For all ASICseer re/installing, including ASICseer autoupdate functionality:
If the ASICseer installer/autoupdater detects that your SSH and webUI passwords are defaults (such as root
and admin
), it will automatically change both of your passwords to a recoverable, secure, randomly-generated password. If your passwords are already different, they will not be changed.
Visit the ASICseer Password Recovery Page if you need to recover your ASICseer ASIC password.
NOTE:: If you have trouble logging in to the webUI, try a different browser or incognito mode.
Extremely sophisticated hardware-bricking crypto-related viruses and hacking attempts are on the rise. These viruses have the ability to infect all types of firmware (stock, third party, etc). In some cases, infected ASICs may not be recoverable with SD Card restoration, requiring controller card replacement. It is recommended that you secure your ASICs, and the networks on which they reside.
When adding preowned ASICs to your network, do not reuse passwords. Informing your unvetted and potentially hacked ASICs of your existing ASIC passwords may allow them to distribute their virus payload to your healthy ASICs.
It is important to secure your ASICs by changing your default passwords to strong, non-reused passwords (or allow the ASICseer installer to do it for you).
To secure your ASIC and to prevent unauthorized logins, you should use passwordless public key authentication. This procedure disables passworded SSH logins and only allows the machine containing the private key to access your ASICs.
See Securing your ASIC with Passwordless Login and Public Key.
The below network security guide is not exhaustive, it is meant to provide a general overview. A network security professional may be required to implement the below best-effort security practices on your network.
Create Management, Isolation, and ASIC VLANs.
Use this network for your *nix jump box, workstations, wifi at the farm, etc. Protect access to this network: any hacked system plugged into it could access all ASICs.
VLAN Firewall Rule Set:
Add any new and preowned ASICs to this network, for both initial evaluation and firmware installation. If these ASICs are infected, they will not be able to touch anything else in the farm.
VLAN Firewall Rule Set:
Split up your network into multiple /24 VLANs. Each /24 is good for ~250 IPs, allowing segregation by row, container, rack, etc. Keep your VLANs small to prevent DHCP range exhaustion, keep broadcast traffic low, and prevent any infected ASICs from infecting VLANs beyond its own.
VLAN Firewall Rule Set: