Security measures for WWW internet access to Vu+ Duo ??

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • meggiedude
    Top Poster +
    • May 2012
    • 215
    #1

    Security measures for WWW internet access to Vu+ Duo ??

    Lo.

    Currently running BH 1.7.6.
    I have a static IP set for my broadband (via ISP) and am looking at opening up the port on router to port forward to allow either android login from phone or remote PC access to the box via OpenWebif.
    Tested this, and openwebif works OK on LAN and WAN, but uncomfortable about a couple of things.

    1) this by default uses root login - needs to change to something less god-like.
    2) telnet or http access really should not be used as not secure.

    Found android app that allows ssh login. So how do I configure this on the Duo, and how do I add new more appropriate userid/password.

    Also can the Openwebif be locked down with more security for external access. Or is there a better windows based solution (when not using android phone)?

    Ta

    MD
    Last edited by meggiedude; 23 July, 2012, 11:03.
    Tags: None
    • digicon
      V.I.P. Member
      • Jul 2009
      • 8261
      #2
      You cant change the User: root name its fixed you can only change your password, i change mine via telnet never really tried ssh but it needs activating on the BH image as its set to off.

      The webif option can be changed in the main menu.

        Comment

        • meggiedude
          Top Poster +
          • May 2012
          • 215
          #3
          Originally posted by digicon
          You cant change the User: root name its fixed you can only change your password, i change mine via telnet never really tried ssh but it needs activating on the BH image as its set to off.

          The webif option can be changed in the main menu.
          Hmmmm, not sure about that mate.
          Blackhole is Linux/UNIX based and as an ex UNIX admin I know you can have other users on the system. After all there is a passwd file on the system

          Loging onto any system across the WWW via a root password should be a big no-no. I did try and switch off telnet in favour of ssh and for some reason it ignored the command.

            Comment

            • Bann32
              DK Veteran
              • Oct 2011
              • 518
              #4
              If you go into the bin folder you can see what commands are available to use for your image you can of course add others to it from the busybox selection, to suit your needs, but I think adduser is on all images.

              You can also use ssh key authentication if you wish and there is always the option to force SSL on your http connection.
              Last edited by Bann32; 24 July, 2012, 10:37.

                Comment

                • briz
                  Junior Member
                  • Jun 2012
                  • 38
                  #5
                  SSH tunnel

                  I tunnel HTTP over SSH to securely access my box.

                  I also disable password based login over SSH and authenticate only using public keys.

                  I wanted to also disable the root login, create another user and use su to get root as an extra precaution, but yet to find an image with the su command included in busybox.

                  Plenty of info out there via google on how to do all this (just bear in mind most images use dropbear instead of OpenSSH common on Linux desktops/servers)

                  Happy to expand on this later if anyone wants more info.

                    Comment

                    Previous template Next
                    Working...