search

centerclick / feedback

Issues, Bug Reports, and Feature Requests
7 stars 0 forks source link

Better SSH security #7

Closed sgrayban closed 2 years ago

sgrayban commented 2 years ago

If the clock is facing the internet there should be a way to to upload your own ssh key and set root access to PermitRootLogin prohibit-password in /etc/ssh/sshd_config

dave4445 commented 2 years ago

Note that the admin CLI does not run as root, but an unprivileged user 'admin' with specific sudo permissions for specific commands behind the scenes. But do agree there should be an option to set authorized keypairs instead of or in addition to password auth.

sgrayban commented 2 years ago

Is it possible to mount the partition(s) - I haven't looked at the insides yet but in one photo you had shows a sdcard or was the pre-production photo?

srob1 commented 2 years ago

Regardless of whether or not the device is public facing, I would like to be able to load a public key (and optionally disable password authentication) on the device so that I can ssh in (e.g., using putty with the pageant agent) and not have to log in with a user name and password.

dave4445 commented 2 years ago

Getting there..

NTP250> v
HTTP:                     enabled
HTTPS:                    enabled (manual)
HTTP Location Privacy:    disabled
SSH:                      enabled, user: admin, auth: publickey password 

NTP250> V
Configuring Services...

  Service Commands:
  q        Exit Service Menu
  H        Disable HTTP interface
  S        Disable HTTPS interface
  R        Enable Location Privacy on HTTP
  LP       Update SSH password
  LW       Disable SSH password based auth
  LK       Update SSH authorized keys
  LY       Disable SSH authorized keys auth
  LD       Disable SSH

NTP250>
srob1 commented 2 years ago

Cool. Can’t wait. Really appreciate how responsive you’ve been with questions and feature request suggestions.

From: Dave @.> Sent: Friday, November 19, 2021 9:51 AM To: centerclick/feedback @.> Cc: srob1 @.>; Comment @.> Subject: Re: [centerclick/feedback] Better SSH security (#7)

Getting there..

NTP250> v

HTTP: enabled

HTTPS: enabled (manual)

HTTP Location Privacy: disabled

SSH: enabled, user: admin, auth: publickey password

NTP250> V

Configuring Services...

Service Commands:

q Exit Service Menu

H Disable HTTP interface

S Disable HTTPS interface

R Enable Location Privacy on HTTP

LP Update SSH password

LW Disable SSH password based auth

LK Update SSH authorized keys

LY Disable SSH authorized keys auth

LD Disable SSH

NTP250>

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/centerclick/feedback/issues/7#issuecomment-974136970, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AHTTACHIHEEPAGONERL7VHLUMZP5XANCNFSM5EMPBWBQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

dave4445 commented 2 years ago

1.27

sgrayban commented 2 years ago

works perfectly!!