You should probably follow the updated howto instead.

Yesterday I set up a simple serial console over bluetooth as a backup console.

Today I’m running SSH over bluetooth. Raw SSH, no IP. I only use IP on the two ends to talk to the SSH client and server. It doesn’t actually go over the bluetooth.

This fixes the security aspects with the previous solution. As long as you make sure to check the host key signature it’ll be perfectly secure.

No need for one-time passwords. You can even use SSH pubkey auth.

Connect to the system SSH

Server:

rfcomm watch hci0 2 socat TCP:127.0.0.1:22 file:/proc/self/fd/6,b115200,raw,echo=0

Client:

sudo rfcomm bind rfcomm2 AA:BB:CC:XX:YY:ZZ 2
ssh -oProxyCommand="socat - file:/dev/rfcomm2,b115200,raw,echo=0" dummy-hostname

I’m actually replacing rfcomm & socat with my own much simpler tool, so that I can do:

ssh -oProxyCommand="sshbthelper AA:BB:CC:XX:YY:ZZ 2" dummy-hostname

without needing root to create /dev/rfcomm2 and some other improvements. I’ll opensource it “soon” and will link from here.

I’m also simplifying the server side to just be socat exec:./btlisten tcp:127.0.0.1:22.

Stay tuned.

A backup SSH

If you’re messing around with an OpenSSH config then it may be a good idea to set up a minimal config on another port. Maybe port 23. Not like that port is used for anything else anymore.