- This topic has 7 replies, 2 voices, and was last updated 6 months ago by
.
-
Posts
-
Hello Everyone,
I wanted to start this thread to answer questions and provide help to members who might want to build a simple home server based upon a Raspberry Pi. We discussed how to get started with this project during our Tech Night last evening. You can find a copy of the presentation here.
I’ve also created a web page that explains what hardware is needed and how to set up a Raspberry Pi home server. You can view the page here.
We’ll complete the home server build at our tech Night in April. We’ll add a Media Server and some more web applications.
Please post here if you have questions or can think of applications and services you’d like to see us add.
Fred, AB1OC
Fred
when you first set up the pi from the web it asked if you wanted to generate and use a unique code to validate this machine. Do you know what information it uses to generate this code and is that sensitive to the configuration of the machine? Will upgrades/changes to pi confuse this code?Dave – K1DHP
Hi Dave,
I am not sure what you are referring to here. Could you take a look at the initial setup video here –
https://homelab.anita-fred.net/raspberry-pi-home-server/#OS_and_CasaOS_Installation
and let me know the time in the video you saw this.
Fred, AB1OC
Hi Dave,
Got it. What we are doing at this point in the setup video is making the initial connection between our Home Server and our PC. The connection is encrypted using SSH (the command we are running to make the connection).
The first time we access our Raspberry Pi from our PC, a unique fingerprint is generated which identifies the specific hardware device our server is running on. Subsequent connections from our PC to the Pi will confirm that the same fingerprint is supplied each time we connect.
If a hacker were to get onto our network and try to emulate our server, their device would not be able to generate the correct fingerprint and our PC would refuse to connect via SSH.
Some SW updates can sometimes cause this fingerprint to change. If this happens, you can edit a file on your PC in your home directory called .ssh/known_hosts to remove the recorded fingerprint for your server and set a new one.
You can learn more about SSH and fingerprints here –
https://www.jscape.com/blog/ssh-key-fingerprint
Fred, AB1OC
Here is a little more about how the SSH fingerprint is generated –
The fingerprint is based on the host’s public key, usually based on the
/etc/ssh/ssh_host_rsa_key.pubfile. Generally, it’s for easy identification/verification of the host you are connecting to.You can view the contents of the file by running
cat /etc/ssh/ssh_host_rsa_key.pub. To view that public key in fingerprint format, runssh-keygen -lvf /etc/ssh/ssh_host_rsa_key.pub.If the fingerprint changes, the machine you are connecting to has changed their public key. This may not be a bad thing (happens from re-installing ssh), but it could also indicate that you are connecting to a different machine at the same domain/IP (happens when you are connecting through something like a load balancer) or that you are being targeted with a man-in-the-middle attack, where the attacker is somehow intercepting/rerouting your ssh connection to connect to a different host which could be snooping your username/password.
Bottom line: if you get warned of a changed fingerprint, be cautious and double-check that you’re actually connecting to the correct host over a secure connection. Though most of the time this is harmless, it can be an indication of a potential issue.
The Public key mentioned above is generated randomly as part of the SSH key pair creation process. You can learn more about generating SSH key pairs here –
https://www.ssh.com/academy/ssh/keygen
When we first set up Linux on on RPi, we generated an SSH key pair. Later, we changed the SSH key to use a different pair that I generated on my macOS system. This caused the fingerprint for the server to change and I had to edit .ssh/known_hosts to remove the old fingerprint so a new one could be generated.
Fred, AB1OC
- You must be logged in to reply to this topic.