linux noob requires help with openssh
 

I installed openssh server only inorder toaccess to n900 via winspc and works perfect. but i know have other problems.

1. how can i set open ssh to manual start and which command i use to start it manually?
2. do i also need client in order to access server locally to change setitngs?
2. will the root pw i setup be removed if i remove openssh server?

thanks

Re: linux noob requires help with openssh
 

1) I think if you:

it will no longer start up automatically.

To make it start up automatically at the next boot, do:

You need to issue these commands as root from the x-terminal application, or logged in as root over ssh.

To stop and start the ssh server, use xterm, become root and:

2) No, you can go to xterm, become root, and do it from there.

The settings are in the file
/etc/ssh/sshd_config

you will need to stop and start the server for any change to take effect. Your root password is not part of the ssh server settings and can be changed by running the command passwd as root inside x-terminal.

other 2) No, it will stay as you set it.

Re: linux noob requires help with openssh
 

1. get root terminal (open terminal, type "root")
2. run command "update-rc.d -f remove ssh"

To start/stop the SSH server in root shell use command "/etc/init.d/ssh start" or "/etc/init.d/ssh stop"

No, you should be able to get a root shell by simply typing "root" in the terminal.

I don't think so, not that it matters much upon next install it will probably prompt you for a new one anyway.

kwotski was faster than me: but the update-rc.d is in general the recommended way to muck around with the rc.d directories.

Re: linux noob requires help with openssh
 

thanks. if i understand correctly root pw i set is set for whole system. how can i remove it so it's back to factory setting (disabled?)

Re: linux noob requires help with openssh
 

another problem:

i removed opensshserver from app manager and when i try to reinstall i get unable to install error. any thoughts?

update: i was able to remove it via apt-get remove and reinstall

Re: linux noob requires help with openssh
 

Don't do this! But, in the file /etc/passwd you'll see a line like:

root:OmfGcryptedpwWTF:0:0:root:/root:/bin/sh

If you change the bit I've put as OmfGcryptedpwWTF to just ! then root is in the same state as user once you save the file - no password is set and login is disabled

Now, the reasons I advise you not to do this are:

1) I haven't tried it
2) I don't know for sure that there wasn't already a default root password set on the device, rather than a ! - I didn't look at mine before setting the password
3) There's a fairly good chance that I don't know what I'm talking about, and doing the above will stop something working.. I'm conversant with Linux, but not Maemo 5
4) Why do it anyway? Just set a secure password and change it regularly if you're paranoid about it..

If you really really want to do it, wait for someone who knows what they're talking about to give you the real information :) Consider this a placeholder.

Re: linux noob requires help with openssh
 

i had smilar line on mine before installing openssh-server and installing it created passwd- file (assuming it is backup)

Re: linux noob requires help with openssh
 

i wonder if it is good idea to replace passwd with (assumed backup) passwd-

i am paranoid due to couple of reasons. i don't want to fiddle with default system pw and somehow i came to counculusion that installing opensshserver set-canged it

Re: linux noob requires help with openssh
 

well i replaced it and phone doesn't boot anymore

Re: linux noob requires help with openssh
 

Ok, well if you had that line with a pw before you installed the ssh server, then that really means there is a standard default root password.

That means that once you are running ssh server, anyone knowing that default password and your IP can get root access on your device.

That is a really bad scenario, and almost certainly is why when you install the ssh server it asks you to change the password!

I think it's best to leave the password as you've changed it, it really is A LOT more secure like that.

Evidently it does not harm the system to have it set differently (I've been running mine now with that for nearly 2 weeks).

Edit: Oh, well, a bit too late with that post. But really, slow down!

Re: linux noob requires help with openssh
 

reflashing it looks promising :) i can't learn if i don't brick stuff :P

Re: linux noob requires help with openssh
 

Thanks, I knew there was something like that. I'm coming from chkconfig --levels land ;)

Re: linux noob requires help with openssh
 

May I add another noob question?

I was trying to ssh to the device over the cellular network and failed miserably. If I interpret "netstat -lntu" correctly port 22 (which I was using) is open:

I have a public IP, it works to ssh to the device over my local wifi network and from the device on both cell and wifi network.

Do the cell operators usually have some form of firewall stopping connection attempts or am I missing something else?

Re: linux noob requires help with openssh
 

You can run the command ifconfig on the n900 to see what IPs you have configured. So using that you can see what IP is configured on the cell network interface (it is phonet0 if I recall).

Mostly I think cell operators would give you an IP in a private address space, like 10.x.y.z or 192.168.x.y and send your outbound traffic through what's called a NAT gateway, so inbound traffic across the cell network would normally be impossible.

I'm not sure, but it sounds from your post that you're trying to ssh to your public WLAN IP across the cell network?

That wouldn't work because no-one (apart from you!) knows that IP is on the end of your cell network connection, so it can't be routed there. (Sorry if I misunderstood, it's a little hard to make out just what you're trying to do... Mentioning some example interfaces and IPs would help..)

Re: linux noob requires help with openssh
 

Thanks for replying.

To try to clarify, everything is fine when the N900 is connected to my wlan. I can ssh to the device on the local network, using the IP my router has assigned to the N900.

What I ask about is ssh:ing to the N900 when it is connected to the cellular network, using the IP assigned to it by my cell network operator. I can tell I receive a public IP from e.g. checkip.dyndns.org. It is also verified by the Personal IP widget. Using that IP I try to ssh to the N900 from my PC.

Re: linux noob requires help with openssh
 

Ah, ok, I guess it must be firewalled out by your telco somewhere along the way..

If your PC supports the traceroute command, you could try

to see if that shows where the blockage is..

Certainly, as far as I understand it, you are correct in your earlier post where you say that sshd is listening on all interfaces and should be reachable if nothing else is blocking it.

Re: linux noob requires help with openssh
 

hi. im uber fresh in this area and have some noob questions about openssh.

first installed server and client as a bundle. just to connect from my comp. now:

in program manager there is three:

openSSHClient
openSSH client and server
openSSHserver.

since im only want to reach my n900 from my comp. can i uninstall the first to and only leave openSSHserver?

if a want to remove the SSHserver what happen if I just unistall it. will password be removed and the phone goes back as it were before install openSSH?

Re: linux noob requires help with openssh
 

I expect if you uninstalled "client and server" they might all disappear. If it was me, I would do that, then (re)install just the server.

Don't think so. There is some discussion at the start of this useful thread ;)

Re: linux noob requires help with openssh
 

nice. it worked great until I stopped and restarting ssh server again. now, the password isnt working anymore. the server is open and running again, but the password don't work anymore. any ideas?

have not changes pwd for root. used rootish to get root access.

get root terminal (open terminal, type "root")

/etc/init.d/ssh stop
/etc/init.d/ssh start

tried to uninstall ssh server again and reiinstall it again, but i wont get the pop up for the password again. I know the password, and can ping my n900, but can't connect.

Re: linux noob requires help with openssh
 

no clues? :(

Re: linux noob requires help with openssh
 

what does
say?

you should get a line containing "0.0.0.0:ssh", meaning that the daemon is listening on all interfaces on port 22 (="ssh").
if that is not the case, your setup has an error.

you could also try re-setting the password, using these two commands:
edit:
and, as a last resort, you could delete the /root/.ssh folder after deinstalling SSH, and then reinstall.

Re: linux noob requires help with openssh
 

Ok,
I got the line
tcp 0 0 0.0.0.0:ssh 0.0.0.0:*

Re: linux noob requires help with openssh
 

What happens when you try and connect? Connection refused?

Re: linux noob requires help with openssh
 

yes. connection refused. nothing, just got another retry

Re: linux noob requires help with openssh
 

think i will try to change root passwd

Re: linux noob requires help with openssh
 

Sounds good. "connection refused" would be when there's nothing listening. If it's asking you for the password then it's listening.

Re: linux noob requires help with openssh
 

yes, its listening, unfortunately not on me :)

tried to change root password, still the same result

Re: linux noob requires help with openssh
 

@Dave

did you try reinstalling, but removing the .ssh folder in /root between de- and reinstallation?

also, what program do you use to connect? maybe your N900's encryption keys have changed and your program thinks there's an attack or something...

and you didn't change anything in /etc/ssh/sshd_config, right?

Re: linux noob requires help with openssh
 

I did not removed any folder.

First, I installed ssh bundle from file manager
created a password. ssh with winscp worked fine.

after that. unistalled server and klient 8 kb from file manager, and client from file manager.

still worked with winscp.

now installed rootsh. typed root

and stopped server and then restarted server. now. i couldent log in any more.

tryed to reconfigur my wlan and wifi(still the same ip on comp and n900 but with another wep.

and atlast 10 min ago. tried to change the root password.

im using winscp from win vista.

Re: linux noob requires help with openssh
 

FILE manager? not application manager?

seems like rootsh did something the openssh server doesn't like...
try this:
deinstall both
remove the folders /root/.ssh and /etc/ssh if they exist - by this you purge every configuration so you can start fresh
does the purging, but be VERY careful not to mistype anything! rm -rf can be dangerous.
install rootsh first
install openssh server


edit:
i just realized - winscp has no shell client, its only intended for copying. could you please try connecting with putty as well?

Re: linux noob requires help with openssh
 

yes. sorry. application manager

but cant uninstall rootsh.

yes, also running put with same result.

thx anyway

Re: linux noob requires help with openssh
 

How are you changing the root password?

Edit: This is how it looks when I do it:
The # sign shows I'm root. If I don't see that then I'm not root.

I type "passwd" and enter, then follow the instructions.

It doesn't actually care if you enter numbers or upper case letters, btw, it's just giving you advice ;)

After I've done this, I can test it by typing "login" at the same place:

So I type "login" <enter> then at the "login" prompt, root, then at the next prompt, the password.

You could maybe try this procedure to see if you're changing the password properly.

I would do this, then if the password and login is ok, re-install the openssh client (yeah, I know ... ;) ) and then do:

N900:~# ssh 127.0.0.1

This will try and connect from the N900 to the N900 so we don't need to worry about network issues :)

It should look something like this:

If that doesn't work, you could try SubCore's idea with the logs..

Re: linux noob requires help with openssh
 

if you're up to it, i have one more suggestion :)

by default, ssh doesn't log anything because the needed facility is missing, but with these steps you enable logging, which might help you track down the problem :

first, install sysklogd and klogd (all these steps require root access)
they are part of the official nokia repositories (downloads.maemo.nokia.com), so no need to worry.

next, you have to enable the AUTH facility:
edit /etc/syslog.conf and remove the # in the line containing auth.log
you can use vi:
use the cursor until you're at the beginning of the mentioned line
press 'x' once to remove one character (the # sign)
it should look like this:
now save the file by typing this inside vi:
for the changes to take effect, reboot the device

after the reboot, fire up xterminal again and watch the auth.log file:
you should see a few warning msgs about missing log files, that's to be expected.
with the -f option, tail keeps the file open and shows you changes as they happen. if you now try to connect again using putty or winscp, you should see something happening, hopefully including what's wrong. :)

a succesfull password authentication should look like this:
if you need more info, you can increase the value of "LogLevel" in the file /etc/ssh/sshd_config to VERBOSE and restart sshd by

Re: linux noob requires help with openssh
 

if you have rootsh installed, open xterminal and type
you are now prompted for a new root password.

Re: linux noob requires help with openssh
 

No kidding! ;)

I was asking Dave999 how *he* was doing it. He isn't the clearest communicator, unfortunately ;)

Re: linux noob requires help with openssh
 

lol sorry apparently i was still in answering mode *g*

time for bed

Re: linux noob requires help with openssh
 

Hey, why not use keys to authenticate...

a) Way more secure
b) No need to type password
c) Automation possible

Instead of listing the steps here how to create keys under Linux and use them, I'd rather link to http://linux.com tutorial which has some more useful information:
Using key-based authentication over SSH

When you are on windows... you are on your own... okay, I am not that mean :-) Just use Putty to generate a valid key:
Key-Based SSH Logins With PuTTY (I just tried it once with windows and a small note: PuTTY keys can not be used to authenticate Linux <-> Linux connections)

And just another hint for those who can't get a connection to there device when connected to the Internet via GPRS/UMTS.
Some providers do NAT, so the IP address the phone gets assigned is a none routeable address and thus you will not be able to connect to your device. Use some sort of VPN (OpenVPN) to get rid of that nasty problem.

Cheers
Bjoern

Re: linux noob requires help with openssh
 

thx all for your help
now
-------------------------------------------------------
Nokia-N900-42-11~#"login"
User:"root"
password:xxxxxxx

this works.
--------------------------------------------------------
Nokia-N900-42-11~#"ssh 127.0.0.1"
enter same password. working

Re: linux noob requires help with openssh
 

you can't login as "user" cause this account has no password by default (you would have to enable passwordless login)

be sure to do the following on the N900:

Now login from remote with the following command:
Now check what sshd is printing to the terminal.
If the login still does not work, post the entire output here.

I still would recommend to use key authentication instead of user/password verification.


Cheers
Bjoern

Re: linux noob requires help with openssh
 

Thx for all the help. will look into keys now.

have a few qustions if anyone have time. since im now log in with root

in sshd_config I want to set this flag to no: PermitRootLogin yes.

but do I need to create a new user or how can I log in after i changed this to "no"?

how do I create new user?

shall i change to another port than 22?

how do i do that?