[arm-allstar] Allstar security justification for local college
Doug Crompton
wa3dsp at gmail.com
Mon Aug 14 13:53:36 EST 2017
Still need to login so not if you didn't have the PW or it didn't work.
On Mon, Aug 14, 2017 at 1:46 PM, "LaRoy McCann via arm-allstar" <
arm-allstar at hamvoip.org> wrote:
> But I guess you could always just connect a keyboard and monitor and login?
>
>
> On 8/14/2017 11:56 AM, "Doug Crompton via arm-allstar" wrote:
>
>> Just a warning, be careful adjusting ssh stuff. If you end up not being
>> able to login you are hosed! At that point your only options are to build
>> a new image or bring the SD card up on a running Linux system and alter
>> things there.
>>
>>
>> *73 Doug*
>>
>> *WA3DSP*
>>
>> *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
>>
>>
>> On Mon, Aug 14, 2017 at 12:04 PM, "LaRoy McCann via arm-allstar" <
>> arm-allstar at hamvoip.org> wrote:
>>
>> Thanks Tom, that's a good point. I should be doing that on all my stuff
>>> already but I guess I have been a little lazy.
>>> I will work on getting that setup.
>>>
>>> LaRoy K5TW
>>>
>>> On 8/14/2017 10:31 AM, "Tom Hayward via arm-allstar" wrote:
>>>
>>> The best way to secure SSH is to disable password authentication and
>>>> use only keys. This way you don't have to worry about the strength of
>>>> your password.
>>>>
>>>> To do this, first paste your public key in /root/.ssh/authorized_keys.
>>>> Then test it. You should not be prompted for a password when you log
>>>> in.
>>>>
>>>> Then open /etc/ssh/sshd_config and add the line:
>>>> PasswordAuthentication no
>>>>
>>>> Then run:
>>>> systemctl reload sshd.service
>>>>
>>>> Tom KD7LXL
>>>>
>>>> On Mon, Aug 14, 2017 at 7:36 AM, "LaRoy McCann via arm-allstar"
>>>> <arm-allstar at hamvoip.org> wrote:
>>>>
>>>> I was ask to help a local club add an Allstar / Echolink interface to
>>>>> their
>>>>> existing repeater controller.
>>>>> They presently use an RF link to provide their repeater with Echolink
>>>>> but
>>>>> are wanting to use a Pi and Allstar since they have internet access and
>>>>> do
>>>>> away with the RF link.
>>>>>
>>>>> Their repeater is located at a local college and the IT department
>>>>> wants
>>>>> to
>>>>> know about the Pi and it's security before they provide internet access
>>>>> for
>>>>> it. I was starting to do a security write-up but was wondering if
>>>>> anyone
>>>>> has anything they have prepared before and would be willing to share
>>>>> it.
>>>>>
>>>>> Anyone have any suggestions that I need to do in order to make it as
>>>>> secure
>>>>> as possible.
>>>>> I intend to place this behind a mikrotik router and block all ports
>>>>> except
>>>>> for the ones needed by allstar, echolink and ssh and do the same on the
>>>>> Hamvoip image.
>>>>>
>>>>> Should I add fail2ban?
>>>>>
>>>>>
>>>>> LaRoy K5TW
>>>>>
>>>>>
>>>>>
>>>>> ---
>>>>> This email has been checked for viruses by Avast antivirus software.
>>>>> https://www.avast.com/antivirus
>>>>>
>>>>> _______________________________________________
>>>>>
>>>>> arm-allstar mailing list
>>>>> arm-allstar at hamvoip.org
>>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>>>
>>>>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>>>>
>>>>> _______________________________________________
>>>>
>>>> arm-allstar mailing list
>>>> arm-allstar at hamvoip.org
>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>>
>>>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>>>
>>>>
>>>> _______________________________________________
>>>
>>> arm-allstar mailing list
>>> arm-allstar at hamvoip.org
>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>
>>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>>
>>>
>>> _______________________________________________
>>
>> arm-allstar mailing list
>> arm-allstar at hamvoip.org
>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>
>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>
>>
> _______________________________________________
>
> arm-allstar mailing list
> arm-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>
>
More information about the arm-allstar
mailing list