remote maintenance from outside of network?

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
TOMillr
Posts: 11
Joined: Wed Apr 04, 2018 7:29 pm

remote maintenance from outside of network?

Post by TOMillr » Sat Oct 05, 2019 5:41 pm

I'd like to run a DietPi-setup as an offsite backup location at my parent's place.

Is it possible to setup DietPi to allow me to access the system remotely and do some basic maintenance?

I'm already using a DynDNS setup on my router. Do I need to install additional software to get this done?

User avatar
MichaIng
Site Admin
Posts: 1728
Joined: Sat Nov 18, 2017 5:21 pm

Re: remote maintenance from outside of network?

Post by MichaIng » Fri Oct 11, 2019 4:53 pm

You can use SSH, but when opening to www, you should harden SSH seurity. Read our wiki about it: https://github.com/MichaIng/DietPi/wiki ... dation#ssh
- Do not open port 22 directly, but forward some random 4-integer port via router to port 22 of the DietPi machine. This is since there are many bots out there, trying to login on random IPs at port 22.
- Install fail2ban via dietpi-software to as well prevent possible brute-force attacks on your random ports. There will be most likely none, but better to be on secure side.
- And to finally break any non-bot hackers login attempts, use pub key authentication instead of user/password, at least for root user. You can as well add a passphrase to the key, so that for login the clients needs to key + still a password. I can add some details to the wiki about how to do this with e.g. PuTTY on Windows or openssh+dropbear on Linux clients.
- You can even disable root login via SSH completely and login via another user + use password-protected sudo then. However IMO, as long as there is no very private data or things like company secrets reachable from within your network (that would attrackt hackers), with key-authenticated login on non-default port + fail2ban you should be fine.

LuciaBab
Posts: 2
Joined: Tue Aug 27, 2019 11:01 am

remote maintenance from outside of network

Post by LuciaBab » Tue Oct 15, 2019 5:37 pm

K3 1258MKII on the semote site. But I run this staton on a cabin without powerline. All goes with photovoltaik so I want to run the server on the control site.
Is that possible?

arno oe9amj, 73

User avatar
MichaIng
Site Admin
Posts: 1728
Joined: Sat Nov 18, 2017 5:21 pm

Re: remote maintenance from outside of network?

Post by MichaIng » Wed Oct 16, 2019 1:33 pm

@LuciaBab
Not sure how those two boxes work, but yeah if you want/need a Linux server to control it, I would for sure place it on control side where you have power line. DietPi is not reall read-only capable without some modifications, so power losses always mean a risk of data corruption/losses.

Post Reply