Building a BeagleBone Firewall: Part 5

At this point we have a pretty nice little linux box, quite acceptable for doing many things. If we add a stateful firewall, it would make an acceptable kiosk machine.

However, we have a pretty big security hole, we should fix right now. You see, the image we used to put linux on the eMMC and microSD card have pre-installed SSH keys. Which means, every single machine that is installed with these images have the exact same set of public and private keys.  If you don’t understand what that means, that is ok, but suffice to say, if we don’t fix it there is a major security hole.  So lets fix it.

First we want to remove all the old host keys, but not the config files, so from the console issue the following command.

sudo rm -rf /etc/ssh/ssh_host_*

Now, we will want to generate, the new keys.

sudo dpkg-reconfigure openssh-server

Finally, we need to restart the ssh server.

sudo service ssh restart

For more info on why we want to do this, read this.  I highly recommend that you shut the BeagleBone done, pop out the microSD card, boot from the eMMC (simply boot without the microSD) and repeat this process on that OS as well.  Of course, when you are done, shutdown the BeagleBone, put it the microSD back in, and boot back up.

Next up, we will configure the usb to ethernet adapter.

Leave a Reply