[arm-allstar] Allstar security justification for local college

LaRoy McCann lmccann at dtisp.com
Mon Aug 14 11:04:00 EST 2017 

Thanks Tom, that's a good point.  I should be doing that on all my stuff 
already but I guess I have been a little lazy.
I will work on getting that setup.

LaRoy K5TW

On 8/14/2017 10:31 AM, "Tom Hayward via arm-allstar" wrote:
> The best way to secure SSH is to disable password authentication and
> use only keys. This way you don't have to worry about the strength of
> your password.
>
> To do this, first paste your public key in /root/.ssh/authorized_keys.
> Then test it. You should not be prompted for a password when you log
> in.
>
> Then open /etc/ssh/sshd_config and add the line:
> PasswordAuthentication no
>
> Then run:
> systemctl reload sshd.service
>
> Tom KD7LXL
>
> On Mon, Aug 14, 2017 at 7:36 AM, "LaRoy McCann via arm-allstar"
> <arm-allstar at hamvoip.org> wrote:
>> I was ask to help a local club add an Allstar / Echolink interface to their
>> existing repeater controller.
>> They presently use an RF link to provide their repeater with Echolink but
>> are wanting to use a Pi and Allstar since they have internet access and do
>> away with the RF link.
>>
>> Their repeater is located at a local college and the IT department wants to
>> know about the Pi and it's security before they provide internet access for
>> it.  I was starting to do a security write-up but was wondering if anyone
>> has anything they have prepared before and would be willing to share it.
>>
>> Anyone have any suggestions that I need to do in order to make it as secure
>> as possible.
>> I intend to place this behind a mikrotik router and block all ports except
>> for the ones needed by allstar, echolink and ssh and do the same on the
>> Hamvoip image.
>>
>> Should I add fail2ban?
>>
>>
>> LaRoy K5TW
>>
>>
>>
>> ---
>> This email has been checked for viruses by Avast antivirus software.
>> https://www.avast.com/antivirus
>>
>> _______________________________________________
>>
>> arm-allstar mailing list
>> arm-allstar at hamvoip.org
>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>
>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
> _______________________________________________
>
> arm-allstar mailing list
> arm-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>

More information about the arm-allstar mailing list