Open virtadpt opened 11 years ago
haxwithaxe
commented
11 years ago they originally had the ssh server disabled when they shipped it and people complained them into enabling it by default since not everyone has spare monitors. maybe restricting the ssh server to ipv4 and only /24 of it's dhcp address
virtadpt
commented
11 years ago By DHCP address, do you mean the mesh clients' IP block (10/24)?
haxwithaxe
commented
11 years ago i mean the ip it pulls from a gateway
virtadpt
commented
11 years ago So, in other words, nodes on the same LAN that the mesh node is using as its gateway? ... That would isolate the SSH daemon from the mesh, which is good.
How big a risk would mesh users trying to access nodes on that LAN pose? More to the point, how big a risk exists for mesh users attacking other nodes on the gateway's LAN side to try to SSH into the node with known credentials? Would it be a risk worth mitigating with a few extra iptables rules?
byzpiberlin
commented
9 years ago Is there any complete ! Raspberry Pi Image 4 downloading . this would be very very useful. thx!
this curl thing produces an Syntax error "Newline"
virtadpt
commented
9 years ago Check your e-mail.
It would be bad if the SSH daemon was running by default on ByzPi, because Raspbian comes with a known (and sudo-enabled) set of login credentials. Modify the Puppet manifest to turn it off by default.