Pil lan IP #the one you set ( in the router dhcp lease or static). You'll love this peace of mind: help with your /etc/hosts file: I stuck to my old VNC 5 for accesses from Windows because I hate to install new softs, and for my nuxes I selected Remmina long ago, so I stick with it. You only need to choose the VNC client you'll give your trust. Then you can use VNC over SSH to gain remote GUI access to your Pi () I prefer this than relying on an additional service for security (VNC). Once your http server is secured with its own methods, go back in your router to instruct it to allow http to the Pi (which yet have it's own static IP). Now decide to leave uPnP enable and you're done with ssh, or decide to disable it then will have to walk a last step: set your Pi for a static IP (the way you want, real static set in the Pi, or my preferred (centralization), a dhcp lease in your router) so that then you can instruct the router to allow SSH (port 22>22 or random>22, or random>same-random (for this last, set the ssh server port in the conf where you disabled password auth etc.)) in to the Pi. Go out of home (with your IP in mind), retest: if you can login and never put hands in the firewall of your router, that means it had uPnP enabled (imagine rotten server softwares in Windows or even Linux or any box with IoT inside to ask your router to open their door!). Then you can create the firewall rule to accept ssh from anywhere (anyone being you ATM, regards to your private key (don't leave it unprotected)). Then learn some bits of SSH, yet embedded in mostlinux distributions.Ĭhoose/select for keys authentication for your ssh server, so create your keys, put the public part in the file ~/.ssh/authorized keys, set your SSH server to refuse password authentication (all this is in the official doc). You have 3 profiles there : one is firewall disable, two are firewall enable (not sure if the single difference in these 2 is supported by the current raspbian kernel : the diff is, when a visitor knocks the door and the firewall is instructed by the defaults and you to refuse to let he come in, either the firewall will reply why or will reply nothing).Īs long as you're in front of the pi keyboard, you can select one of the 2 active profiles in gufw (the firewall won't prevent you from local logins) If lost there, install gufw (gnome uncomplicated firewall) from official Raspbian repo. If you have already started your web server, use the native firewall in linux (netfilter/iptables). So, first, on the Pi change password for user pi and its name (search recent thread here in my posts->) Your Pi is at home (protected from world natties by your router that defaults to block anyone asking anything from the outside. You would have to set only 2 rules in firewalls for this (the less the rules the less resources for this job).
0 kommentar(er)
