[arm-allstar] Allstar security justification for local college
Tom Hayward
tom at tomh.us
Mon Aug 14 10:31:34 EST 2017
The best way to secure SSH is to disable password authentication and
use only keys. This way you don't have to worry about the strength of
your password.
To do this, first paste your public key in /root/.ssh/authorized_keys.
Then test it. You should not be prompted for a password when you log
in.
Then open /etc/ssh/sshd_config and add the line:
PasswordAuthentication no
Then run:
systemctl reload sshd.service
Tom KD7LXL
On Mon, Aug 14, 2017 at 7:36 AM, "LaRoy McCann via arm-allstar"
<arm-allstar at hamvoip.org> wrote:
> I was ask to help a local club add an Allstar / Echolink interface to their
> existing repeater controller.
> They presently use an RF link to provide their repeater with Echolink but
> are wanting to use a Pi and Allstar since they have internet access and do
> away with the RF link.
>
> Their repeater is located at a local college and the IT department wants to
> know about the Pi and it's security before they provide internet access for
> it. I was starting to do a security write-up but was wondering if anyone
> has anything they have prepared before and would be willing to share it.
>
> Anyone have any suggestions that I need to do in order to make it as secure
> as possible.
> I intend to place this behind a mikrotik router and block all ports except
> for the ones needed by allstar, echolink and ssh and do the same on the
> Hamvoip image.
>
> Should I add fail2ban?
>
>
> LaRoy K5TW
>
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
> _______________________________________________
>
> arm-allstar mailing list
> arm-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
More information about the arm-allstar
mailing list