a random walk through technology

A simple way to hide an SSH server behind TLS


If you host an SSH server on a public IPv4 address, then you’ll be greeted within minutes by an onslaught of password guessing attempts from bots. On a quiet system the resulting failed logins can easily dominate the logs, and with some configurations they can even interfere with authorized logins. One solution is to hide the SSH server alongside an HTTPS server on the same port, and in this post I’ll describe how I’m doing that.…
Read more ⟶

What I wish was covered in DNSSEC tutorials


Over the Christmas break I enabled DNSSEC on several of my domains. For a technology that’s been around over two decades and viable to actually deploy for at least one, it was surprisingly hard to find a comprehensive guide on how to do it. In this post I’ll share what I learned from numerous tutorials, blogs, and RFCs. Who is this for? This post if focused on authoritative DNS. If you own a domain name then you have an authoritative DNS server.…
Read more ⟶