Lish questions
Currently, when I log into Lish, I can only see the tail end of my system startup, and I cannot issue any commands. Did I f' up my setup somehow? I can ssh (outside of Lish) into my Linode just fine.
Is there a way to lockdown Lish, so that it won't accept password-only logins? I know I can add my id_dsa.pub key, but I can't make that the only thing it will take, right? It would be a bummer if someone brute forced my password, although I think it unlikely.
I would also love to hear any other benefits of Lish, beyond watching my Linode boot up, if anyone has any.
-austin
4 Replies
@astro:
I would also love to hear any other benefits of Lish, beyond watching my Linode boot up, if anyone has any.
That is, by far, the biggest benefit. Linode without lish is like removing the video card from your server after installing the OS. For day to day operations, it doesn't matter, but in a pinch it becomes very useful.
Also, while your linode is powered down (or while powered on if you do CtrlA-D, it works a lot like screen), you can perform basic linode functions like booting an image or rebooting, without having to log into the web interface.
As for no passwords… I'm pretty sure the answer is no, but it could be useful as an option in the web interface to disallow password-based ssh logins. Caker?
Then again, now that I think about it, that's not a truly secure option (but still slightly more secure). An attacker could brute force the linode.com web interface, turn the option for passwords back on, then log onto lish. shrug Still, it's an option.
A: Your linode wont boot
B: You have locked yourself out of your own linode (iptables is a good example)
C: You just want to initiate a reboot/shutdown from a command prompt rather than the LPM.
When your linode is booted and you log-in to lish, you should be able to authenticate with the same ssh password you use for your direct linode ip address.
-austin
