BitWarden Operational and SSH Housecleaning

Good Morning from my Robotics Lab! This is Shadow_8472, and today, I am giving my BitWarden server a bit of a shake down, and since that didn’t take as long as expected, I have a story or two from rearranging my SSH keys. Let’s get started!

Server Fully Operational

Picking up from last week, I installed a BitWarden home server on BlinkiePi and set it up with a static IP making sure it had a unique hostname. To test it, I plugged it directly into my home router. I had to generate and install a self-signed security certificate so the browser plugin could recognize my server once I had directed its traffic appropriately.

I started early this week, expecting the firewall to be crazy complicated and maybe an exercise in futility, but that wasn’t the case. I found a package literally named “uncomplicated fire wall” (ufw). It installed no problem and I was easily able to reject unrecognized traffic by default, then allow ports for SSH and BitWarden.

I then went ahead and installed BitWarden plugins on my remaining computers, trying and failing to follow all the important steps from memory until I gave in and looked up the tutorial again. Later on in the week, I wanted to ensure my setup could withstand a power blink, so I cut power and and later restored it. I expected I’d need to spend a few hours trying to figure out how to get it auto started, but it’s almost like this project wants to short me of content, because I was able to reach its web interface no problem.

SSH Keys Between My Computers

I don’t like entering passwords every time I want to log into a system. SSH keys are way faster and more secure because the host machines are essentially letting you in as you essentially scan an ID instead of stopping to perform a secret handshake that can be more easily faked.

I did some research a while ago, and I found questions as to if the rsa method of making keys was still okay to use. To be honest, if it wasn’t, OpenSSH would probably push an update blocking its usage or at least notifying users that it’s been cracked wide open.

Nevertheless, when I redid my SSH easy access network, I used ed25519 to make my keys, and I transferred them over with ssh-copy-id to move them from one computer to another. I have three workstations I flip flop between, as well as my new password server and my Pi400 hack router. Now that I think about it, I could include the NAS and the Pi4 serving as our entertainment center, but that will wait for a later date.

One nice surprise I found was when I was copying a key from my main desktop on the 400’s subnet to one of my machines on the wider home network, and when my desktop didn’t recognize the computer, but the Pi400 did, the router vouched for the host I was reaching out to.

Takeaway

I suppose I could improve my setup with auto updates. That will mean another hole punched in the firewall, but in all reality, that’s a topic across my network for another day.

Final Question

If you were to spend a week in space, what games would you feel obliged to play along the way?

Leave a Reply