Yesterday I set up a simple serial console over bluetooth as a backup console.
Today I’m running SSH over bluetooth. Raw SSH, no IP. I only use IP on the two ends to talk to the SSH client and server. It doesn’t actually go over the bluetooth.
This fixes the security aspects with the previous solution. As long as you make sure to check the host key signature it’ll be perfectly secure.
No need for one-time passwords. You can even use SSH pubkey auth.
Connect to the system SSH
rfcomm watch hci0 2 socat TCP:127.0.0.1:22 file:/proc/self/fd/6,b115200,raw,echo=0
sudo rfcomm bind rfcomm2 AA:BB:CC:XX:YY:ZZ 2 ssh -oProxyCommand="socat - file:/dev/rfcomm2,b115200,raw,echo=0" dummy-hostname
I’m actually replacing rfcomm & socat with my own much simpler tool, so that I can do:
ssh -oProxyCommand="sshbthelper AA:BB:CC:XX:YY:ZZ 2" dummy-hostname
without needing root to create
/dev/rfcomm2 and some other
improvements. I’ll opensource it “soon” and will link from here.
I’m also simplifying the server side to just be
socat exec:./btlisten tcp:127.0.0.1:22.
A backup SSH
If you’re messing around with an OpenSSH config then it may be a good idea to set up a minimal config on another port. Maybe port 23. Not like that port is used for anything else anymore.