Closed sgrayban closed 2 years ago
Note that the admin CLI does not run as root, but an unprivileged user 'admin' with specific sudo permissions for specific commands behind the scenes. But do agree there should be an option to set authorized keypairs instead of or in addition to password auth.
Is it possible to mount the partition(s) - I haven't looked at the insides yet but in one photo you had shows a sdcard or was the pre-production photo?
Regardless of whether or not the device is public facing, I would like to be able to load a public key (and optionally disable password authentication) on the device so that I can ssh in (e.g., using putty with the pageant agent) and not have to log in with a user name and password.
Getting there..
NTP250> v
HTTP: enabled
HTTPS: enabled (manual)
HTTP Location Privacy: disabled
SSH: enabled, user: admin, auth: publickey password
NTP250> V
Configuring Services...
Service Commands:
q Exit Service Menu
H Disable HTTP interface
S Disable HTTPS interface
R Enable Location Privacy on HTTP
LP Update SSH password
LW Disable SSH password based auth
LK Update SSH authorized keys
LY Disable SSH authorized keys auth
LD Disable SSH
NTP250>
Cool. Can’t wait. Really appreciate how responsive you’ve been with questions and feature request suggestions.
From: Dave @.> Sent: Friday, November 19, 2021 9:51 AM To: centerclick/feedback @.> Cc: srob1 @.>; Comment @.> Subject: Re: [centerclick/feedback] Better SSH security (#7)
Getting there..
NTP250> v
HTTP: enabled
HTTPS: enabled (manual)
HTTP Location Privacy: disabled
SSH: enabled, user: admin, auth: publickey password
NTP250> V
Configuring Services...
Service Commands:
q Exit Service Menu
H Disable HTTP interface
S Disable HTTPS interface
R Enable Location Privacy on HTTP
LP Update SSH password
LW Disable SSH password based auth
LK Update SSH authorized keys
LY Disable SSH authorized keys auth
LD Disable SSH
NTP250>
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/centerclick/feedback/issues/7#issuecomment-974136970, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AHTTACHIHEEPAGONERL7VHLUMZP5XANCNFSM5EMPBWBQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
1.27
works perfectly!!
If the clock is facing the internet there should be a way to to upload your own ssh key and set root access to
PermitRootLogin prohibit-password
in /etc/ssh/sshd_config