[TriEmbed] [TAR] PiTunnel

Brian triembed at undecidedgames.net
Thu Dec 7 15:33:23 CST 2017


If you want to cut down on the amount of hammering your SSH server gets 
from the world at large (and it will get hammered, trust me[0]), you can:

- Set up firewall rules that block attempts from anywhere but places you 
expect to be (at a risk of being locked out if you're somewhere new), or
- Configure SSH to listen on a nonstandard port [1]

I use a combination of both: my more-secure system has firewall rules, 
but another system accepts connections on a non-standard port.  Then, if 
needed, I can connect to the secondary system with a key, from anywhere, 
and open a hole in the firewall if necessary.

-B

[0] An open public port 22 will be quickly noticed by scanning bots. 
With password authentication turned off, you don't need to be worried 
about people breaking in, but it does cost CPU cycles and sockets to 
connect and reject all the would-be attackers.

[1] Security by obscurity is not security at all, but it can help you 
fly outside the notice of the least-sophisticated script kiddies

On 12/07/2017 04:03 PM, John Vaughters via TriEmbed wrote:
> I am personally not fond of middlemen.
>
> Here is what you do and it is extremely secure:
>
> 1. Learn about DDNS and implement it, now you have a domain.
> 2. Open ssh port 22 and learn how to set up keys and only authenticate
> on keys
> 3. Learn how to port forward with ssh and now you have access to any
> port on your Pi or any computer for that matter
>
> John Vaughters
>
> On Thursday, December 7, 2017, 3:18:04 PM EST, Carl Nobile via TriEmbed
> <triembed at triembed.org> wrote:
>
>
> Ken,
>
>  From reading their docs it seems you would be setting up a VPN between
> your RPI and their site. As long as the credentials were not being sent
> in the clear or they weren't using, what is called a developer key, they
> should be fairly safe. I would expect an OAuth2 token is used, but
> haven't dived into their docs too far yet.
>
> Carl
>
>
> On Thu, Dec 7, 2017 at 3:09 PM, Ken Boone kensrobots at gmail.com
> <mailto:kensrobots at gmail.com> [trianglerobotics]
> <trianglerobotics at yahoogroups.com
> <mailto:trianglerobotics at yahoogroups.com>> wrote:
>
>     __
>
>     Has anyone played with this? Sounds simple but a little scary
>     depending on a remote url.
>
>     Ken
>
>     https://www.pitunnel.com/
>
>     __._,_.___
>     ------------------------------------------------------------------------
>     Posted by: Ken Boone <kensrobots at gmail.com
>     <mailto:kensrobots at gmail.com>>
>     ------------------------------------------------------------------------
>     Reply via web post
>     <https://groups.yahoo.com/neo/groups/trianglerobotics/conversations/messages/5440;_ylc=X3oDMTJwYXFkaWdhBF9TAzk3MzU5NzE0BGdycElkAzM3NTYxODEEZ3Jwc3BJZAMxNzA1MTM3MDc4BG1zZ0lkAzU0NDAEc2VjA2Z0cgRzbGsDcnBseQRzdGltZQMxNTEyNjc3MzUw?act=reply&messageNum=5440>
>     	•	Reply to sender
>     <mailto:kensrobots at gmail.com?subject=Re%3A%20PiTunnel> 	•	Reply to
>     group
>     <mailto:trianglerobotics at yahoogroups.com?subject=Re%3A%20PiTunnel> 	•	Start
>     a New Topic
>     <https://groups.yahoo.com/neo/groups/trianglerobotics/conversations/newtopic;_ylc=X3oDMTJlMXY3dTduBF9TAzk3MzU5NzE0BGdycElkAzM3NTYxODEEZ3Jwc3BJZAMxNzA1MTM3MDc4BHNlYwNmdHIEc2xrA250cGMEc3RpbWUDMTUxMjY3NzM1MA-->
>     	•	Messages in this topic
>     <https://groups.yahoo.com/neo/groups/trianglerobotics/conversations/topics/5440;_ylc=X3oDMTM0MzMzdTNsBF9TAzk3MzU5NzE0BGdycElkAzM3NTYxODEEZ3Jwc3BJZAMxNzA1MTM3MDc4BG1zZ0lkAzU0NDAEc2VjA2Z0cgRzbGsDdnRwYwRzdGltZQMxNTEyNjc3MzUwBHRwY0lkAzU0NDA->
>     (1)
>
>     ------------------------------------------------------------------------
>     Have you tried the highest rated email app? <https://yho.com/1wwmgg>
>     With 4.5 stars in iTunes, the Yahoo Mail app is the highest rated
>     email app on the market. What are you waiting for? Now you can
>     access all your inboxes (Gmail, Outlook, AOL and more) in one place.
>     Never delete an email again with 1000GB of free cloud storage.
>     ------------------------------------------------------------------------
>     Visit Your Group
>     <https://groups.yahoo.com/neo/groups/trianglerobotics/info;_ylc=X3oDMTJlZHBxazY4BF9TAzk3MzU5NzE0BGdycElkAzM3NTYxODEEZ3Jwc3BJZAMxNzA1MTM3MDc4BHNlYwN2dGwEc2xrA3ZnaHAEc3RpbWUDMTUxMjY3NzM1MA-->
>
>
>     Yahoo! Groups
>     <https://groups.yahoo.com/neo;_ylc=X3oDMTJkZjZxOWNzBF9TAzk3NDc2NTkwBGdycElkAzM3NTYxODEEZ3Jwc3BJZAMxNzA1MTM3MDc4BHNlYwNmdHIEc2xrA2dmcARzdGltZQMxNTEyNjc3MzUw>
>
>     • Privacy
>     <https://info.yahoo.com/privacy/us/yahoo/groups/details.html> •
>     Unsubscribe
>     <mailto:trianglerobotics-unsubscribe at yahoogroups.com?subject=Unsubscribe>
>     • Terms of Use <https://info.yahoo.com/legal/us/yahoo/utos/terms/>
>
>     .
>
>     __,_._,___
>
>
>
>
> --
> -------------------------------------------------------------------------------
> Carl J. Nobile (Software Engineer)
> carl.nobile at gmail.com <mailto:carl.nobile at gmail.com>
> -------------------------------------------------------------------------------
> _______________________________________________
> Triangle, NC Embedded Computing mailing list
> TriEmbed at triembed.org <mailto:TriEmbed at triembed.org>
> http://mail.triembed.org/mailman/listinfo/triembed_triembed.org
> TriEmbed web site: http://TriEmbed.org
>
>
> _______________________________________________
> Triangle, NC Embedded Computing mailing list
> TriEmbed at triembed.org
> http://mail.triembed.org/mailman/listinfo/triembed_triembed.org
> TriEmbed web site: http://TriEmbed.org
>





More information about the TriEmbed mailing list