Turning Your Starlink Mini into a Real Telemetry Device - How to bridge Starlink Mini into MQTT and Node-RED for real-time monitoring and automation

-
Image
  If you’re running a remote station, digital voice system or any kind of modern connected ham infrastructure, your internet link is no longer “just internet” — it’s part of your station. Starlink Mini gives you portable, high-availability connectivity, but out of the box it’s still a black box. You can see “online/offline,” but you can’t easily observe performance, uptime, obstruction trends or state changes in a way that integrates with the rest of your telemetry systems. That’s exactly what the starlink-mini-mqtt-node-red-1 project solves. This project creates a bridge between Starlink Mini, MQTT and Node-RED, allowing you to treat your satellite link like any other piece of instrumented infrastructure in your shack. What It Does The system polls Starlink Mini status data and publishes it into MQTT topics that can be consumed by: - Node-RED - Home Assistant - Grafana - InfluxDB - Custom automation workflows Once it’s in MQTT, it becomes part of your normal telemetry pipeline. Ty...
Post a Comment

Why You Should Use SSH Keys Instead of Passwords on Your Raspberry Pi

-

 


If you’re running a Raspberry Pi that’s reachable from the Internet — such as through 44Net, or any public-facing IP — security should be your top priority.

One of the most important steps you can take is to disable password logins and use SSH keys instead.

Why Passwords Are a Problem

Password authentication over SSH might feel convenient, but it’s one of the biggest security weaknesses for exposed systems:

     Brute-force attacks — Bots continuously scan IPv4 and IPv6 ranges trying common usernames like pi, admin, or ubuntu.
     Leaked credentials — If you’ve reused a password elsewhere and that service gets breached,         attackers can easily try it against your Pi.
     Keylogging and phishing — Passwords can be intercepted if you log in from an insecure machine or network.

Even strong passwords can’t match the security of asymmetric cryptography used by SSH key pairs.

What SSH Keys Are (and Why They’re Better)

SSH keys are a pair of cryptographic files:

     Private key — stays safely on your local machine.
     Public key — stored on your Raspberry Pi.

When you connect, your client proves it has the private key that matches the public one — no password ever travels over the network.

Benefits:
     Uncrackable by brute force.
     No passwords stored on the Pi.
     Easy to manage multiple devices.
     Works with Raspberry Pi Imager for completely password-free setup.

Generating SSH Keys on macOS, Linux, or Windows

You can create an SSH key pair in seconds.

Step 1: Open a terminal


     macOS or Linux: open Terminal
     Windows 10/11: open PowerShell (or Windows Terminal)

Step 2: Generate the key pair


Run:

ssh-keygen -t ed25519 -C "your_email@example.com"

     -t ed25519 uses a modern, secure algorithm.
     -C adds a helpful label to identify the key.

Press Enter to accept the default save location (~/.ssh/id_ed25519), and optionally set a passphrase for extra protection.

Here is an example session:

PS C:\Users\dg> ssh-keygen -t ed25519 -C "test_keys"

Generating public/private ed25519 key pair.

Enter file in which to save the key (C:\Users\dg/.ssh/id_ed25519):

Created directory 'C:\\Users\\dg/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in C:\Users\dg/.ssh/id_ed25519

Your public key has been saved in C:\Users\dg/.ssh/id_ed25519.pub

The key fingerprint is:

xxxxxxxx
The key's randomart image is:

xxxxxxx

Step 3: Confirm the files

Next type:.

cd .ssh
dir

You should see:
id_ed25519      # private key
id_ed25519.pub  # public key

The contents of .pub file is what you’ll copy into Raspberry Pi Imager. 

type id_ed25519.pub

Step 4: Adding the SSH Key in Raspberry Pi Imager (When You First Set Up Your SD Card)

Raspberry Pi Imager (v1.7 or newer) makes this easy:

A. Install/open Raspberry Pi Imager (https://www.raspberrypi.com/software/ ) on your Mac or PC.

B. Choose your device, OS, storage, and click NEXT.



C. You will then see an option that says EDIT SETTINGS.

D. On the next screen click on Services



E. Check Enable SSH
F. Select Allow public-key authentication only.
G. If you created your key on the same machine, it will automatically be filled in for you.
H. Otherwise, paste your public key (the contents of id_ed25519.pub).
I. Press SAVE

J. Press YES to write your card

When the Pi boots for the first time, your public key will be preloaded in /home/pi/.ssh/authorized_keys.

Connecting to Your Pi Securely

Once it’s powered up and online:

ssh pi@<your.pi.ip.address>

If everything is set up correctly, you’ll connect without typing a password.

Summary

Switching to SSH keys takes a few minutes but can save you hours of cleanup after a compromise.

If your Raspberry Pi is exposed to the Internet — especially on 44Net, or publicly accessible in any way (like poking a hole in your home firewall) — using SSH keys isn’t just good practice, it’s essential.

73























Comments

Post a Comment

Popular posts from this blog

How To Get Precise Time Outside Your Shack

-
Image
  Often when I decide to do Parks on the Air (POTA), I just grab my gear and go forgetting to sync my laptop’s time.  When I get to the park, sometimes my system clock is 5-30 seconds off which means I’m not able to do FT8. I have found some inexpensive solutions to help fix this issue.  First, you’ll need a GPS dongle to capture accurate time signals.  These dongles are great and can get time almost anywhere, if they have a good view of the sky.  Here is the one I like since I can move it around if I need to and can keep it away from my radio to reduce RFI. It is called the “VFAN USB GPS Receiver Antenna Gmouse for Laptop PC Car Marine Navigation Magnetic Base” and available on Amazon for $20.  If you want something less expensive ($12) and smaller, I’ve heard good things about this unit (although I have never used it) – “HiLetgo VK172 G-Mouse USB GPS/GLONASS USB GPS Receiver for Windows 10/8/7/VISTA/XP”. Next, you’ll need software to allow your computer...
Read more

How To Set Up Your Own Remote Station

-
Image
  I’m going to share with you an inexpensive way you can control your station from a web browser on your home network.  This is the first step in setting up a remote station for yourself.  Once you have the radio  working locally, you can explore more advanced access solutions like Tailscale or Zerotier VPNs for operation outside of your home network. I found a great free program to remote control radios from F4HTB called “Universal_HamRadio_Remote_HTML5”.  Here is a link to his Github with more information - https://github.com/F4HTB/Universal_HamRadio_Remote_HTML5. Since there are a lot of steps to setting it up manually, I have put together a script that will do a large portion of the work for you.  I have tested the script with an Icom IC-705 and Yaesu FTDX10 utilizing both radio soundcards so there is no need to construct the hardware interface for these radios that he mentions.  The difference between the two radios is which version of Hamlib is...
Read more

How to Put Your AllStar Node on 44Net Connect

-
Image
  Recently a blog reader, Will WY7WL reached out about putting his Allstar node on to 44Net.  He was running into issues with connectivity to his node since it was behind CGNAT and wanted to see if he could adapt the 44net-cloud-wireguard-rpi script I had on Github for his application.  As I began testing it for him, I saw several things that needed to be customized to make the script work with the HamVoIP software, including making sure the software was at a current version, employing iptables for better compatibility and tweaking firewall settings to support Supermon.  So, I have created a special script to support this Allstar HamVoIP that handles everything soup to nuts and it is located at https://github.com/n3bkv/hamvoip-wireguard/blob/main/setup_hamvoip_wireguard.sh I also have an ASL3 version that Will help me test (since I do not run ASL on any of my own nodes).  That is available at - https://github.com/n3bkv/asl3-wireguard/blob/main/asl3-wg-setup.sh W...
Read more

Why You Might Want To Set Up Your Raspberry Pi Internet Web Server on 44Net

-
Image
  I had a big problem with my blog. Since it’s hosted on Blogger, there were issues with Google and Bing indexing it. I must have spent nearly two weeks trying to figure out why search engines were having trouble with redirects and couldn’t index the site. After some research, I found out this is a common problem with Blogger. So, I decided it was time to set up my own web server. That way, I’d have full control over everything—from which content management system and plug-ins I use to how the site is hosted. I had a spare Raspberry Pi sitting around that I could use, since my site doesn’t get a lot of traffic. All I needed was a static, internet-addressable IP address. But those are generally hard to come by without an expensive business-class internet connection. As hams, we have access to millions of IPs for free, thanks to some forward-thinking operators from the 1980s via 44Net. Here’s a link to an article and a short video on the history of 44Net: https://www.ardc.net/ardc-ki...
Read more

Building a Secure Web Portal on 44Net Without VPN Headaches

-
Image
I've been running Node-RED on my home network for a while now, controlling various ham station functions and monitoring gear remotely. The problem? Accessing it from outside my network meant either opening it directly to the internet (yikes) or dealing with VPN clients on every device I wanted to use. VPNs work, sure, but they're a pain. You need to install clients, manage configurations, deal with connection drops and if you want to give access to other hams in your club? Good luck walking everyone through VPN setup on their computers. Plus, most free VPN solutions limit you to a handful of users. I wanted something better. A secure web portal that I could access from anywhere with just a browser. No client software, no complicated setup for users, but still locked down tight with proper authentication and encryption. That's when I decided to build out a proper web portal on 44Net using Traefik and Authelia. After getting it working, I packaged the whole thing into an auto...
Read more

A Non-Programmers Guide on How To Use AI to Write Your Own Custom Ham Radio Computer Applications

-
Image
  These days you can’t get away from the Artificial Intelligence (AI) hype, it is unavoidable.  Supposedly it can do anything and everything with no limitations. But beyond the marketing, there is a lot that AI can do to help make your life easier. I’m going to walk you through how you can utilize AI for ham radio applications.  It is a great way to solve problems and create software for your projects, even if you are not a programmer.  I think the best way to show you how to use an AI Large Language Model (LLM) is to run through the prompts I used on a project for remote station temperature monitoring. I needed a way to get sensor readings from an external sensing board on a Raspberry Pi for display on a computer data dashboard.  I decided I wanted a script that could collect the readings every few minutes and transmit them to a second computer that served up all the dashboards for the station.  Some call this a “single pane of glass” since you can go to...
Read more

Internet Remote Software Defined Radio (SDR) Receivers – A Starter Guide

-
Image
  What do you do when you are stuck in an apartment, condo or HOA and you want to experience what HF is all about?  You can try to hide a wire antenna and use a low cost SDR dongle like the RTL-SDR but your experience is going to be very limited in what you will be able to hear.   The best solution (and it is free as well) is to use a remote internet SDR receiver. Here are a couple of sites you can go to get started: WebSDR.org: A directory of receivers around the globe, usually accessible with nothing more than a browser. These are often university or club stations that welcome public use. KiwiSDR Network: Shows active KiwiSDRs on a map. These small receivers are deployed by individuals and groups worldwide and often cover 0–30 MHz. Let’s use KiwiSDR as an example of how to operate a remote SDR.  If you go to rx.linkfanel.net on your web browser, you will see a screen like the one below. Listed here all the receivers that are available worldwide as well as an...
Read more

Wifi Network Clock Review: Great Features <$40 With A Security Concern

-
Image
  I have many clocks in my home which all seem to show different time no matter how often I try to sync them to an accurate time source.  I was looking for something inexpensive that I could have in the living room that would auto correct itself often so I had one clock I could depend on there.   I decided to stay away from radio clocks that needed to be able to receive WWV to reset themselves as I knew that would work maybe once a week, if I was lucky. I used to have a WWV correcting watch and I had to remember to put by a window at night to get updates. Ideally, I wanted something that would reset hourly so it could be accurate to within a second or two.   After searching around, I found this clock on Amazon and thought I’d give it a try.  It can be set to synchronize over wifi with any time server worldwide or even a local one if you have your own NTP server. It is customizable via a web browser to display any time zone (including UTC – great for ...
Read more

Automated Server Failover for Remote Stations

-
Image
  Overview Here's a cool trick for anyone with a remote station that wants to have an automated computer failover. This router setup will allow you to have multiple redundant computers on site and if one fails, your remote users will automatically be sent to the backup machine.  When the primary comes back online, users are sent back there.  Any failures can be emailed to you from the router, so you can troubleshoot. What you need 2 computers - can be Windows, Linux (Raspberry Pi, etc) or Mac Mikrotik Router - In my case I'm using the hAP ac3 - which goes for about $110 on Amazon Step By Step Setup (using the Mikrotik Web Gui or Winbox) - this is the IP you give to your users 1. Add a Virtual Service IP This is the “VIP” your LAN clients will always use (e.g. 192.168.1.100 ).     A.  Open IP → Addresses     B. Click Add New           •   Address: 192.168.1.100/24          •...
Read more

Ham RSS News Feeds

Amateur Radio Daily

Loading...

ARRL News

Loading...

Zero Retries

Loading...