Friday, February 18


Hippity Hoppity My Server's Still My Property

Something I reflexively do for any new server during setup is restrict public SSH access to my fixed home IP address.  Then if a particular server or user needs to access it over SSH, I add them to the firewall rules (and hosts.allow if applicable).

Which is fine and great except when I take a direct lightning strike to the nets and my NBN box explodes.

I had a bastion host set up for exactly this situation - you just need to know where the bastion host is, and have a key, and have the password for the web-based firewall, and have the passphrase for the SSH key on the server and oops.

Since I haven't really left home during the pandemic I haven't needed to use the bastion host for two years and I can't remember what that passphrase is.

But, since I have the password and key to log in to the bastion host, and since the bastion host is already allowed access to all the other servers at the firewall level, and since I knew that at least one of them was configured to allow password logins, and I knew the password, and that server's SSH key was good to access one of the other servers, and that server could access two more, I was able to hopscotch around the network and regain access to everything.

Also discovered during this effort that one of the backup servers has a failed hard drive (in a RAID-Z array, so it's still chugging along) and the other (much smaller) one is full, so I'm setting up two new backup servers now.  RAID-Z3 time, maybe...

Update: Welcome to the server farm, Sethra Linode.*

* May not actually be hosted at Linode.

Posted by: Pixy Misa at 02:38 PM | No Comments | Add Comment | Trackbacks (Suck)
Post contains 298 words, total size 2 kb.

Apple pies are delicious. But never mind apple pies. What colour is a green orange?

47kb generated in CPU 0.0125, elapsed 0.0952 seconds.
56 queries taking 0.0876 seconds, 328 records returned.
Powered by Minx 1.1.6c-pink.