💾 Archived View for bulletpr00f.host › gemlog › posts › 2021-12-28.gmi captured on 2024-08-18 at 17:11:20. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2022-03-01)

-=-=-=-=-=-=-

public ssh applications

A while back someone emailed me to ask how I set this up.

ssh fortune@jump.bulletpr00f.host -p 2222
 _________________________________________
/ Q: How many surrealists does it take to \
| change a light bulb? A: Two, one to     |
| hold the giraffe, and the other to fill |
| the bathtub                             |
|                                         |
| with brightly colored machine tools.    |
|                                         |
| [Surrealist jokes just aren't my cup of |
\ fur. Ed.]                               /
 -----------------------------------------
   \
    \
        .--.
       |o_o |
       |:_/ |
      //   \ \
     (|     | )
    /'\_   _/`\
    \___)=(___/

Connection to jump.bulletpr00f.host closed.

It automatically logs you in and displays a a penguin saying something.

Solderpunks blog post explains how it works really well but I figured I'd write a simple step by step thing to explain it in case anyone has trouble following it. Like for example me next time I break my server and can't recall exactly how this was done.

solderpunk's post is here

Steps

the first command creates a user with no password, then the second deletes the password.

adduser --disabled-password --gecos '' fortune
passwd -d fortune

Note: some older versions of openssh-server have a bug where this does not work if you put it it in /etc/ssh/sshd_config.d/

So if you're running a version older than 8.4 you will have to put it in /etc/ssh/sshd_config directly

https://bugzilla.mindrot.org/show_bug.cgi?id=3122

Match User fortune
        PasswordAuthentication yes
        PermitEmptyPasswords yes
        ForceCommand fortune|cowsay -f tux
        

That should pretty much do it.

also i run this weird setup inside of an lxd container on my host so I use this to forward port 2222 to port 22 in the container

lxc config device add games ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22