Hello everyone.

I have been interested in starting to self-host, and I have just been able to set up the first useful thing for myself (apart from a PiHole that I have running).

Since I am very afraid of making security mistakes, I would like to get feedback from you if my setup is secure or not.

The simple use case: I want to be able to back up files from my main computer to a hard disk, without having the hard disk attached to my main computer.

The setup:

  • A Raspberry Pi 4 running Raspberry Pi OS Lite (64-bit).
  • The Raspberry Pi can only be accessed via ed25519 key.
  • I configured a firewall on the Raspberry Pi with ufw to allow only traffic from the local subnet.
  • I then use sshfs to mount the hard disk connected with the Raspberry Pi to my main computer.
  • I plan to use rsync to back up my files.

Now I need your help: how secure is this setup? Did I make any major mistake? Is there something I could do better?

I’d be happy to get some feedback… 🙂

  • 712@discuss.tchncs.deOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 hours ago

    keep the key safe

    This might be a dumb question, but can I assume the keys are safe in the standard .ssh directory on Linux? Is there anything I should explicitly do to secure the private key?

    • irmadlad@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      4 hours ago

      You should be good with caveats:

      • Permissions on: ~/.ssh: chmod 700 ~/.ssh
      • Permissions on private keys: chmod 600 ~/.ssh/id_rsa or id_ed25519, etc.
      • Permissions on public keys: chmod 644 ~/.ssh/id_rsa.pub

      You can check with: ls -la ~/.ssh/

    • kevincox@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 hours ago

      Generally speaking it will be fine. SSH will also refuse keys with open permissions so you would notice if it was wide-open to other users of the device.

      But you know if you are running random code or AI harnesses as that user it can be at risk. Or if you copy around the key all over the place it is more likely to leak. But generally speaking you are secure by default, just don’t do something dumb with the key and you’ll have no problems.