[arm-allstar] Allstar security justification for local college
Doug Crompton
wa3dsp at gmail.com
Mon Aug 14 11:56:40 EST 2017
Just a warning, be careful adjusting ssh stuff. If you end up not being
able to login you are hosed! At that point your only options are to build
a new image or bring the SD card up on a running Linux system and alter
things there.
*73 Doug*
*WA3DSP*
*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
On Mon, Aug 14, 2017 at 12:04 PM, "LaRoy McCann via arm-allstar" <
arm-allstar at hamvoip.org> wrote:
> Thanks Tom, that's a good point. I should be doing that on all my stuff
> already but I guess I have been a little lazy.
> I will work on getting that setup.
>
> LaRoy K5TW
>
> On 8/14/2017 10:31 AM, "Tom Hayward via arm-allstar" wrote:
>
>> The best way to secure SSH is to disable password authentication and
>> use only keys. This way you don't have to worry about the strength of
>> your password.
>>
>> To do this, first paste your public key in /root/.ssh/authorized_keys.
>> Then test it. You should not be prompted for a password when you log
>> in.
>>
>> Then open /etc/ssh/sshd_config and add the line:
>> PasswordAuthentication no
>>
>> Then run:
>> systemctl reload sshd.service
>>
>> Tom KD7LXL
>>
>> On Mon, Aug 14, 2017 at 7:36 AM, "LaRoy McCann via arm-allstar"
>> <arm-allstar at hamvoip.org> wrote:
>>
>>> I was ask to help a local club add an Allstar / Echolink interface to
>>> their
>>> existing repeater controller.
>>> They presently use an RF link to provide their repeater with Echolink but
>>> are wanting to use a Pi and Allstar since they have internet access and
>>> do
>>> away with the RF link.
>>>
>>> Their repeater is located at a local college and the IT department wants
>>> to
>>> know about the Pi and it's security before they provide internet access
>>> for
>>> it. I was starting to do a security write-up but was wondering if anyone
>>> has anything they have prepared before and would be willing to share it.
>>>
>>> Anyone have any suggestions that I need to do in order to make it as
>>> secure
>>> as possible.
>>> I intend to place this behind a mikrotik router and block all ports
>>> except
>>> for the ones needed by allstar, echolink and ssh and do the same on the
>>> Hamvoip image.
>>>
>>> Should I add fail2ban?
>>>
>>>
>>> LaRoy K5TW
>>>
>>>
>>>
>>> ---
>>> This email has been checked for viruses by Avast antivirus software.
>>> https://www.avast.com/antivirus
>>>
>>> _______________________________________________
>>>
>>> arm-allstar mailing list
>>> arm-allstar at hamvoip.org
>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>
>>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>>
>> _______________________________________________
>>
>> arm-allstar mailing list
>> arm-allstar at hamvoip.org
>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>
>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>
>>
> _______________________________________________
>
> arm-allstar mailing list
> arm-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>
>
More information about the arm-allstar
mailing list