Hi all,
The main question is: what steps do you have to do/set to secure remote connections. I want my app on my phone to be able to contact HA, but no one else.
I want my new installation to be secure. So I have installed Duck DNS (with Let’s Encrypt to create a SSL (HTTPS) connection. But still a password to login. Have an port forwarding rule in my router. It works #happy.
Now I installed the Terminal & SSH add-on to have a terminal within the browser. But I can’t make up if this is secure. I want to disable remote SSH, only local terminal from within the browser. That works. But no password is needed and I am “root”. That doesn’t sound secure.
Putty from a local device not necessary. my phone also can browse from the app to a terminal and that works. That is not necessary and not desirable.
All different advises. Some say I have to generate key-pair from a local device and put the private key in the configuration setting. Others say to leave it empty to disable the feature.
Any advises for a newbie?