Active Topics
-
TLS 1.2 for N9 is ready (29)
to MeeGo / Harmattan by smatkovi - 5 hrs, 25 mins ago -
Error after installing Leste on sdcard (12)
to Maemo 7 / Leste by teroyk - 6 hrs, 12 mins ago -
Camera phone competition March 2023 "Endless" (35)
to General by Maemish - 3 days, 14 hrs ago -
Maemo repository (3)
to Community by torsen - 4 days, 7 hrs ago -
Introducing ubiboot N9 (multiboot OS loader) (1,393)
to Alternatives by smatkovi - 6 days, 11 hrs ago - more...
|
2008-02-13
, 10:49
|
|
Posts: 3,841 |
Thanked: 1,079 times |
Joined on Nov 2006
|
#2
|
Make sure that /home/user and /home/user/.ssh don't have write access for other than user (ls -ld /home/user should show drwxr-xr-x, ditto for /home/user/.ssh)
(If anyone else than the owner can write to either of those directories then key authentication won't work).
As for running the ssh server.. obviously it's more secure to not run it when not needed. On the other hand, with a good password (not a dictionary word) it's still quite safe to keep the server running at all times (certainly the vast majority of ssh server admins choose to let it run at all times). But if you get key authentication to work, and disable password and any other type of login, then you would have a server so secure that I can't really see the point of stopping the server. IF you also make sure that the other computer (the one you log in from) is also secure, i.e. nobody will be able to steal your key from there and use it to log in to your Nokia later.
(If anyone else than the owner can write to either of those directories then key authentication won't work).
As for running the ssh server.. obviously it's more secure to not run it when not needed. On the other hand, with a good password (not a dictionary word) it's still quite safe to keep the server running at all times (certainly the vast majority of ssh server admins choose to let it run at all times). But if you get key authentication to work, and disable password and any other type of login, then you would have a server so secure that I can't really see the point of stopping the server. IF you also make sure that the other computer (the one you log in from) is also secure, i.e. nobody will be able to steal your key from there and use it to log in to your Nokia later.
__________________
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
| The Following User Says Thank You to TA-t3 For This Useful Post: | ||
|
|
2008-02-13
, 21:11
|
|
Posts: 11 |
Thanked: 8 times |
Joined on Feb 2008
@ Youngstown, OH
|
#3
|
That worked for getting the keys to work. The directories were...
user rwxr-x---
.ssh rwxrwxrwx
I changed the permissions for those directories and the authorized_keys file to 755 as directed and the login works well. Thanks!
Now, onto getting the other stuff done (deny root login and change ports)
** Edit... done. The port is changed and root login is denied. Through another post I learned how to enable sudo su so I can manage to do what I need no matter what.
Last edited by gt24; 2008-02-13 at 21:29.
user rwxr-x---
.ssh rwxrwxrwx
I changed the permissions for those directories and the authorized_keys file to 755 as directed and the login works well. Thanks!
Now, onto getting the other stuff done (deny root login and change ports)
** Edit... done. The port is changed and root login is denied. Through another post I learned how to enable sudo su so I can manage to do what I need no matter what.
Last edited by gt24; 2008-02-13 at 21:29.
First... I cannot for the life of me get key authentication working. I would like to eventually deny root login to the device, use keys to log in as user (and sudo when necessary), and also change the port required for SSH. However, as you can guess, I am stuck at step one. I keep on getting key rejection errors in Putty on all attempts.
Second, does the SSH server have to run at all times? Would it work better if there was just a link in the menu to disable SSH and another to enable SSH? It isn't a perfect solution but it would certainly secure the device. How plausible is this?