💾 Archived View for bulletpr00f.host › gemlog › posts › 2021-12-28.gmi captured on 2023-01-29 at 15:27:24. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-03-01)
-=-=-=-=-=-=-
A while back someone emailed me to ask how I set this up.
ssh fortune@jump.bulletpr00f.host -p 2222
_________________________________________
/ Q: How many surrealists does it take to \
| change a light bulb? A: Two, one to |
| hold the giraffe, and the other to fill |
| the bathtub |
| |
| with brightly colored machine tools. |
| |
| [Surrealist jokes just aren't my cup of |
\ fur. Ed.] /
-----------------------------------------
\
\
.--.
|o_o |
|:_/ |
// \ \
(| | )
/'\_ _/`\
\___)=(___/
Connection to jump.bulletpr00f.host closed.
It automatically logs you in and displays a a penguin saying something.
Solderpunks blog post explains how it works really well but I figured I'd write a simple step by step thing to explain it in case anyone has trouble following it. Like for example me next time I break my server and can't recall exactly how this was done.
the first command creates a user with no password, then the second deletes the password.
adduser --disabled-password --gecos '' fortune passwd -d fortune
Note: some older versions of openssh-server have a bug where this does not work if you put it it in /etc/ssh/sshd_config.d/
So if you're running a version older than 8.4 you will have to put it in /etc/ssh/sshd_config directly
https://bugzilla.mindrot.org/show_bug.cgi?id=3122
Match User fortune
PasswordAuthentication yes
PermitEmptyPasswords yes
ForceCommand fortune|cowsay -f tux
That should pretty much do it.
also i run this weird setup inside of an lxd container on my host so I use this to forward port 2222 to port 22 in the container
lxc config device add games ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22