Re: Problems using public key authentication in N900.
 

Hello,

Thanks to everyone who posted a suggestion.
This is what I did, I ssh'ed in as root and gave `user' a password. Then I cleared the known_hosts files in both the N900 and the ubuntu machine. I also chmod'ed to 400 the file authorized_keys in the N900.
(I originally had copied the id_rsa.pub file ssh'ing as root and chown'ed the file to user:users to copy it to /home/users/authorized_keys. )

Now I can ssh in as `user' and I don't get prompted for the password, only the passphrase for the public key.
I plan to edit sshd_config to have
PasswordAuthentication no
PermitRootLogin no

I will also try installing rootsh to become root if necessary.

Thanks,

Re: Problems using public key authentication in N900.
 

I looked in /tmp and /var and there does not seem to be a log file for the ssh server, or anything else for that matter. I read in a post yesterday that apparently one has to install something to have logs. Perhaps it's like that to save space on growing log files?
Thanks,

Re: Problems using public key authentication in N900.
 

Yes, that's the reason: Growing log files would sooner or later create a problem for the common user.

Re: Problems using public key authentication in N900.
 

hi, i have got 2 questions regarding SSH (using OpenSSH) ...

1. How do you shut the daemon down ? :-\
/etc/init.d/ssh stop gives me a message saying SSH stopped. But 'ps aux' shows the server to be running.
kill -9 'pid of /usr/sbin/sshd -D' executes successfully but the SSH sever respawns with a different pid.
Any suggestions ?

2. Is anyone facing performance issues with SSH? i tried using putty to connect to the ssh server running on the N900. But the performance is quite slow. Takes 3-4 second for typed commands to show. Can wifi PSM be a reason ? (http://talk.maemo.org/showthread.php?p=380339)

Appreciate any help. Thanks

Re: Problems using public key authentication in N900.
 

I don't see any problems. One thing you could do to find out if wifi is the issue is to try USB networking first and see if that works correctly.

Re: Problems using public key authentication in N900.
 

will try that out .. seems my machine needs a fresh installation as it does not detect my device for installation .. does an installed pc suite cause any conflicts by any chance ?

any ideas on how to stop the ssh server ?

thanks ..

Re: Problems using public key authentication in N900.
 

Yes, in order for the key to be accepted, the user account needs a password set. Do (as root):
passwd user

The permissions for the ~/.ssh directory and authorized hosts files can be u+rw[x] but must be go-rw[x] (you may want to be able to update known_hosts if shelling out).

Re: Problems using public key authentication in N900.
 

If you want to prevent sshd from running automatically, you can remove it from runlevel 2 by using the update-rc.d script. Alternatively, you can prevent the init.d script from starting the daemon by creating a file in ssh config directory (which you would have to (say) rename in order to start the daemon manually):
touch /etc/ssh/sshd_not_to_be_run.

Not sure if removing the init script from the runlevel would prevent it from respawning, though.

Re: Problems using public key authentication in N900.
 

For starting/stopping sshd use `start sshd` and `stop sshd` respectively. The N900/maemo5 uses upstart instead of sysv-init, startup files are in /etc/event.d/ instead of init.d, the list of services is shown by `initctl list`.

Some notes for those that want to allow ssh for 'user' with publickey authentication without setting a password for the account:

sshd prevents successful authentication since it sees 'user' as locked, i.e. it has a '!' in the /etc/passwd file and there is no /etc/shadow file. The only way I found to change that is to create an /etc/shadow file with 'NP' in the password field for user, e.g.::

user:NP:1000::::::

Then, if the authorized_keys are set up, publickey ssh login works, and until now I have not seen any negative effect because of the new shadow file.
(Please tell me if you can think of one!)

Re: Problems using public key authentication in N900.
 

I'm not sure of any reason to not give the user account a password (on this platform). If enabling any kind of external access methods (and really, for any reason whatsoever), it would seem contrary to general principles of security consciousness. I also recommend assigning a strong root password, to help insulate against generic userland exploits.

If the passwordless method described is chosen, the user MUST disable password authentication in /etc/ssh/sshd_config (or anyone connecting will be granted shell access (and presumably, soon thereafter, root)). I recommend the following settings, regardless:

PermitRootLogin no
PasswordAuthentication no

Also, consider changing the default port if operating in a hostile zone.

If the sshd_config file were overwritten with a "fresh" (unedited) copy, then a passwordless user account would be granted shell access without authentication.