Jump to content

useradd on Pineapple for ssh tunnel


deo406
 Share

Recommended Posts

I don't know if this is a stupid easy question but I was wondering, is it possable to add a non-root user on the Pineapple Mark V. The reason why I want to be able to do this is to add another secure messure for when I have my SSH Tunnel set up to my server. For example, someone discovers my wifi pineapple and if they get my password from my Pineapple and SSH into it and then they would be able to SSH into my server without a password, that's what I am worried about since when they do, they have root privileges. Unless I am setting it up wrong... Any ideas?

Link to comment
Share on other sites

Give this a read: http://wiki.openwrt.org/doc/howto/secure.access

That should answer your questions of how and maybe what else to implement.

That's very useful Mr-Protocol, thanks. I don't agree with the "don't let the SSH server dropbear listen on the default port (22)" part, at least not as a security measure.

There are other things you can do deo406 to help, and you are correct to be concerned. It sounds like you are worried about someone accessing your "relay server" by exploiting your pineapple. You absolutely do not want to add the pineapple's public key to the root account on your Internet facing server. In fact, if you are only using that key for the tunnel, create a special account on your server explicitly for the tunnel. (You can forward multiple ports over one tunnel by-the-way.) Then further protect that account by having it's shell be something like /bin/false. And you should also add options to the authorized_keys file entry for that account such as (no-agent-forwarding, no-pty, no-user-rc, no-X11-forwarding). There's a lot of information about this on Google.

.

Edited by fringes
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...