freedombone/doc/EN/security.org

2.2 KiB

/free/freedombone/src/commit/076ddb8bb4e700437fa816fc1add819ec3dd9eeb/doc/EN/images/logo.png

Authentication with keys

It's a lot more secure to log in to the Freedombone system using ssh keys rather than with a password. You can set that up by first running:

freedombone-client

On your local system (i.e. whatever you're logging in to the Freedombone system from, typically a laptop). Then:

ssh myusername@freedombone.local -p 2222

Select Administrator controls and re-enter your password, then Manage Users and Change user ssh public key. Copy and paste the ssh public keys which appeared after the freedombone-client command was run. Then go to Security settings and select Allow ssh login with passwords followed by no.

You'll need to make sure that you have a copy of the ~/.ssh directory on your local system. You could just copy that directory to a USB drive and then keep that somewhere safe so that you can restore the keys if you need to.

Administrating the system via an onion address (Tor)

You can also access your system via the Tor system using an onion address. To find out what the onion address for ssh access is you can do the following:

ssh username@freedombone.local -p 2222

Select Administrator controls then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following on your local system:

freedombone-client

This will set up your ssh environment to be able to handle onion addresses. Then you can test ssh with:

ssh username@address.onion -p 2222

Subsequently even if dynamic DNS isn't working you may still be able to administer your system. Using the onion address also gives you some degree of protection against corporate or government metadata analysis, since it becomes more difficult to passively detect which systems are communicating.