Hi A couple fairly easy things to add on the login box, most of them are just cron jobs:
1) Login timing - only login first 5 seconds of the minute 2) Rotating passwords by day / hour 3) Logging and email alerts - every login attempt generates an email 4) Login hours - If you are home at night, no logins then. 5) Rate limiting - stop responding for 10 minutes after 3-5 failed attempts All of this stuff has downsides. If it is *vital* you log in you may not want to do some of them. What ever you do, I would go with SSH and set it up to use *large* keys only. Bob On Aug 29, 2007, at 7:10 AM, Bill Maas wrote: > On Mon, 2007-08-27 at 10:28 -0700, Paul Bartell wrote: >> I would like to hear about some of these tricks. Its sounds like fun. > > Alternate ports, IP redirection, hosts.allow, complex multiple login > paths, who knows what else (see firewall manuals in the first place). > > But the point is that a Soekris box is perfect for use as a central > access point for a network: logins don't require huge amounts of > processing power, and it's power usage while running 24/7 is > eco-friendly by any standard. Also note that the difficulty to break > into a system will grow [more or less] exponentially with the > number of > different passwords required for access (which makes sudo vs. su an > unsafe program to use, surely in ALL:ALL config). So using a surplus > Soekris box as such a central RAS definitely makes sense. > >> I have also thought about controlling a robot with a soekris, but >> wouldent you need more GPIO? or would you use a simple AVR program to >> drive the servos etc? > > What I have in mind is a program that reads a command language and > sends/receives bytes over RS232 to the microcontroller, which runs a > program that translates these bytes into actions (and sensor input to > bytes sent back). Such a translator would only have to be written > once, > and programmed once per AVR (save for extensions and, of course, bug > fixes). > > Gain: a comfortable programming environment without all the size > constraints of traditional AVR (or PIC) programming. In other words > the > possibility to run enormous programs, somthing which can't be done > with > the standard tools. It will requires developing a command language of > course, so this is obviously not something done over a weekend.. > > Timing will definitely be an issue due to latencies in program > execution > and the connection, but that's where a great part of the challenge > lies. > Motion doesn't require real-time operation at all (we aren't real-time > systems ourselves), and timing issues could be resolved in the > hardware, > through anticipation and by setting message priorities. Maybe > having to > deal with those latencies will even enhance the robot's motion in the > end. > > I'm by far not a robot expert, I just stumbled into robotics by chance > about 1 1/2 year ago. From what I've seen so far it's not really a > stupid idea. It's just like controlling a robot from a PC, but with > the > PC sitting on the robot itself. > > It does at least look like a nice challenge. Can't wait to see the > first > robot run, "Powdered By OpenBSD". So if anyone is interested in > starting > a SoekrisBot project, I'd be happy to contribute whatever I can. > > > Bill > >> On 8/27/07, Bill Maas <[EMAIL PROTECTED]> wrote: >>> Hi, >>> >>> (1) (Almost) identical config for load-balancing and/or cases where >>> the 4801 breaks down or needs to be pulled down for maintenance. >>> CARP is tailored for such setups, but I couldn't get it working >>> together with SSH (that was on OpenBSD 3.9, using the local >>> ethernet interface for SSH logins - with a separate maintenance >>> network it should give no problems). >>> >>> (2) In case you are offering external SSH access to any "live" >>> device: >>> set up the 4501 as an "SSH RAS" for your network. You'll have >>> to log >>> in twice or more to reach a particular machine, but at least it >>> won't have to be directly exposed to the Big Bad World anymore. >>> And you can play all kinds of tricks to make a cracker's life >>> more >>> difficult - fun!! >>> >>> (3) Use it for controlling a robot. Would require some real-time >>> capabilities from the OS though. But if you've ever >>> programmed an >>> AVR directly, you'll know how incredibly comfortable high-level >>> languages running with MB's rather than kB's of memory are. >>> I'd very >>> much like to give this a try, in case anyone's interested. >>> Should >>> provide Soekris Engineering with a great boost too. Robots >>> are hot! >>> (it seems). >>> >>> Bill >>> >>> On Sat, 2007-08-25 at 10:14 -0500, Ronald L. Rosson Jr. wrote: >>>> I currently have a NET4501 sitting on the shelf doing nothing since >>>> it was replaced by my NET4801 as a firewall running pfSense. >>>> >>>> I am looking for a low cost solution to have this system do >>>> something >>>> that can benefit my network that the NET4801 is not doing at the >>>> moment. >>>> >>>> any idea? >>>> >>>> TIA >>>> >>>> -Ron >>>> _______________________________________________ >>>> Soekris-tech mailing list >>>> [email protected] >>>> http://lists.soekris.com/mailman/listinfo/soekris-tech >>>> >>> >>> _______________________________________________ >>> Soekris-tech mailing list >>> [email protected] >>> http://lists.soekris.com/mailman/listinfo/soekris-tech >>> >> >> > > _______________________________________________ > Soekris-tech mailing list > [email protected] > http://lists.soekris.com/mailman/listinfo/soekris-tech > _______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
