Security

The observant amongst you will have noticed that this website has become entirely secured by HTTPS.

If you didn't notice, then I've done my job correctly!

By redirecting every page to its HTTPS counterpart, every page you see here will be secured. However, I'd prefer all traffic was secured and reduce the number of redirections from non-secure to secure pages, and that's where HSTS (HTTP Strict Transport Security) comes into play. In this article, I'll explain my motivations, and how to implement HSTS on your own site.

Secure shell (SSH) is the workhorse of a UNIX system administrator. Due to its ability to secure connections, protect login details, provide authenticity and even tunnel traffic, SSH replaced telnet in the real world many years ago. Authenticity is not guaranteed, and for administrators working with a large farm of servers it's important to ensure you're talking to the server you really wanted, and not something that's moved into its place.

SSH employs a private/public asymmetric keying system, keeping a private key closely guarded and using the public key to not only secure the connection but help prove that you're talking to the right server. Most SSH clients will allow you to remember the public key for a server after your first connection; ensuring subsequent connections are to the same server by revalidating a hash of this key, known as a “fingerprint”. To help validate the fingerprint on your first connection, you can store a fingerprint of the SSH server's public key in DNS for additional verification.