maemo.org - Talk - ssh, root, pub keys, etc...

i haven't really looked into the necessity of sudo or becomeroot or similar packages floating around, but I felt like adding my .02 for an alternative to becoming root (temporarily) to do useful things...

Under your regular user account, it's useful to generate ssh keys -

$ ssh-keygen -t rsa

(prompts for save location, passphrase, etc... less complicated to not change the locations and not use a passphrase)

now you have an .ssh directory under your home directory that you can see with 'ls -al', and you should notice that the .ssh directory has 0700 permissions, and now contains your private key (id_rsa, 0600 permissions) and public key (id_rsa.pub, 0644 permissions)

IMO... the most useful thing to do at this point would be to add your id_rsa.pub contents to root's account, to allow you to ssh to root via localhost without having to type a password (after you finish setting it up)

when you install the openssh package (best to install both client and server components, otherwise you're out of luck on this exercise), you are prompted to set the root password, and the assumption is... you remember what you set it to :)

so... now we want to ssh to root@localhost and do a little bit of setup...

this is what i like to do...

$ ssh root@localhost mkdir -p .ssh

(you'll be prompted for the root password, and also to save/remember the ssh key... and you'll want to do that)

the trick here is that... you can use an 'ssh [user@host] [command]' syntax to run the 'mkdir -p .ssh' after you are authenticated.

next i'd do...

$ ssh root@localhost chmod 700 .ssh

(again, you'll be prompted for the root password to authenticate)

remember... we're still running these commands with our regular user account.

now... we want to create an 'authorized_keys' file under root's .ssh directory, that contains our ssh pub key... and, IMO... the easiest way to do this is...

$ cd .ssh
$ scp id_rsa.pub root@localhost:.ssh/authorized_keys

(and... this should be the last time we're prompted for a root password)

now... we should be able to login to root@localhost without typing a password, because we have now finished setting up ssh pubkey authentication.

to test...

$ ssh root@localhost

and voila... you're logged in as root in your terminal session... and you can type 'exit' to log out and get back to your user account when you're done.

---

one of the problems i notice every so often, is that my external SD card is mounted read-only, and the root/ssh-keys setup is really handy for fixing this.. assuming you don't have other issues, like a corrupted SD card or something unusual.

$ ssh root@localhost mount -o rw,remount /media/mmc1

(again... using the 'ssh [user@host] [command]' syntax)

and actually... i just have this set up as an alias in my ~/.bashrc file in my user account, where '~' stands for my home directory.

alias rw="ssh root@localhost mount -o rw,remount /media/mmc1"

and... not to get too carried away... but just for completeness...

i also have a ~/.profile that contains...

if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

and then... in my .bashrc file... something like -

PS1="\w\n\u@\h\$ "
PS2="loop \$ "

alias rw="ssh root@localhost mount -o rw,remount /media/mmc1"

export PS1 PS2

etc...

point being... that... with that 'rw' alias... I can just type...

$ rw

(and i remount /media/mmc1 read-write behind the scenes... thanks to the alias and ssh-pubkey setup with root's account)

you can ignore the PS1 and PS2 stuff, but that's how i like my prompt...

shows me my working directory... followed by a newline, and then 'user@host'$... in other words...

~
user@Nokia-N810-23-14$

I'm sure other users on this forum have done this, but I haven't seen it documented as an alternative to becoming root, if you know why/when this might be convenient :)