Home Networking

Home networking

someone gave me a really good explanation of what ssh public vs private keys are, involving japanese stamps. each device has 2 only. The stamp is the same but the inprint left by it is different - because it’s hashed. Public keys are available even online through github for anyone to see. they’re what i’d give someone that wants to give me access to their service.

Next steps are tailscale which routes traffic; and syncthing.

Lawrence Systems Syncthing Tutorial: Open Source & Private File Sync Made SimpleLawrence Systems Syncthing Tutorial: Open Source & Private File Sync Made Simple

disabling no/other usernames on my vps.

SSH, Networking - April 15

Recently I’ve learned a lot about LoRa, Reticulum, Meshtastic, MeshNodes + Networking, jailbreaking, remote access to a server, how SSH keys are per device and some senses of criptography.

The most key discovery is that for my Digital Ocean Droplet SSH, there’s an extra setting needed to prevent password access and hacks. “On Ubuntu 22.04+ and Debian 12+, you must also set the PasswordAuthentication setting to yes in both /etc/ssh/sshd_config.d/50-cloud-init.conf and /etc/ssh/sshd_config.”

DigitalOcean I lost the SSH key for my Droplet | DigitalOcean DocumentationDigitalOcean I lost the SSH key for my Droplet | DigitalOcean Documentation

image

PasswordAuthentication no PubkeyAuthentication yes ChallengeResponseAuthentication no

On /etc/ssh/sshd_config.

This is a reminder that when I change computers I need to remember to add another SSH key before resetting it fully. Or carry a flashdrive. I’ve met someone with one with a brand of “V”.

What else should I check?

  • If I SSH in without a hostname, it still however asks for password.
    • ➜  ~ ssh living.ines.systems
ineslucas@living.ines.systems's password:

// Strange since I've disabled anyways remote access.
// Here ineslucas is my local machine's username, not an allowed host name. 

// To check all users. Most will be system accounts.
cat /etc/passwd

// And even the right password seems to get denied.
  • Test if someone ssh’ing with the correct hostname but on another machine is still prompted for a password.
  • In addition to sshd_config, there’s also a ssh_config file outlining other types of auth.
  • Check usePam implications.
  • If you lose your SSH key, Digital Ocean’s solution currently is to use their web console and I wonder what kind of security vulnerability does that present.

Sources

Ask Ubuntu Why is "50-cloud-init.conf" created?Ask Ubuntu Why is "50-cloud-init.conf" created?

itp.nyu.edu
Networks Website

Home Networking