Friday, February 18
Hippity Hoppity My Server's Still My Property
Something I reflexively do for any new server during setup is restrict public SSH access to my fixed home IP address. Then if a particular server or user needs to access it over SSH, I add them to the firewall rules (and hosts.allow if applicable).
Which is fine and great except when I take a direct lightning strike to the nets and my NBN box explodes.
Something I reflexively do for any new server during setup is restrict public SSH access to my fixed home IP address. Then if a particular server or user needs to access it over SSH, I add them to the firewall rules (and hosts.allow if applicable).
Which is fine and great except when I take a direct lightning strike to the nets and my NBN box explodes.
I had a bastion host set up for exactly this situation - you just need to know where the bastion host is, and have a key, and have the password for the web-based firewall, and have the passphrase for the SSH key on the server and oops.
Since I haven't really left home during the pandemic I haven't needed to use the bastion host for two years and I can't remember what that passphrase is.
Since I haven't really left home during the pandemic I haven't needed to use the bastion host for two years and I can't remember what that passphrase is.
But, since I have the password and key to log in to the bastion host, and since the bastion host is already allowed access to all the other servers at the firewall level, and since I knew that at least one of them was configured to allow password logins, and I knew the password, and that server's SSH key was good to access one of the other servers, and that server could access two more, I was able to hopscotch around the network and regain access to everything.
Also discovered during this effort that one of the backup servers has a failed hard drive (in a RAID-Z array, so it's still chugging along) and the other (much smaller) one is full, so I'm setting up two new backup servers now. RAID-Z3 time, maybe...
Update: Welcome to the mu.nu server farm, Sethra Linode.*
* May not actually be hosted at Linode.
* May not actually be hosted at Linode.
Posted by: Pixy Misa at
02:38 PM
| Comments (3)
| Add Comment
| Trackbacks (Suck)
Post contains 298 words, total size 2 kb.
1
<a
href="https://buythcvapesaustralia.com.au/">Order THC vape carts
australia</a>
Posted by: ase at Thursday, June 22 2023 07:09 PM (bcWOl)
Posted by: aaaa at Saturday, July 15 2023 04:25 AM (yBuni)
3
Awesome article, it was exceptionally helpful! I simply began in this and I'm becoming more acquainted with it better! Cheers, keep doing awesome!jokergame wallet
Posted by: sdftgfd at Tuesday, July 18 2023 05:22 PM (VBzU7)
49kb generated in CPU 0.0175, elapsed 0.1145 seconds.
58 queries taking 0.1055 seconds, 342 records returned.
Powered by Minx 1.1.6c-pink.
58 queries taking 0.1055 seconds, 342 records returned.
Powered by Minx 1.1.6c-pink.
