search

intelligent-agent / Refactor

Linux distro for 3D-printers
https://wiki.iagent.no/wiki/Refactor
GNU Affero General Public License v3.0
28 stars 19 forks source link

Disable ssh login by default #272

Closed eliasbakken closed 2 years ago

eliasbakken commented 2 years ago

Armbian is created for SBCs, but a printer is something different. As the distro matures, fewer people will ever access using ssh, leaving root access with no password. We might want to disable ssh access by default and enable it through some other means. SSH access should be enabled by two ways: 1) By adding a files called "ssh" in the /boot directory 2) By enabling SSH through the Refactor tab in OctoPrint. The integration could be synchronized by adding helper scripts/programs such as /sbin/enable-ssh-access and /sbin/disable-ssh-access that can be called from the command line or from the OctoPrint UI.

eliasbakken commented 2 years ago

There is no easy way to add a file to an eMMC drive. Instead, the user can log in via the USB device connector, via the UART0 debug connector or via access through the web interface. I think the best way is to enable/disable the sshd service. Further, I think we should disable root login and only allow access to user debian. Debian user has sudo rights, so there is no difference in security level, but users seem to be more comfortable not being root.

eliasbakken commented 2 years ago

Works with Mainsail, but some other issues are still open related to this.