HacKanCuBa

# Modern secure (OpenSSH Server 7+) SSHd config by HacKan
# Refer to the manual for more info: https://www.freebsd.org/cgi/man.cgi?sshd_config(5)

# Server fingerprint
# Regenerate with: ssh-keygen -o -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 4096
HostKey /etc/ssh/ssh_host_rsa_key
# Regerate with: ssh-keygen -o -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
HostKey /etc/ssh/ssh_host_ed25519_key

# Log for audit, even users' key fingerprint

HacKanCuBa

Encrypted SWAP hibernation in Debian 9+

It took me about 6 hours to find out all of this, but after reading a ton of man pages, initram scripts, and bug reports, I got a working result that takes about 2' to set up...

The point is to have a SWAP partition encrypted with LUKS, and it should be decypted during boot.

When using SysV, initram hooks and scripts in Debian worked like a charm but then, Systemd came and it's not yet fully implemented so this kind of crap happens. Systemd's cryptsetup doesn't support parameters in /etc/crypttab so using a script there is ignored:

/* Options Debian's crypttab knows we don't:

HacKanCuBa

#!/bin/bash
################################################################################
#
#  ~~~~ Emergency Lockdown ~~~~
#       Forces a lockdown on the system: kills the keys and luks headers,
#       then reboots.
#  Copyright (C) 2015 by HacKan
#
#  This program is free software: you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by

HacKanCuBa

#!/bin/bash
############################################################
# Script que elimina todos los kernels salvo el que se
# encuentra en uso (MODO=1), o salvo el que se encuentra
# en uso y el anterior (MODO=2).
#
# **************************************************************
# ** NO ME RESPONSABILIZO POR DAÑOS QUE PUDIERAN SER CAUSADOS **
# ** SEA POR BUEN O MAL USO DE ESTE SCRIPT                    **
# **************************************************************

HacKanCuBa

-----BEGIN PGP MESSAGE-----

owHsuQVUXMu2KNpIgODu0GhwdwmNa3B3CO4eCAEaJ7gFDQ4JFiC4BoK7OyTBAyG4
a/fv5OyzJfuce+7//9033hj/L0axqmdVTatpVSsBAwGAivOM7AVTV2VIIFwl4AHF
wlMaCU9zNy8rZS9HTzs2HRdPF3NNOw9PKydzWJ9dwp3d1dJaO40nn15NWpaNi50X
lb7jsgCCysNJxUnl8tQeVVSUiuOJnbOVubudr5UlFRfsFxUPDx+3ICcVhzyVIRUX
FxcfFbeQIJUxFYcqbISKQwYG4+YR5KPiUKHip+LQggF5+fi5qMTEUK2cLX/gpPrf
96D6uFtZ/5CGhxeV87cHxvDPN5Uz1W8wLk5+3r/BuP7FPF4unr/BBDh/hXHxCAr8
CuPm4+b9G0yAh//vMF4+ob/B+P4FjF+I/28wQR6Bv8GEBH6VjVuQi0vwbzBufs5f
YUJ/1wu3EO/f6PJwcgr8io+Hk/dvOuDh5Bf8+1ohQa5fYVw8XL/KwcPFL8D9K4yb

HacKanCuBa

-----BEGIN PGP MESSAGE-----

owEM1gNyIAgAALDatu12a9u2bdu2bdu2bdu2bfPuE5nEwwIDQCG6YntRDtYG+QPW
AsBfIRoSuNo5/zNwJHCxNSCwMbA2IDCxNjEysrCzpbU3NqU1szdTCfLSiYYFgQQG
asXh7sNnYozVX7wBPCFu1IFMrqM32uQkpPNQB4SNGx5YGnPBXf0yfb5Qj9/A0CsY
lYwxx/WRDrNn9RIyXp97MHGhV4JH/sdQO3ADtOf/t5zES6Egcwih2LbxdytCzpvt
nvOayyhoOTIxebTeY+yqBqgTYBIjYKBa7RpoaBf6DVBKUWVI0OWuAc8AXJ6BNZPe
cSHr8FuvL+Kx5+RXKobtMUt3aCT93dQU1gnrsO+1k260yI2ALk0iDSosfEqkLUiO
h5i7VBJYj91TrtooXIp6L2SHgiCEuMa20CmJCJlLqCqtNYpQP+xp3P8gVs+eKmf6
qaErN5VbU6ziTbpbs2NR0VRVyUfPICjP6/+GE7X2fpIAsx4hpz9B9G7Kw+xMXG2w

HacKanCuBa

Keybase proof

I hereby claim:

• I am hackancuba on github.
• I am hackan (https://keybase.io/hackan) on keybase.
• I have a public key ASClVoZXLVRXbbPLGBaUhBuXUqqso1Cz9_Tcnasvn-CD5Ao

To claim this, I am signing this object: