I have a headless Zero2W board set up with RPi Lite, Apache and PHP at my home which I use to host my own website. I have set up a port forwarding rule on my BT Hub/Router to direct website traffic to it on port 80 with TCP protocol. (NB This is the only port forwarding rule set up on the BT Hub /Router).
To enable me to update the website as the Zero2W is headless, I SSH in from an RPi5 on the same local network. This RPi5 has no port forwarding from the BT Hub/Router.
Following the security advice from the documentation on the raspberrypi.com website, I have set up SSH keys between the RPi5 and Zero2W (Rpi5 holds the private and public key whilst the Zero2W only has the public key) , disabled password access, set myself up as sole user, changed the default SSH port from 22, along with several other similar actions.
My query is, if neither machine has port forwarding for SSH (on port 22 or otherwise) set up on my BT Hub/Router, then do all the security actions need putting in place for a local only system? Also, the documentation seemed to suggest that the security actions only be set up on the machine where contact will be made from, in this case the RPi5. I carried out the security actions on both machines, thinking they both need protection. I am wondering whether my security actions are needed and if I have not followed the right overall strategy.
Any help will be much appreciated.
To enable me to update the website as the Zero2W is headless, I SSH in from an RPi5 on the same local network. This RPi5 has no port forwarding from the BT Hub/Router.
Following the security advice from the documentation on the raspberrypi.com website, I have set up SSH keys between the RPi5 and Zero2W (Rpi5 holds the private and public key whilst the Zero2W only has the public key) , disabled password access, set myself up as sole user, changed the default SSH port from 22, along with several other similar actions.
My query is, if neither machine has port forwarding for SSH (on port 22 or otherwise) set up on my BT Hub/Router, then do all the security actions need putting in place for a local only system? Also, the documentation seemed to suggest that the security actions only be set up on the machine where contact will be made from, in this case the RPi5. I carried out the security actions on both machines, thinking they both need protection. I am wondering whether my security actions are needed and if I have not followed the right overall strategy.
Any help will be much appreciated.
Statistics: Posted by Duggieb — Fri Feb 02, 2024 11:01 am — Replies 1 — Views 40