[arm-allstar] Allstar security justification for local college
Tom Hayward
tom at tomh.us
Mon Aug 14 14:17:11 EST 2017
Local password login with keyboard and monitor works just fine even
when SSH is disabled or misconfigured. You don't even need to have a
network connection. The only case where this wouldn't work is if
you've forgotten your password.
Tom KD7LXL
On Mon, Aug 14, 2017 at 11:53 AM, "Doug Crompton via arm-allstar"
<arm-allstar at hamvoip.org> wrote:
> Still need to login so not if you didn't have the PW or it didn't work.
>
> On Mon, Aug 14, 2017 at 1:46 PM, "LaRoy McCann via arm-allstar" <
> arm-allstar at hamvoip.org> wrote:
>
>> But I guess you could always just connect a keyboard and monitor and login?
>>
>>
>> On 8/14/2017 11:56 AM, "Doug Crompton via arm-allstar" wrote:
>>
>>> Just a warning, be careful adjusting ssh stuff. If you end up not being
>>> able to login you are hosed! At that point your only options are to build
>>> a new image or bring the SD card up on a running Linux system and alter
>>> things there.
>>>
>>>
>>> *73 Doug*
>>>
>>> *WA3DSP*
>>>
>>> *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
>>>
>>>
>>> On Mon, Aug 14, 2017 at 12:04 PM, "LaRoy McCann via arm-allstar" <
>>> arm-allstar at hamvoip.org> wrote:
>>>
>>> Thanks Tom, that's a good point. I should be doing that on all my stuff
>>>> already but I guess I have been a little lazy.
>>>> I will work on getting that setup.
>>>>
>>>> LaRoy K5TW
>>>>
>>>> On 8/14/2017 10:31 AM, "Tom Hayward via arm-allstar" wrote:
>>>>
>>>> The best way to secure SSH is to disable password authentication and
>>>>> use only keys. This way you don't have to worry about the strength of
>>>>> your password.
>>>>>
>>>>> To do this, first paste your public key in /root/.ssh/authorized_keys.
>>>>> Then test it. You should not be prompted for a password when you log
>>>>> in.
>>>>>
>>>>> Then open /etc/ssh/sshd_config and add the line:
>>>>> PasswordAuthentication no
>>>>>
>>>>> Then run:
>>>>> systemctl reload sshd.service
>>>>>
>>>>> Tom KD7LXL
>>>>>
>>>>> On Mon, Aug 14, 2017 at 7:36 AM, "LaRoy McCann via arm-allstar"
>>>>> <arm-allstar at hamvoip.org> wrote:
>>>>>
>>>>> I was ask to help a local club add an Allstar / Echolink interface to
>>>>>> their
>>>>>> existing repeater controller.
>>>>>> They presently use an RF link to provide their repeater with Echolink
>>>>>> but
>>>>>> are wanting to use a Pi and Allstar since they have internet access and
>>>>>> do
>>>>>> away with the RF link.
>>>>>>
>>>>>> Their repeater is located at a local college and the IT department
>>>>>> wants
>>>>>> to
>>>>>> know about the Pi and it's security before they provide internet access
>>>>>> for
>>>>>> it. I was starting to do a security write-up but was wondering if
>>>>>> anyone
>>>>>> has anything they have prepared before and would be willing to share
>>>>>> it.
>>>>>>
>>>>>> Anyone have any suggestions that I need to do in order to make it as
>>>>>> secure
>>>>>> as possible.
>>>>>> I intend to place this behind a mikrotik router and block all ports
>>>>>> except
>>>>>> for the ones needed by allstar, echolink and ssh and do the same on the
>>>>>> Hamvoip image.
>>>>>>
>>>>>> Should I add fail2ban?
>>>>>>
>>>>>>
>>>>>> LaRoy K5TW
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---
>>>>>> This email has been checked for viruses by Avast antivirus software.
>>>>>> https://www.avast.com/antivirus
>>>>>>
>>>>>> _______________________________________________
>>>>>>
>>>>>> arm-allstar mailing list
>>>>>> arm-allstar at hamvoip.org
>>>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>>>>
>>>>>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>>>>>
>>>>>> _______________________________________________
>>>>>
>>>>> arm-allstar mailing list
>>>>> arm-allstar at hamvoip.org
>>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>>>
>>>>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>
>>>> arm-allstar mailing list
>>>> arm-allstar at hamvoip.org
>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>>
>>>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>>>
>>>>
>>>> _______________________________________________
>>>
>>> arm-allstar mailing list
>>> arm-allstar at hamvoip.org
>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>
>>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>>
>>>
>> _______________________________________________
>>
>> arm-allstar mailing list
>> arm-allstar at hamvoip.org
>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>
>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>
>>
> _______________________________________________
>
> arm-allstar mailing list
> arm-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
More information about the arm-allstar
mailing list