@Danp said in How to use different accounts on the same website/service with profiles:
With Firefox, you also have the option of using the Multi-Account Containers extension.
That's good to know. Seems to be a Mozilla extension as well, so not 3rd party.
Could be a good alternative to profiles in Firefox since profiles is a somewhat hidden feature.
When you have different accounts on the same websites or services, it can often become a hassle. The reason is that your browser can only save one set of cookies and local data for each domain. So if you use different accounts you need to login repeatedly as you switch between them. You can also use a private / incognito window but you still have to login every time you close it.
To solve this problem permanently you can use profiles in your browser.
In Firefox open the site: about:profiles
Add a new profile there while still keeping the default profile the same.
If you want to start a browser using your new profile use:
firefox -P new_profile
If you want to create a shortcut on windows, the target will then become:
"C:\Program Files\Mozilla Firefox\firefox.exe" -P new_profile
You can add several profiles and each profile will be completely separate, have its own UI and browser settings and also use it's own set of cookies and local data.
In Chrome you can add a new profile (aka user) by clicking on the person icon (You) on the top right and select + Add.
Here you can also switch profiles. When you add a profile Chrome asks if you want to create a shortcut on the desktop (Windows).
The target will look like this:
"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 1"
Basically the same as Chrome.
Target will be like this, e.g.:
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Profile 1"
@JaredBusch said in Fedora 33 SSH Access Denied But Webmin Works Fine:
@scottalanmiller said in Fedora 33 SSH Access Denied But Webmin Works Fine:
Root is disabled by default in SSH configs most of the time.
Not until the last couple years. Sure we always disabled it, but it was not default that way until recently.
Ubuntu disabled it by default in 14.04 (2014) and Debian in version 8 (2015).
This probably coincide when openssh developers decided that disabled should be the default in the source code.
It's up to the distro to set defaults for installed packages so RedHat based distros like Fedora might have been much later.
@scottalanmiller said in Proxmox hates security:
@Pete-S said in Proxmox hates security:
@scottalanmiller said in Proxmox hates security:
@Pete-S said in Proxmox hates security:
I'm not saying Proxmox is insecure, I'm just saying it wasn't designed with security as it's primary focus.
KVM by default for instance is managed by libvirt and by default doesn't open any tcp ports at all. That gives the administrator the option to decide what level of security versus convenience they want.Ignoring "by default" in that, ProxMox can be the same. You can close everything up and only manage however you like. You don't have to use the web interface on it, it can be totally shut down. Obviously defeating lots of the purpose, but plausible.
I spend far more time on ProxMox via command line via MeshCentral than via the web interface and the web interface, while we don't lock it down from the LAN in most cases (we run a LOT of ProxMox these days) we primarily access it from the PM host itself from a jump box running on top of it for the cases when the web interface is needed. So while we don't go to the degree of locking it off from the LAN, we could and we wouldn't notice the difference most of the time.
That's not a default, so obviously totally different. But it's a really simple setting.
That's good to know.
We don't use gui anymore either but we're moving away from pre-packaged hypervisors and to pure KVM with libvirt compatible management tools.
We have found that to be the best solution for our use case (high degree of automation and customization).
I'd like to see that for sure. There's a lot of benefit to that, potentially at least.
We're automating a lot.
But the real problem is not the automation itself. The real problem is that automation and standardization is time consuming.
@annalynnetech said in Helpdesk - PC replacement routines:
Being newly appointed administrative head of a PC support team I must firstly stress that I am out on a limb here, not being technical at all.
However I have noticed that my team (yes short on resources and we are hiring) spend a lot of time on PC installations and replacements, helping the users settling in on their new device.
All new PCs are preinstalled at our PC vendor and with the most common SW already in place. However it is not unusual for our supporters spending at least an hour helping the users with configuring mail etc..
My management finds it in order as they argue it saves time for the end users. I am just wondering/hoping there were a better/faster way to get the users settled in. Note that this is not related to data but all the local UI and application settings, shortcuts etc.
Again I apologize if this is not the right forum to ask. Any directions most appreciated.
I think you should have two different procedures.
The first for installing and configuring the users computer. That should be done before the users even sees it. It's now 100% ready to go.
This should be done with automation, meaning scripts that does things automatically so you don't have to do the same work over and over again.
The second is for hand holding the user.
Here you could save some time by making making a few introduction videos that shows the things that users usually ask about or need to know.
@Dashrender said in Microsoft script recreates shortcuts deleted by bad Defender ASR rule:
@Pete-S said in Microsoft script recreates shortcuts deleted by bad Defender ASR rule:
@PhlipElder said in Microsoft script recreates shortcuts deleted by bad Defender ASR rule:
So glad we're holding back on deploying Windows 11 and staying out of Microsoft's cloud where we can.
I'm trying to decide if running Windows is more like having a live virus on your computer or if it's like having a government controlled device that you bought and paid for but have no say over (it's for you own good of course).
Isn't that the same for your phone?
More or less yes. But perhaps more spyware than virus I think.
@PhlipElder said in Microsoft script recreates shortcuts deleted by bad Defender ASR rule:
So glad we're holding back on deploying Windows 11 and staying out of Microsoft's cloud where we can.
I'm trying to decide if running Windows is more like having a live virus on your computer or if it's like having a government controlled device that you bought and paid for but have no say over (it's for you own good of course).
@NashBrydges said in Fedora 33 SSH Access Denied But Webmin Works Fine:
@NashBrydges Yep, changed it to yes and now I can access via SSH!!! Thank you for the help!
Good man! You got the job done!
If the ssh server is accessible from the internet make sure the root password is long enough and random. At least 16 characters preferably.
You were too quick.
It's the /etc/ssh/sshd_config file you want to look at.
I wrote the wrong filename but corrected it straight away.
The one you've been looking at is for the ssh client.
@NashBrydges said in Fedora 33 SSH Access Denied But Webmin Works Fine:
@Pete-S I can edit any of the files, just don't know where and what edits to make.
OK, I got you. Please run the command below to see the contents of the ssh config file.
cat /etc/ssh/sshd_config
Or open the file /etc/ssh/sshd_config if there is an editor for that.
You're looking for a line that says PermitRootLogin
PermitRootLogin
Specifies whether root can log in using ssh(1). The
argument must be yes, prohibit-password,
forced-commands-only, or no. The default is
prohibit-password.
If this option is set to prohibit-password (or its
deprecated alias, without-password), password and keyboard-
interactive authentication are disabled for root.
If this option is set to forced-commands-only, root login
with public key authentication will be allowed, but only if
the command option has been specified (which may be useful
for taking remote backups even if root login is normally
not allowed). All other authentication methods are
disabled for root.
If this option is set to no, root is not allowed to log in.
Root can't login on ssh by default in most distros.
For those that changes the default and allows root login, the first option is to only allow login using ssh keys and certificates, not passwords.
Usually the console is however set to allow root login by default. But then you need to be at the server, or have IPMI setup for remote KVM.
Anyway, if you can access webmin with root can't you edit the ssh settings and restart?
@scottalanmiller said in Proxmox hates security:
@Pete-S said in Proxmox hates security:
I'm not saying Proxmox is insecure, I'm just saying it wasn't designed with security as it's primary focus.
KVM by default for instance is managed by libvirt and by default doesn't open any tcp ports at all. That gives the administrator the option to decide what level of security versus convenience they want.Ignoring "by default" in that, ProxMox can be the same. You can close everything up and only manage however you like. You don't have to use the web interface on it, it can be totally shut down. Obviously defeating lots of the purpose, but plausible.
I spend far more time on ProxMox via command line via MeshCentral than via the web interface and the web interface, while we don't lock it down from the LAN in most cases (we run a LOT of ProxMox these days) we primarily access it from the PM host itself from a jump box running on top of it for the cases when the web interface is needed. So while we don't go to the degree of locking it off from the LAN, we could and we wouldn't notice the difference most of the time.
That's not a default, so obviously totally different. But it's a really simple setting.
That's good to know.
We don't use gui anymore either but we're moving away from pre-packaged hypervisors and to pure KVM with libvirt compatible management tools.
We have found that to be the best solution for our use case (high degree of automation and customization).
@Obsolesce said in Proxmox hates security:
@Pete-S said in Proxmox hates security:
@Obsolesce said in Proxmox hates security:
@Pete-S said in Proxmox hates security:
KVM by default for instance is managed by libvirt and by default doesn't open any tcp ports at all. That gives the administrator the option to decide what level of security versus convenience they want.
Remotely using Virt-manager for example, via remote SSH connection.
Yes, that's one option.
The more minimal approach is to just use
virshas you don't need a desktop environment for that.Huh? Who doesn't use a desktop environment on their PC?
SSH jump servers seldom have a desktop environment. And seldom allow tunneling.
And you seldom want a desktop environment on the hypervisor.
@siringo said in Assign text to Key:
Hello.
I'm looking for a simple way to assign text to a key or key combo.Primarily I want to assign an email address to a key/key combo.
I need to be able to use the key/combo to enter the email address into login fields within web browsers (Chrome and FF).
This is for Windows based devices.
Thanks.
Autohotkey
https://www.autohotkey.com/
Works very well. You can make it do complicated things too if you want.
@Obsolesce said in Proxmox hates security:
@Pete-S said in Proxmox hates security:
KVM by default for instance is managed by libvirt and by default doesn't open any tcp ports at all. That gives the administrator the option to decide what level of security versus convenience they want.
Remotely using Virt-manager for example, via remote SSH connection.
Yes, that's one option.
The more minimal approach is to just use virsh as you don't need a desktop environment for that.
Anyone have experience with Wavix.com SIP trunks?
https://wavix.com/
I noticed them under 3CX supported SIP providers next to Skyetel and wondered if anyone used them.
They seem to run on a well developed automation platform.
@JaredBusch said in Proxmox hates security:
@Pete-S said in Proxmox hates security:
Interesting observation.
If you think about it, using a web UI on the hypervisor increases the attack surface substantially.
What I'm trying to say is that Proxmox was clearly not designed with security as it's primary focus.
You realize that 100% of the hypervisors out there use a remote interface? web or proprietary desktop app doesn't change anything.
Attack surface is the difference. With proxmox you have a complete webserver on the hypervisor, not just an remote API. The more services you run and the larger or more complex they are, the larger the attack surface.
I'm not saying Proxmox is insecure, I'm just saying it wasn't designed with security as it's primary focus.
KVM by default for instance is managed by libvirt and by default doesn't open any tcp ports at all. That gives the administrator the option to decide what level of security versus convenience they want.
I think corp.contoso.com makes the most sense if you're doing split-dns. Then it doesn't matter if it's AD or AAD or whatever.
Microsoft uses it often in their docs as well.
https://learn.microsoft.com/en-us/windows-server/networking/core-network-guide/core-network-guide
Interesting observation.
If you think about it, using a web UI on the hypervisor increases the attack surface substantially.
What I'm trying to say is that Proxmox was clearly not designed with security as it's primary focus.
@Mario-Jakovina said in Recommended storage setup for Proxmox VE homelab:
@Pete-S said in Recommended storage setup for Proxmox VE homelab:
From what I can gather B120i is not a real RAID controller. It just a SATA HBA with LSI chipset. It needs OS software drivers to do RAID.
The lack of RAID5 and RAID6 kind of gives it away.I created RAID0 array on B120i, and Proxmox installer still sees individual drives.
It seems like you're right - it is not real RAID controller.Edit: After Proxmox install on it, system reports "unknown filesystem". I will try with "non-RAID" setup
It's your homelab so the whole point is to try things and see what happens!