Information
-
stone
is a physical machine hosted at ColoClue in Amsterdam - It's where our backups are stored.
- ColoClue is a friendly, but not radical, network association that facilitates colocation and runs the AS: https://coloclue.net/en/
- The easiest contact is #coloclue on IRCnet (channel key: cluecolo)
- The physical datacenter is DCG: https://www.thedatacentergroup.nl/
Special notes
Since we don't want a compromise of lizard to be able to escalate to a compromise of our backups, stone must never become puppetised in our standard way, but always only in a masterless setup!
SSH
SSHd
Hostname: stone.tails.net IP: 94.142.244.35 Onion: slglcyvzp2h6bgj5.onion
Host key:
SHA256:p+TQ9IvEGqUMJ5twgb1UweOp6omH4/O1hjwdn4jVk6A root@stone (ED25519)
SHA256:K+V5AbCrVqWq9Sc1gP28mdXk37umWpFn1v/pYjxZie8 root@stone (ECDSA)
SHA256:H/Tw12mi2sVTy/dRhlxy6MTQD2xdI76PyG1RweKz9eM root@stone (RSA)
Rebooting
Dropbear listens on port 443, so:
ssh -p443 root@stone.tails.net
Host keys:
SHA256:t1yihiERodaFoW3aebWlXM/FxGTMllf5bqVgSFcjuRw (ECDSA)
SHA256:gUTcTz4cZhRlK/FiTEUnx+KQWsmzH7sFdAyfl0f8F40 (RSA)
SHA256:7dkq21tFlT8lWFuTXKSDe5Hl+XzWTCmsBOGQRSyptcU (DSS)
Once logged in, simply type:
cryptroot-unlock
If the machine is not up and running within a minute or two, connect to the serial console to have a look what's going on.
OOB
Out of band access goes through ColoClue's console server, which allows for remote power on/off and serial access:
ssh groente@service.coloclue.net
Host key:
SHA256:31K4uqPcMa91wy30pk3PJKfe865OZMrGDrfVXjiU0Ds (RSA)
Installation
Base debian install with RAID5, LVM and FDE
apt-get install linux-image-amd64 dropbear puppet git-core shorewall
configured dropbear manually
set up masterless puppet, all further changes are in there