Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] remote access to server
- Date: Sun, 4 Jun 2017 14:12:58 +0900
- From: AbH Belxjander Draconis Serechai <belxjander@example.com>
- Subject: Re: [tlug] remote access to server
- References: <1a3aa51d-c95d-a22e-3d3d-4e931f4bfd38@me.scn-net.ne.jp> <CAAhy3dtt9SbRz+gdmvk5U8mphovvoJt-RLCsFapM==KaSFDOxA@mail.gmail.com> <5280AA80-631C-40E5-96BA-BBA3C5E00333@me.scn-net.ne.jp>
one thing I do is setup a forwarding "gateway" which does a full hard-reset and re-image of the system when modified,
and that way compromising the intended box is honeytrapped at the disposable proxy.
It's just an rpi that I access remotely then step-sideways (repeat ssh across the lan to the actual server at home).
basically it self-validates and refuses writes to the SDcard (occassionally checking the card by imaging it to a server and reading back a sha256 sum, matching == safe) (the server provides network image access and rootfs. only the minimal bootstrap image is "essential".
anything "modified" forces a full cutout and fresh fs image
On Jun 4, 2017 12:18, "kts" <kts@example.com> wrote:
Thank you all for the suggestions.
Since my plan is to access remotely while traveling via laptop if necessary, it would seem disabling password logins and using the Public/Private key system is the most workable.
While I do use router firewall to limit the forwarded ports and UFW/GUFW on that server and more complicated systems always appeal, my realistically limited skillset to maintain such a system… (experience has taught…): not there. Managing the underlying Debian OS and programs for the Wordpress CMS alone without destabilizing my local Janga-Tower of Babel seems enough. While probing the deeper waters of nmap, dig, whois, Wireshark, UFW et. al. is interesting, other tasks beckon.
Simple is the goal, I have a buttload of other deferred self-imposed tasks to deal with before adding yet another. I seem to have this problem of generating ToDo lists, filing them horizontally, then shuffling them around and losing sight of the goal and never really finishing them off. Setting up the ssh key system with a one-and-done seems most reasonable of the options for my situation.
Thank you all.
Kevin
--
To unsubscribe from this mailing list,
please see the instructions at http://lists.tlug.jp/list.html
The TLUG mailing list is hosted by ASAHI Net, provider of mobile and
fixed broadband Internet services to individuals and corporations.
Visit ASAHI Net's English-language Web page: http://asahi-net.jp/en/
- References:
- [tlug] remote access to server
- From: Kevin Sullivan
- Re: [tlug] remote access to server
- From: Raymond Wan
- Re: [tlug] remote access to server
- From: kts
- [tlug] remote access to server
- Prev by Date: Re: [tlug] remote access to server
- Next by Date: Re: [tlug] remote access to server
- Previous by thread: Re: [tlug] remote access to server
- Next by thread: Re: [tlug] remote access to server
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |