Is there a quick document on firming up the security of the Astroberry system like a set of instructions to change the passwords for all components (login, VNC anywhere else?) and perhaps setting up insecure ports to be only available via localhost so that they can be tunnelled via ssh from the desktop?

Also, I tend to login via ssh and would like to use my own username, as typing "astroberry@" all the time is a right pain. Will future updates to the Astroberry perhaps cause problems for me if I am not logging in as the Astroberry user? (it would be nice if everything is independent of the Astroberry user), I know for instance that indiwebmanager and novnc appear to run under that user. Perhaps instructions on what groups a custom user needs to be a member of for everything to work.

Perhaps one for the FAQ on Github?

Hoping for clear skies soon.

Oh, also instructions on samba password / user creation for file sharing...

I know a lot of this is usual Linux maintenance tasks and it is easy to google the answers, but would still be nice to have the Astroberry specifics in a single place, and outlining any problems that we might come across specific to Astroberry.

If you are using OpenSSH to ssh into the astroberry then you can create a file called config in the .ssh (mind the dot!!!) directory in your home dir with the contents shown below (replace <your host> with the actual astroberry hostname and<your host alias> with a short alias, i.e. astroberry). Then you can simply type "ssh astroberry" (if that's the alias you chose) and you will be prompted for the password of the astroberry user. That saves a LOT of typing. You can also create a public/private key pair of which you put the private key in the .ssh directory of the astroberry and the public on in the .ssh directory of the machine that you type the "ssh astroberry" command on and you will not even need a password anymore. Super safe since no one will have your public key but you.

By the way, this works for any OpenSSH server/client combi and also can work with PuttY (on Windows) but PuttY uses a different public/private key mechanism.


HTH, Wouter

ForwardX11 yes
ForwardX11Trusted yes
TCPKeepAlive yes
ServerAliveCountMax 3
ServerAliveInterval 10
GSSAPIAuthentication no

Host <your host alias>
Hostname <your host>
User astroberry

For Windows and PUTTY use PUTYGEN - creates correct Putty secure key - quick and simple to do

Thanks, yes I use public key authentication quite a bit for work and have it set up for my custom user, did not know about the alias feature though. In any case I have created a custom user on my set up.

I will welcome any initiative to develop user manual. It's beyond my capacity.
The system is compiled for a regular user. If you want to customize it you are free to go. INDI Web Manager is user dependent service, others are not.