💾 Archived View for bulletpr00f.host › gemlog › posts › 2021-12-28.gmi captured on 2024-08-18 at 17:11:20. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-03-01)
-=-=-=-=-=-=-
A while back someone emailed me to ask how I set this up.
ssh fortune@jump.bulletpr00f.host -p 2222 _________________________________________ / Q: How many surrealists does it take to \ | change a light bulb? A: Two, one to | | hold the giraffe, and the other to fill | | the bathtub | | | | with brightly colored machine tools. | | | | [Surrealist jokes just aren't my cup of | \ fur. Ed.] / ----------------------------------------- \ \ .--. |o_o | |:_/ | // \ \ (| | ) /'\_ _/`\ \___)=(___/ Connection to jump.bulletpr00f.host closed.
It automatically logs you in and displays a a penguin saying something.
Solderpunks blog post explains how it works really well but I figured I'd write a simple step by step thing to explain it in case anyone has trouble following it. Like for example me next time I break my server and can't recall exactly how this was done.
the first command creates a user with no password, then the second deletes the password.
adduser --disabled-password --gecos '' fortune passwd -d fortune
Note: some older versions of openssh-server have a bug where this does not work if you put it it in /etc/ssh/sshd_config.d/
So if you're running a version older than 8.4 you will have to put it in /etc/ssh/sshd_config directly
https://bugzilla.mindrot.org/show_bug.cgi?id=3122
Match User fortune PasswordAuthentication yes PermitEmptyPasswords yes ForceCommand fortune|cowsay -f tux
That should pretty much do it.
also i run this weird setup inside of an lxd container on my host so I use this to forward port 2222 to port 22 in the container
lxc config device add games ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22