Many many thanks for all your useful comments! One of the suggestions which I find very good is to first build up and test the system at home. The hardware problem, however, is that my Vantage Vue weather station is at the cabin, online to Weatherlink.com, and I'm not that keen to unplug it and bring it home for the duration of the testing. To get around that, I wonder what would be the simplest possible replacement "weather station sensor" which I could connect to the weewx-RPi testbed at home in order to send some test weather data to the RPi and onwards. (In principle even a $2 temperature sensor directly connected to the RPi, as in many RPi tutorials, would serve that purpose). Any experience of that? I'll have to think about your excellent VNC vs SSH vs VPN suggestions. I was hoping not to have to do any special configurations of the LAN router, either at home or at the cabin. But I may have to rethink. In terms of need for protection, the value of the weather data is perhaps not that important, but I certainly don't want to leave any holes from which malicious entities may enter my laptop during the summertime when I spend more time at the cabin and connect to the cabin's LAN.
Yes, in terms of uptime, I've had some power breaks, and fried two power adaptors due to lightning during the last 4 years or so the station has been active. An UPS or even a surge protector would certainly have been useful. FYI, the Vantage weather station is connected to the router by cable, and I plan the same for the RPi - no WiFi except for the laptop during my summer visits. Once again many thanks, the project continues... On Thursday, 10 December 2020 at 09:12:33 UTC+2 ti...@skybase.net wrote: > On 10/12/20 1:59 pm, Ralph Underwood wrote: > > > What's wrong with using VNC? I use it to get to two remote Weewx > > running RPi. With the RPi, VNC has a deal to access up to five > > computers for free. > > > > > Hi Ralph, > > VNC requires a GUI, e.g. desktop packages need to be loaded for VNC to > work. This vastly increases the attack surface for hackers. > > Desktop GUIs are not required on servers, least of all something as > simple and tiny as weewx. > > If you must have a GUI for your server, use a BUI something like Webmin > or Cockpit that can be secured properly. Both lightweight compared to X! > > SSH with keys, is the best option for a remote system for CLI. > > Oh yes... and SSH is free and included with every linux/unix for an > unlimited number of servers. > > When building a system exposed to the internet you always start with the > "minimal install" group as provided by all vendors. You then add only > the packages you need to get your server/services working. This makes > for a small tight system with a minimal attack surface and limits the > amount of things to keep patched. > > Depending on what OS you are using you should also have something like > LivePatch, yum-cron, Ksplice, Autonomous Linux, etc. to keep your system > up-to-date with critical security updates even when you're not paying > attention to it. > > And.... you should be using a cron'd Rsync over SSH to keep a backup > off-site just-in-case the flash fails. Or at least some other automated > backup methodology. > > cheers > > Tim > > -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to weewx-user+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/e19bf7b9-6571-4131-ae36-3b80b7a7d404n%40googlegroups.com.
