Any Paranoid Amahi users?

rbmattis
Posts: 100
Joined: Fri Mar 18, 2011 8:37 am

Any Paranoid Amahi users?

Postby rbmattis » Thu Jun 30, 2011 10:03 pm

Question, are there any paranoid amahi users on here?

I'm pretty happy with my HDA. It's like my own personal cloud, I can use HDA-connect, establish a secured UVNC window, browse the internet over remote desktop, share files via SMB, access sickbeard, couchpotato, sabnzbd, gmote, ampache, manage my router etc. etc. etc.

I feel though that I know just enough to get myself in a lot of trouble security wise. I have a lot of ports opened for various services. I have strong and unique passphrases on ALL of my various services on amahi but I just feel like at any given moment some black hat could rain on my parade.

My tentative idea is this: Close all the ports on my router save OpenVPN into my dd-wrt router. Create my OpenVPN CA on my sterile non-internet connected netbook. Connect the netbook to the router, copy the Private server key. Then copy the client keys to my workstation, notebook, and android phone. When I'm on the road and over an unsecure channel (ala public wifi) I can VPN into my router and access all my HDA services over an encrypted channel. If any of my devices gets stolen, I can just revoke it's key, without needing to rejigger the rest of my systems.

That seems easier than trying to make all my webservices https when some of them don't support https.

Does this seem like it'll work to you all? Are there any major weaknesses (i'm still new to this stuff)?

rbmattis

User avatar
sgtfoo
Posts: 419
Joined: Sun Jul 18, 2010 8:27 pm

Re: Any Paranoid Amahi users?

Postby sgtfoo » Wed Jul 06, 2011 6:14 am

I'm somewhat new to the linux server thing as well, but I'm already familiar with the networking stuff and yet I have no good judgement on how many port holes is too many to punch in a router that sees the internet for Amahi's access to the web.

It does concern me... and the Amahi team doesn't seem too concerned.

I guess the thing about this stuff is that if you have a more secure way of doing what you want with your own server then go ahead with it, and let us know how it goes.
SgtFoo
HDA: VM inside oVirt FX-8300 95w (2 cores for HDA), 32GB RAM (2GB for HDA)
My PC: FX-8300, 16GB RAM, 3x 1TB HDDs, Radeon HD6970 2GB video; Win10 Pro x64
Other: PC, Asus 1215n (LXLE), Debian openZFS server (3x(2x2tb) mirrors)
Modem&Network: Thomson DCM475; Asus RT-AC66U; HP 1800-24G switch

rbmattis
Posts: 100
Joined: Fri Mar 18, 2011 8:37 am

Re: Any Paranoid Amahi users?

Postby rbmattis » Wed Jul 06, 2011 10:06 am

>It does concern me... and the Amahi team doesn't seem too concerned.

I'd cut them more slack. They're busy trying to make the product appeal to the 99% of users that aren't paranoid. That they support OpenVPN by default is pretty progressive ;)

Status update... I generated the keys, reflashed my WNR-3500L with dd-wrt Kong Mod, copied the keys to the router. Still having issues getting OpenVPN daemon to fire up...DH parameter error... will experiment more when I get home.

I've copied the client1 keys to my win7 notebook for testing, but it obviously doesn't work (until the openVPN daemon on the router is configured correctly)

Who is online

Users browsing this forum: No registered users and 5 guests