Robert Byrnes is still useful today and has information on other clever stuff you can do with SSH.