Handling IP address Changes

There were some users experiencing issues when their router's DHCP server would, in certain situations, assign a new IP address to their RoninDojo system. In the worst case, the network portion (subnet) of the IP was a different one from before.

We had already introduced a detection mechanism for the firewall to have its rules updated upon discovery of this fact, and with a bugfix this is now in working order.

Also, previously RoninUI required a re-install when the IP address had changed. We've altered the nginx configuration to accomodate these end-user situations and will no longer need the re-install.

From now on, when you reboot the system, your RoninDojo should adjust accordingly and be reachable again with no need to reconfigure the system.

User access

Up until now, on first-time booting up the system, the user would be logged in as root because we believed it would be most beneficial should any situation arise that physical access was required. This was specifically the case for physical access, not any terminal/remote logins. Once the first time installation was complete, the auto-login flag would be removed from the installation script and one reboot would require the user to have to login again as usual.

The root user and the default one (ronindojo) have their passwords randomized upon first time boot, which prevents physical access until the user accesses RoninUI's first time setup wizard. There, the user gets access to the root password and is able to configure the default user's password.

A bug had made its way into our installation script, no longer removing the auto-login flag after the first-time boot. This prompted us to review supporting this feauture and we discussed the security concerns. Some users would plug a Tanto and never connect a physical monitor and keyboard, possibly being none the wiser that unless they reboot, anyone with physical access had full control over the device.

With that in mind, and that the bug exacerbated the problem, we opted to completely remove the autologin feature. We've reached a point of stability in the installation portion of our software where we are confident our support team can deal with any installation issues with the diagnostic tools we already have at hand. Our switch from Manjaro to Armbian with version 2 of RoninOS and RoninDojo is a major factor in this increase in stability, but also sticking to reliable hardware like the RockPro64 in our Tantos.

Changelog

  • Fixed a preparation failure for receive blockchain backup procedure [609b3f3d].
  • Updated tor package to 0.4.7
  • Fixed UI not allowing access after host IP changed
  • Fixed bug in network systemd unit file not updating UFW rules after host IP changed
  • Fixed RoninUI showing a timeout error during RoninUI upgrades
  • Fixed updating tor breaking tor
  • Now forces docker's logging onto the storage drive regardless of any defaults
  • Removed autologin for physical access, previous only on first time boot, fixed regression of it happening every boot (RoninDojo and RoninOS)
  • RoninOS: Added extra check for the first time boot installation not to start until the network is up
  • Moved most of the installation code from main to system installation procedure
  • Removed the menu option to update mirrors
  • Code now always expects the username "ronindojo" (dropped support for alternative usernames)
  • Removed generating and showing credentials for the Explorer key (this has been dropped with the dojo update in v2.0.2)
  • Feature: Updated Ronin's Dojo fork to v2.1.0
  • Credits: BrotherRabbit, dammkewl, BTCxZelko, kyc3, s2l1, numbers, WittyBull, PavelTheCoder
Share this post