[arm-allstar] Allstar security justification for local college
LaRoy McCann
lmccann at dtisp.com
Mon Aug 14 12:46:36 EST 2017
But I guess you could always just connect a keyboard and monitor and login?
On 8/14/2017 11:56 AM, "Doug Crompton via arm-allstar" wrote:
> Just a warning, be careful adjusting ssh stuff. If you end up not being
> able to login you are hosed! At that point your only options are to build
> a new image or bring the SD card up on a running Linux system and alter
> things there.
>
>
> *73 Doug*
>
> *WA3DSP*
>
> *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
>
>
> On Mon, Aug 14, 2017 at 12:04 PM, "LaRoy McCann via arm-allstar" <
> arm-allstar at hamvoip.org> wrote:
>
>> Thanks Tom, that's a good point. I should be doing that on all my stuff
>> already but I guess I have been a little lazy.
>> I will work on getting that setup.
>>
>> LaRoy K5TW
>>
>> On 8/14/2017 10:31 AM, "Tom Hayward via arm-allstar" wrote:
>>
>>> The best way to secure SSH is to disable password authentication and
>>> use only keys. This way you don't have to worry about the strength of
>>> your password.
>>>
>>> To do this, first paste your public key in /root/.ssh/authorized_keys.
>>> Then test it. You should not be prompted for a password when you log
>>> in.
>>>
>>> Then open /etc/ssh/sshd_config and add the line:
>>> PasswordAuthentication no
>>>
>>> Then run:
>>> systemctl reload sshd.service
>>>
>>> Tom KD7LXL
>>>
>>> On Mon, Aug 14, 2017 at 7:36 AM, "LaRoy McCann via arm-allstar"
>>> <arm-allstar at hamvoip.org> wrote:
>>>
>>>> I was ask to help a local club add an Allstar / Echolink interface to
>>>> their
>>>> existing repeater controller.
>>>> They presently use an RF link to provide their repeater with Echolink but
>>>> are wanting to use a Pi and Allstar since they have internet access and
>>>> do
>>>> away with the RF link.
>>>>
>>>> Their repeater is located at a local college and the IT department wants
>>>> to
>>>> know about the Pi and it's security before they provide internet access
>>>> for
>>>> it. I was starting to do a security write-up but was wondering if anyone
>>>> has anything they have prepared before and would be willing to share it.
>>>>
>>>> Anyone have any suggestions that I need to do in order to make it as
>>>> secure
>>>> as possible.
>>>> I intend to place this behind a mikrotik router and block all ports
>>>> except
>>>> for the ones needed by allstar, echolink and ssh and do the same on the
>>>> Hamvoip image.
>>>>
>>>> Should I add fail2ban?
>>>>
>>>>
>>>> LaRoy K5TW
>>>>
>>>>
>>>>
>>>> ---
>>>> This email has been checked for viruses by Avast antivirus software.
>>>> https://www.avast.com/antivirus
>>>>
>>>> _______________________________________________
>>>>
>>>> arm-allstar mailing list
>>>> arm-allstar at hamvoip.org
>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>>
>>>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>>>
>>> _______________________________________________
>>>
>>> arm-allstar mailing list
>>> arm-allstar at hamvoip.org
>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>
>>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>>
>>>
>> _______________________________________________
>>
>> arm-allstar mailing list
>> arm-allstar at hamvoip.org
>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>
>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>
>>
> _______________________________________________
>
> arm-allstar mailing list
> arm-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>
More information about the arm-allstar
mailing list