Want more timely Centmin Mod News Updates?
Become a Member

Server admin without ssh holes?

Discussion in 'System Administration' started by Colin, Sep 14, 2020.

Tags:
  1. Colin

    Colin Premium Member Premium Member

    153
    44
    28
    Oct 7, 2015
    Sheffield UK
    Ratings:
    +117
    Local Time:
    1:05 PM
    1.13.#
    MariaDB 10.1.#
    Hi all,

    I've evolved my thinking over the years of how to access multiple servers for sys admin over ssh. Way back when the internet was 'safer', we used to leave a port open for ssh, and sleep without nightmares. How about a nice game of chess?

    The last few years I've had a bastion on standby while using wireguard as my daily source of a fixed ip, open the hole for that ip etc... Wireguard is on a vps via the streisand project; what centmin is to serveradmin, streisand is to setting up a vpn.

    I just took delivery of a pine book pro, seeing if I can make this arm laptop my boot of the car/weekend emergency laptop. I'm also setting up some new vps servers and wanted to finally drop the bastion plan.

    For a totally different project, I'd stumbled on tailscale. They offer a vpn mesh, built on wireguard. Each connected resource has it's own ip and no need to leave an ssh hole open for any ip, vpn or not. So not only can I get away with dropping the bastion, but also the fixed ip vpn. Which is great as I have the proton vpn which I hardly ever use.

    Sadly I can't make my pine book work with it. No worries the old thinkpad 230 still has a place in my go bag :D

    Take a look at tailscale, it's darn interesting and has been easy to configure and setup.

    Appreciate your thoughts...

    Tailscale

    Solutions
     
  2. tininho

    tininho Premium Member Premium Member

    118
    26
    28
    May 22, 2019
    Nordic
    Ratings:
    +78
    Local Time:
    3:05 PM
    Streisand project seems interesting, but last update on April? These may be better choices:

    trailofbits/algo
    Nyr/wireguard-install

    It seems Algo VPN is the most robust and up-to-date?
     
  3. Colin

    Colin Premium Member Premium Member

    153
    44
    28
    Oct 7, 2015
    Sheffield UK
    Ratings:
    +117
    Local Time:
    1:05 PM
    1.13.#
    MariaDB 10.1.#
    Don't get old, I forgot I'd switched from striesland to algo... :D
     
  4. tininho

    tininho Premium Member Premium Member

    118
    26
    28
    May 22, 2019
    Nordic
    Ratings:
    +78
    Local Time:
    3:05 PM
    Still, the settings page generated by Streisand Project is well formatted by default: STREISAND

    I might check it out, there is a slightly updated fork here (seems to have a fix for outdated OpenVPN key): thiras/streisand
     
  5. eva2000

    eva2000 Administrator Staff Member

    45,201
    10,280
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,934
    Local Time:
    10:05 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Last edited: Sep 15, 2020