How do I run OpenSSH?
 

I am trying to exchange files between my Mac and N810. Picking through these forums has suggested that OpenSSH is the way to do this. I installed the server and client, now what?

I seem unable to find a pertinent wiki of any kind. How does one use openSSH?

Re: How do I run OpenSSH?
 

On the tablet side, you can use scp to copy files from the terminal. (cp = copies files on the same machine, scp = securely copy files to remote systems)

For example:
Assuming you're trying to copy a file named 'filename.txt' in the current directory to your Macintosh (which should alread have an ssh server running and waiting) where my username is 'username'. Assuming also that the Mac's IP address is 192.168.0.10 and I want to drop it into my /home/username/ (home directory):

scp filename.txt username@192.168.0.10:/home/username/

Re: How do I run OpenSSH?
 

ok that's helpful. Another thread I came across had suggested MacFusion as a gui solution, but that requires the NIT to be the server, how do I set up my N810 as the server?

Re: How do I run OpenSSH?
 

It likely already is if you installed it.

as root:

/etc/init.d/ssh restart

will make sure the server daemon is started... You just need to give your root user a password and from your mac ssh to your tablet as user root, password <password>.

Dont know anything about MacFusion.. but same logic applies.

Re: How do I run OpenSSH?
 

Once you have Openssh installed and running on the tablet you can use a ftp program from the Mac that supports the sftp protocol. That way you can just copy files by dragging them. I'm not a mac user but at least a cross platform ftp client like FileZilla should work. Or the other way around, if you have a ssh server running on the mac you can use the cp/scp commands for a single file or start an sftp session manually from the tablet and browse through your folders like this:

sftp macusername@ipadress
cd /some/folder
ls
get somefilename

Be aware that if you sftp into the root account of the tablet files copied to it are owned by root. So do a "chown user somefilename" on the tablet afterwards to change ownership to 'user'.

Re: How do I run OpenSSH?
 

Install the openssh-server package. It will prompt you to set up a root password (and make you enter it twice to be sure it was entered accurately). Once it's installed, it'll already be running. NOTE: PLEASE BE SURE TO ENTER IN A STRONG PASSWORD FOR THE ROOT ACCOUNT. Don't use dictionary words and be sure to sprinkle in a number or two. This is ROOT, after all.

You can immediately to go your Macintosh and ssh to your tablet's IP address as the 'root' user but I highly recommend against it.

The first thing I would do, if I were you, is go to the tablet's terminal once again and ssh back into itself as root to change the 'user' password so that you can use that account to place files onto your tablet. Here's how:

ssh root@localhost

When asked for the root password, enter in the root password you had entered when you installed OpenSSH earlier. At the prompt, enter:

passwd user

Give the 'user' account a good password as well and voila! Now you can go back over to your Mac and ftp to your tablet with the 'user' as the username and the password you had assigned to it.

Re: How do I run OpenSSH?
 

Transmit sftp.

Re: How do I run OpenSSH?
 

B.t.w. the server daemon on the tablet seems a bit quirky. Sometimes I have to restart it with "invoke-rc.d ssh restart" to be able log into the tablet.

Re: How do I run OpenSSH?
 

Boggle. I've never had that problem. The only quirk I've ever noticed is that the networking needs to be enabled by doing SOMETHING with the tablet just before you try to reach it. (For example, I usually just refresh the omweather data and voila--power saving is off and the networking is reenabled). Otherwise, no problems here. N800 running diablo with an all Linux bunch of computers at home.

Re: How do I run OpenSSH?
 

Maybe by restarting the daemon I turn of wireless powersaving. I never really checked if the daemon is actually running.

Re: How do I run OpenSSH?
 

I'm pretty sure it is because ssh'ing to localhost NEVER fails for me--even if an outside host tries to connect... which confirms that the daemon is running regardless of the wifi status (since it never leaves the local TCP/IP stack).

Re: How do I run OpenSSH?
 

Would it be better to create a user account for ssh? Right now I just use the root account along with the password.

Also, can anyone point me to a good guide for generating and setting up certificates for extra security? (I've seen the ones on Ubuntu and such but the whole private/public key confuses me.. like which goes on which PC/tablet). I want the server to be my tablet (since I primarily use ssh for transffering files wirelessly).

Re: How do I run OpenSSH?
 

ssh-keygen
ssh-copy-id

both are installed on the NIT.

final result should be a file: /home/user/.ssh/authorized_keys. the folder /home/user/.ssh/ should be chmod'ed 700 and the file /home/user/.ssh/authorized_keys should be chmod'ed 600.

Re: How do I run OpenSSH?
 

As far as I know, it's not really set up to handle multiple users aside from 'root' and 'user', and I'm not sure I can see the point since all the interface and.. pretty much everything, assumes you're doing things as 'user'.. so even SD cards are owned to 'user' for example.

When you say 'certificates', do you mean ssh keys? (I always had it in my mind that a certificate was something set up no a third party server to act as a third vector in an authentication scheme.. maybe I didn't have that terminolgy right? Can anyone verify the usage of the term for me?)

As far as ssh keys go, it's technically more secure than using only password authentication over ssh, as I recall. Thsi is pretty easy to do but there are a lot of steps if you're new to it. Since I've done it routinely, in my mind it's as easy as 1) generate key pair 2) connect to the remote side 3) append my public key into the .ssh/authorized_keys file

Here's the details of how to do it, for the unexperienced in ssh keypairs:

On the side that is going to ssh out to the tablet, I'm assuming you have some kind of ssh command line client like OpenSSH, run the command:

ssh-keygen -t rsa

...to create an RSA style pair of key files (there's also dsa but RSA has more bits involved and so is more secure).

It will ask you for a filename to save the rsa key as. You can just hit enter to accept the standard default location and filename (usually your .ssh hidden directory). Take note of the path and name of the key, though. You will need it soon.

Then it will ask you to enter an optional password... you can enter one if you want that extra notch of extra security but it's not necessary nor much better. You can just hit ENTER twice to leave it empty.

Once that's completed, go to the path of your key and you should see a pair of keys (one is the key you generated--called a private key, the other is one that you can drop into remote systems you want to log into--called a public key).

NOTE: If you open the public key in a text editor and you should see a bunch of readable text along with a big block of garbled text in the middle. If you see this, you're on the right path!

Now, assuming your tablet as the IP address of 192.168.0.5 on your network and your public key file is named id_rsa.pub, from here you can just paste or type in this line (I'll explain what it does in a moment):

cat id_rsa.pub | ssh user@192.168.0.5 'cd /home/user; mkdir .ssh; chmod 700 .ssh;cd .ssh; cat >> authorized_keys; chmod 600 authorized_keys'

What I do here is first print the contents of the public key out--but not to the screen, the | symbol is a pipe which means I'm passing the stream of text to the next command--which is ssh. ssh remotely connects to the tablet and goes on to run the commands between the quotes. I tell the tablet side to go to the user's home as the working path ('cd /home/user', I preferred not to assume I'm already in the home). Then create a .ssh directory (if it already exists, it'll error--which is fine). Then set permissions correctly so SSH will work with the .ssh path (read and write ONLY for the 'user' account). Then I go into .ssh and I append (that's the >>) whatever is being piped to ssh (the public key) onto the end of an authorized_keys file--if the file doesn't already exist, it'll be created). Lastly, I set correct permissions on that file as well. Once that's all done, ssh will just end the session.

Now, you should be able to just 'ssh user@192.168.0.5' to get into your tablet and magically get a shell without being asked for your password.

Re: How do I run OpenSSH?
 

Live and learn--I actually had never known about ssh-copy-id and did it manually each time. :) I guess I sort of still have to in some cases since I work with many flavors of UNIX for work (AIX, Solaris, etc.) and not everything runs OpenSSH as the SSH server and client.

Thanks for that info, though!! :)

Re: How do I run OpenSSH?
 

Yeah I meant keys. I guess there's no point in setting up a user then. I'll just keep using root to login.

Re: How do I run OpenSSH?
 

This may be obvious, but a downside of using a keypair is that anyone who finds or steals your tablet has access to your pc as well.

Re: How do I run OpenSSH?
 

Ah true. Though would that only be if the PC were the server and not the tablet?

Re: How do I run OpenSSH?
 

Ok I've gotten around to messing with this again. And I have several questions..

ssh-copy-id

What do I do with this command? The Ubuntu wiki says

"Assuming the remote Ubuntu computers you wish to use the keys for have running ssh daemons already, then locating your public portion of the key pair on those machines is quite simple. For example, if you'd like to begin using key-based logins as user username on a remote machine named host, and host is running sshd, and reachable by name on your network, simply use the ssh-copy-id command to properly locate your key:

ssh-copy-id -i ~/.ssh/id_rsa.pub username@host"

So username@host would be something like root@N800. Correct? But from where do I issue the command? My desktop/laptop (clients) or my tablet? (host?). And does this copy the ID onto whatever computer I need it on?


@danramos, I tried following your instructions though I didn't want to set an IP address. I'm going leave my desktop at home this year, and just bring my laptop with me to college so I'd need the ability to connect to it from my desktop or laptop depending on which network I am on. (at home, desktop. at college, my laptop).

And if I'm already logging into root via ssh, how would I switch it to the more secure key+ password? And how would this effect programs such as winscp or the Ubuntu Nautilus file manager?

Re: How do I run OpenSSH?
 

Don't use root. Like I'd pointed out, you really should log in as root and change the root and user passwords.. then, from then on, log as as 'user'. ONLY log in as root if you intend to do something that needs root permission (apt-get, for example). Avoid running as root as much as you possibly can.

Not necessarily. If someone has stolen your tablet or if you suspect any kind of abuse, you can tell the ssh server on your laptop or desktop to regenerate private server-side keys so that anyone logging in needs new keys to connect to it.

Re: How do I run OpenSSH?
 

Can I access my /media/mmcs cards with just the regular user? And any additional help is much appreciated (I'm trying to read up on this and google it though it's a wee bit confusing).

Edit: And I have changed the root password, though I don't think I've changed the user password yet. (it has a password?)

Re: How do I run OpenSSH?
 

Yep! On the server side, where you created your keys, you would issue a:
ssh-copy-id -i ~/.ssh/id_rsa.pub user@192.168.0.10 (assuming .10 is your tablet).


As for the IP address, you NEED to use the IP address inside your network as I'm sure you don't have a DNS server that you admin locally or hosts file to resolve the name to hosts. If you want to add your tablet to a fixed IP in your router's DHCP and then associate a name to that IP address, that would work while you're at home. But if you're roaming around in the cloud and connecting from, say, Burger King, that won't work.

You could do what I did, though. Set a fixed DHCP address for your laptop/server at home on your router... tell your router to route ALL traffic for a high and unusual port (let's say 2222) and route all traffic destined to port 2222 to your laptop/desktop's address at port 22. Then, set up a DynDNS.com domain name that will ALWAYS resolve to whatever your router reports to DynDNS as your current IP address with your ISP.

Once you're roaming around on the Internet cloud, you can go to a terminal session and type, say in this example:

ssh -p 2222 user@mydomain.dyndns.com

This assumes you got the name 'mydomain' from dyndns.com. :)

Let me know if I should flesh out any of that any further and I hope it helps you out.

Re: How do I run OpenSSH?
 

Yup! They're mounted with user's access.. so that's actually the whole point--the user using the tablet should be able to access the SD card contents.

And yep.. the user has a password. Just 'passwd user' and that should do it. Don't lose the root password. If you lose the user's password, though.. no biggy. You can go back in as root from the terminal and just 'passwd user' to change it without already knowing the old one. Hence why you want to try NOT TO LOG IN AS ROOT as much as possible. If anyone manages to get root.. they are GOD of your tablet. :) heheh

As for the mmc cards, you'll find them at:
internal: /media/mmc2
removeable: /media/mmc1

So, for instance, you can issue:
ls -la /media/mmc1

And you'll see the contents of the external card.. and you'll also notice that the files are all "owned" to the 'user' account.

Re: How do I run OpenSSH?
 

Edit: Disabled root login for openssh.

Now to just get the keys setup.

Re: How do I run OpenSSH?
 

Whoa.. you sure you want to actually DISABLE root login? Are you using any other method to be able to get root access?

Re: How do I run OpenSSH?
 

Actually, you'd want to remove the compromised client's public keys from the 'authorized_keys' file(s) for any accounts on any machines you care about.

Regenerating keys on the server isn't going to do anything useful, aside from generating 'hey, the key for this server changed' messages for any clients that connect to a server with new keys, and happen to have different server keys cached.

Re: How do I run OpenSSH?
 

I disabled it for openssh.

changed allowrootlogin to no in its config file and reduce timeout to 60

Can still use root on the device. :)

Re: How do I run OpenSSH?
 

Why not just use Bluetooth file transfer to move files back and forth?

I also use https:// Gmail, or an SD card//USB gadget. All three seem like secure, easy ways to do Mac-N800 transfers

Re: How do I run OpenSSH?
 

You're right--I'm not sure why I said that, given I've actually done this a million times. Once the public key is removed from the .ssh/authorized_keys file on the destination end, it's no longer going to work.

Re: How do I run OpenSSH?
 

Bluetooth is slower and generally feels a whole lot more klunkier. It's also not scriptable, whereas I can write an easy shell script to scp or ssh something to another box using the keys to authenticate.

By the by, Bluetooth is a whole lot less secure if someone nefarious is within range.

Using https and gmail is too awkward and out-of-the-way.

USB only makes sense if you're connecting to a PC to access the SD cards--which may or may not serve your purpose. If you're trying to simply read/write the media cards, this is fine. If you're trying to script some cross-server automation or some file transfers to the /home/user path, this will be insufficient.

Using the SD card is, again, only appropriate if the whole point is to simply move files over to the SD card. Then there's the whole argument of wear and tear on the kickstand and the SD card's door.

I personally prefer to use ssh and scp to access and to transfer files. On rare occasion I will use bluetooth. I prefer not to use wires as much as possible and see very little reason to put any more wear and tear on my device by doing so.

Re: How do I run OpenSSH?
 

Makes sense. I have to admit I've always used BT or Gmail or SD/USB because SSH always seems mind-numbingly complex for a spoiled-rotten end-user like me, and despite the crystal-clear advice in this thread, it still looks way too difficult.

Every now and then, however, I try to pretend I'm tech-y and maybe I'll give it a shot via the tips here.

Re: How do I run OpenSSH?
 

Is there no samba package for diablo?
Also, has anyone actually tried to access the N8x0 thru FUSE? AFAIK it requires openssl on the host, does it come in diablo or does it have to be installed?
thanks!
PS. It's somewhat relevant -- can I access (copy to/from) smb or afp shares on the network from Diablo?
thanks!

Re: How do I run OpenSSH?
 

Maybe the most overlooked post in the thread. SO much easier. I know nearly nothing about this stuff and I was able to get it going.

Re: How do I run OpenSSH?
 

Hi, I posted a question on this thread http://talk.maemo.org/showthread.php?t=35587 but I think this one might be more appropriate.
I created the keys and copied the public key id_rsa.pub over to /home/user/.ssh/authorized_keys, but when I try ssh -l user 192.168.1.8 (the ip of the N900), it still asks for a password.

Any suggestions?
Thanks,

Re: How do I run OpenSSH?
 

1. create keys on machine A.
ssh-keygen -t dsa -f .ssh/id_dsa
2. scp id_dsa.pub user@n900-ip:
3. ssh to n900
4. cat id_dsa.pub >>.ssh/authorized_keys
5. chmod 400 .ssh/authorized_keys
6. exit and then try to connect from machine A.

Re: How do I run OpenSSH?
 

5b. assign a password for the user account (this is required or key authentication will fail)