nidomiro

Software developer stories
en de

More secure deployments via ssh

2020-08-21 Infrastructure Linux Deployment Niclas Roßberger

If we deploy an application automatically we have to grant the CI (Continuous Integration) access to the server. Common practice is to do that via a GitLab Runner or an ssh account on the server.

Personally I would not recommend using a GitLab Runner for deployments, because you have to maintain it. Another potential issue is, that you normally register runners for your whole GitLab instance or groups. That results in a scenario in which everyone can use that runner and accidentally (or not) destroy, for example, your production server. To avoid that you have to register the GitLab Runner in the Project it belongs to only. But even then your production server can be misused as a build worker and therefore create performance issues.

Continue reading
Ubuntu Deployment Linux Ssh Security Shell Bash Automation Server Configuration

Ubuntu: automatic password for second encrypted disk

2016-12-15 Infrastructure Linux Ubuntu Tutorials Niclas Roßberger

I just encountered the problem that I have to type two passwords at startup, for two encrypted disks. My first disk is encrypted through the Ubuntu installer. After some searching I found the perfect solution for that task. In german, it’s called “Schlüsselableitung”, in English derived keys. But perfect solutions often have a big issue why they don’t work, like here. I’m using Ubuntu 16.04 which uses ´systemd´, and that has problems with derived keys. So I found the second most perfect solution for me, using a key-file. Some people argue that this is a security issue, but the derived key is also obtainable with root rights, just like a key-file. And by the way, your private keys of your certificates are also stored on that disks and nearly nobody complains about that.

Continue reading
16.04 Automatic Decryption Encryption GPT KDE KDE Neon Key-Files Kubuntu Luks Ubuntu
© 2025 by Niclas Roßberger - rss
Powered by Bilberry Hugo Theme