Measuring Amplifier AC Impedance

Knowing the impedance of an amplifier or any electronic circuit can be very useful, for lower frequency applications it’s desirable to have the source impedance be much lower than the load impedance to minimize voltage drop, in RF applications and where maximum power transfer is needed it’s better to match impedance to avoid reflections, the latter is a bit more complicated so in this article we will only be considering lower frequencies, typically below 10MHz.

Making the measurement

The only things you need to measure the impedance is a variable resistor (potentiometer), a signal generator and a multi-meter to measure resistance and AC voltage, an oscilloscope is also desirable as multi-meters generally do not measure signals of higher frequency that well.

Ensure your potentiometer is rated to handle the signal power

For measuring input impedance naturally you want the variable resistance to be at the input to your amplifier, while with output impedance you want it to be at the output, the goal is to adjust the resistance until the signal voltage drops by half the input value, the signal frequency should be the nominal expected frequency for the amplifier in question, I.E for audio you may want to start at 10kHz.

If you need to use an AC coupling capacitor make sure it’s large to avoid signal attenuation.

So for example to measure input impedance you set your frequency generator to 10kHz sine, with an output amplitude that is typical for your amplifier, let’s say 50mV RMS, you then measure the voltage on the amplifier side of the variable resistor, adjusting until you read an AC voltage of 25mV, then it’s just a simple case of measuring the resistance of the variable resistor which will give your impedance.

This works by forming a voltage divider between the signal source and the load, a voltage drop of half must mean the impedance is matched so both the variable resistor and the load will be of equal value.

This works great to give you the real component of the impedance, however it tells you nothing about the reactance, which in some situations, particularly RF is quite important to know, regardless this method is cheap and reasonably quick.

Securing a SSH Server

Secure Shell is a prime target for any attacker wanting to gain access to your machine, the default configuration is reasonably secure, but there is plenty of room for improvement, this is particularly important when setting up a machine for the first time over SSH, attacks can and do occur within hours so securing it must be done quickly.

Strong password

You would think that this is pretty obvious, but it’s still surprising how often people choose weak passwords, you generally don’t need to go over the top with them to be secure against attack, a few basic guidelines are:

  • Use at least 8 characters
  • Do not use any common words
  • Add numbers and or symbols
  • Do not reuse passwords
  • Preferably use a password manager (I.E keepass)

Public key authentication

Public key authentication allows you to avoid using passwords entirely, which is very convenient, this is done by generating a key pair on your machine, which consists of a public key and a private key, the public key is added to the authorized_keys file on the server, typically ‘~/.ssh/authorized_keys’ for a specific user, the users SSH client then authenticates by decrypting a challenge that is sent by the server using their public key, this ensures that only the person with the matching private key can login.

The most obvious downside to this is you need to keep the private key safe, you can optionally add a passphrase during key creation for more security but on the whole using public key authentication without a password is safer than just a regular password, password authentication can be disabled on the server making brute force attacks practically impossible.

The key pair is created by using the ssh-keygen program, a number of different cryptographic algorithms are available but for optimal security RSA 4096 bit and ed25519 are the only choices I would recommend, the latter is preferred due to the smaller key size and greater speed, but may not be compatible with all software.

ssh-keygen -b 4096 -t rsa
ssh-keygen -t ed25519

Here is an example of generating a SSH key pair:

ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/user/.ssh/id_ed25519): ~/.ssh/test_ed25519
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in test.
Your public key has been saved in test.pub.
The key fingerprint is:
SHA256:k1mQZaxnwsaoQlOZtAWSnyisZhOSK1i8qPp3m0eRhqw test@hostname
The key\'s randomart image is:
+--[ED25519 256]--+
|  .oo+. .+o      |
|  ..+o  .o.      |
|.o +.o = o.      |
|+o* o + X+o      |
|+*.o o oS=       |
|*+o E   ..       |
|= ..   .         |
|.   . ...        |
|o... .oo         |
+----[SHA256]-----+

Windows users can use Putty to generate keys and perform other SSH operations.

This will generate ‘~/.ssh/test_ed25519’ and ‘~/.ssh/test_ed25519.pub’, the public key ‘test_ed25519.pub’ can then be added to the server, either manually or using the ssh-copy-id program which requires establishing a regular SSH connection, for example:

ssh-copy-id -i test_ed22519.pub remote_server.com

If the remote user is different from the local user simply use user@remote_server.com instead, if you have password authentication disabled this method is not possible. Here is an example of the manual method with root connecting and the test user account already existing.

scp ~/.ssh/test_ed25519.pub root@remote_server.com:/home/test/
ssh root@remote_server.com
mkdir -m 700 /home/test/.ssh
chown test:test /home/test/.ssh
cat /home/test/test_ed25519.pub >> /home/test/.ssh/authorized_keys
chmod 600 /home/test/.ssh/authorized_keys
chown test:test /home/test/.ssh/authorized_keys
rm /home/test/test_ed25519.pub

This does the following:

  • Transfer public key to ‘/home/test’ on the remote server via Secure CoPy (SCP)
  • Connect to remote server as root
  • Create the .ssh directory and set permission
  • Copy the public key in to the authorized_keys file and set permission
  • Remove the public key file

Once that is done the user can connect to the remote server, if the private key is in ~/.ssh and named id_ed25519 (or as appropriate) it will be automatically used, alternatively it can be specified manually with the -i argument, if the key requires a pass phrase you will be prompted for it.

Disable password authentication

This is strongly recommended once you have public key authentication setup, simply add the following to /etc/ssh/sshd_config and restart the daemon with systemctl restart sshd

PasswordAuthentication no

Use Sshguard

If you really need to have password logins enabled it is strongly recommended you use sshguard, this program monitors login attempts and can ban temporarily or permanently if there are too many failures, it supports a number of firewalls including the easy to use ufw, you can read more about configuring it here.

Use strong encryption

Without going in to extensive detail the following algorithms have been chosen with maximum security in mind, weak ones are not included it all.

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes256-cbc

KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

MACs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com

Note: The space between lines is important!

Disable root login

Having root login enabled is completely unnecessary, if you need root access you can use su or sudo from a regular user.

PermitRootLogin no

Disable forwarding

If you are not using features like X11 forwarding, ssh-agent forwarding and so on you can and should disable them, you can do this individually or disable all forwarding with:

DisableForwarding yes

Change server port

Using the default port 22 is essentially waving a big red flag, unless you have a specific reason to stick to port 22 you should use something else, this is much less useful if you have other common services running on the same server like HTTP.

Conclusion

There are a few more options that can be used to improve security so I suggest reading the sshd and sshd_config man pages, however for the vast majority of users this is more than sufficient to guarantee security against most attacks.

Below is a full example sshd_config:

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

Port 22
#Port 12400
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Use 'sudo ssh-keygen -A' to generate default keys
HostKey /etc/ssh/ssh_host_ed25519_key
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin no
ChallengeResponseAuthentication no

UsePAM yes
DisableForwarding yes
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes256-cbc

KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

MACs umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com

# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server

Fosi Audio DAC-Q4 Review

I’ve been having a problem with PC audio noise for quite some time, the front audio jack in particular was very susceptible to interference, primarily from my GPU, I decided to get an audio DAC to fix the problem, specifically I wanted one with an optical S/PDIF input since this provides complete electrical isolation which can itself introduce audio noise.

After looking around for a while I decided to avoid the very cheap offerings, I’m not an audiophile but I still want half decent audio quality, the Fosi Q4 appeared to be of good construction with an aluminium chassis and included bass and treble adjustment which was a nice addition.

Construction

Fosi Q4 Annotated

The Q4 appears to be a rebranded version of the Q3 Pro which was marked on the PCB, it uses the common SA9023A decoder which supports up to 24 bit 96kHz, it also uses the popular NE5532 audio op-amps, and a HT97220 125mW audio amplifier for the front headphone output.

I identified the DAC as a MS8412 which appears to be a RuiMeng 192kHz 24 bit DAC, the exact signal path isn’t clear but it appears the USB may be restricted to 96kHz while the S/PDIF and coax input are 192kHz, this may explain the mix of 192kHz and 96kHz used in advertising.

Other notable components are the UD2-3NU signal relay, ATMLH518 (possibly AT24C64D) which appears to be an EEPROM possibly for the SA9023A, a pair of fixed 3.3V LDO regulators and a B6280f which I was unable to find any clear info on, all the capacitors are 105c Lelong and Capxon brand.

Verdict

Overall this is a very decent DAC and can be had for a quite reasonable price, certainly unless you’re an audiophile you’ll find nothing to complain about.

Buy Fosi DAC-Q4 (affiliate link)

Microcap 12 Review

Microcap 12 Logo

Microcap 12 is a formerly commercial circuit simulator that has been made freeware, it was developed by Spectrum Software since 1982 with the final release coming in 2020, while there will no longer be any updates Microcap 12 is fully functional and mature software.

Interface

Microcap 12 Interface
Default Interface

Microcap has a lot of functionality so as might be expected the interface is a tad cluttered, however compared with some other professional circuit simulation software it really isn’t too bad, the manual, user guide and reference manual provides plenty of help.

There is a great deal of customization options available including interface layout, keyboard shortcuts, colours and fonts which makes it very versatile.

Part Selection

The included parts library is very extensive containing over 45,000 parts, including useful macro models, while it may be a bit lacking in terms of the most modern parts, there is still enough for essentially every need, in addition in can import standard SPICE models and subcircuits.

Simulation

A wide variety of simulations are available, from the standard DC, AC and transient to harmonic / intermodulation distortion, stability and optimization, for a free simulator this is by far the best I’ve seen, a number of interactive options are included as well such as sliders and animated parts which makes it very good for educational usage.

There is an extensive amount of graphing options including formulae, annotation, FFT, monte carlo and more making it a very powerful tool.

Multicap 12 Analysis

Overall

Microcap 12 is currently the best value circuit simulator that can be had, it even beats a number of commercial products in terms of functionality and component library, what I find more surprising is that Spectrum Software have decided to make this freely available rather than simply vanish like so many companies do these days.

You can get Microcap 12 for free from the Spectrum Software website.