moodeaudio.org > Moode Forum moOde audio player Support v
new image 8.3.x using an older backup/restore

Thank you for your donation!


Cloudsmith graciously provides open-source package management and distribution for our project.


Thread Modes
new image 8.3.x using an older backup/restore
TheOldPresbyope Offline
Moderator
****
Posts: 6,417
Threads: 187
Joined: Apr 2018
Reputation: 261
#9
05-01-2023, 03:27 AM
(04-30-2023, 05:31 PM)MikeyFresh Wrote: So I guess to wrap this in my own head I'll explain what my original (flawed?) thinking was with regard to use of the new security setup or not.

I had thought perhaps the ultimate security was to skip the userid and password entirely, so instead of leaving an open door via the old default userid and password, how about no door at all?

In other words don't even setup a userid/password/SSH at all, then there is no way for a malicious/unauthorized access to occur. That did not go well last week at all, however doing it in the manner prescribed/specified worked just fine today, with the one bit above about Moode's UI thinking the Host name/player was moode after a restore from backup, even though it was actually my new userid.local that brought up the UI, and that new userid is also what worked via SSH.



It's not SSH that's the problem. The security problem is the fact that gazillions of raspberry pis have been put in use with any of only a few username/password pairs well known because they've been published on the Internet (this has also been true for a number of other devices such as routers as well). The small number of such pairs makes for easy credential stuffing attacks.

In my personal opinion, simply changing the password to something known only to you is the critical step; changing the username, not so much. Public key authentication, also supported by SSH, is far superior to using passwords. Of course, if the bad guys have access to your LAN, then it's pretty much game over anyway. Proper firewall management and use of NAT is helpful there. If you have IPv6 running on your LAN and through your router to the Internet then you have more headaches.

The fact that restoring a backup created confusion over the hostname sounds like a bug.

As an aside, in recent versions of moOde you can choose to backup only the radio stations---the predefined stations AND/OR your added stations. This writes a (zipped) file containing only the station data in json format as well as the logo images. This file can be restored to any moOde player without affecting the system configuration/preferences. It's an effective way to preserve your custom stations.


Regards,
Kent
Find
Reply


Messages In This Thread
RE: new image 8.3.x using an older backup/restore - by TheOldPresbyope - 05-01-2023, 03:27 AM

Forum Jump: