Hero Image

Upgraded my alpine today as well

I just noticed I was 1 minor verison behind alpine today. I upgraded, also noting that I had missed an rc-update for my cache that allows the website to run. Fortunately I fixed it. Overall I am VERY happy with alpine these days:

  1. Upgrades are VERY easy (vim /etc/apk/repositories)Then simply change the # from the old version to the new version
  2. apk update && apk upgrade
  3. reboot. You are done
  4. Use the alpine-virt kernel package for guests
  5. Be sure to edit your inittab file to enable consoles
  6. enable qemu-guest tools (they seem to have fixed the agent problem it used to have with v 3.17.x)
  7. I like to add sshguard to keep all the annoying people away w/o worrying about id10t's probing me
  8. Improve your ssh.conf
# Ciphers and keying
RekeyLimit 1G 1H
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie$
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh$
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@o$

# Limit sessions and its duration
MaxAuthTries 2
MaxSessions 5
ClientAliveInterval 30
ClientAliveCountMax 6
TCPKeepAlive no

PasswordAuthentication no
ChallengeResponseAuthentication no
PubkeyAuthentication yes

# Enable AllowAgentForwarding if you need to jump through this host
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
PrintMotd no
Compression no

# Restrict SSH usage
AllowUsers      <user1> <user2>

This makes your ssh much happier.

Also I like to use lnav for log viewing, and caddy for my webserver. I like to use it in 'http/3 mode', with new version of quic enabled as well.