Hi, I often ssh in to my device to fiddle with files and such as the tiny keyboard on the N900 can be hard to work with.

However using linux over the years has taught me not to log in as root if you don't need to. However I cant seem to find a matching password for the useraccount, I tried blank and I tried my device lock code. I suppose I could set a password with passwd (?) but I'm not sure what impications this would have.

So my question to the community would be, is there a default password for the user account? And can this be safely changed, if so, how?

I suppose there should be a wikipost or thread about here somewhere on this, but I can't find it..

Thanks //Habmala

You must gain root and then:
passwd user
Then you can change the user password, I think.
(user is the user name on the N900)

yes, I figured, but will this have any effects on the system? Since I can't get in with a blank password when using "ssh user@local.ip" I suppose there must be a password already set, does anyone know this password?

After login as root through ssh, you can change to the normal user
with:
regards
Nicolai

Usually I don't deal with passwords when using ssh, but use ~/.ssh/id_dsa.pub from the client that I append to ~/.ssh/authorized_keys on the server. But I can't get this to work on the n900 for the user "user". This is not too much of a trouble as I just do "ssh root@n900" followed by "su - user", but I still wonder why it doesn't work.

Thanks, Nicolai
I'm still curious about the passwod but this takes care of my issue for now I suppose.

Thanks a lot //Habmala

@dov
I suppose even though I use passwords our issues are linked. It would be interesting looking in to this, if nobody has an easy answer any time soon

By default the "user" user is locked so ssh doesn't accept logins to it. You can unlock it with "sudo passwd -u user". Also make sure that the ~/.ssh directory and ~/.ssh/authorized_keys file are NOT group or world-writable: chmod 700 ~/.ssh; chmod 600 ~/.ssh/authorized_keys

Allowing ssh with password now means that someone can potentially login via ssh if they guess your password. Recommended security practice, especially if you keep your sshd on all the time, is to disable password logins entirely (as well as root login) and use keys as dov mentioned to login as "user". Keys are also more convenient because you don't have to type the password every time.

The sshd configuration file is /etc/ssh/sshd_config. The option "PasswordAuthentication" controls whether passwords are allowed or not. Set it to "no" and "PubkeyAuthentication yes" and you can only log in using keys (after reloading sshd).

If you're even more paranoid, you can qualify the public keys in ~/.ssh/authorized_keys with IP restrictions, for example:
from="192.168.1.*" ssh-rsa AAAAB3Nza.....

EDIT - I have now worked around this by connecting to the root account on n900 (for which there IS a password) and then su'ing to user. I still don't understand why the below asked me for the user account password though. Ssh should have authenticated the connection using the public key for the user account?

EDIT2 - now sorted. my authorized_keys files were a bit messed up :-)

I have set up a reverse ssh tunnel successfully from n900 to my home WinXP box (running openSSH):
I did an ssh-keygen on n900, copied the id_rsa.pub to my XP box and copied it to openSSH's authorized_keys file (which didn't previously exist). I then did another ssh-keygen on XP, copied its id_rsa.pub to n900 and then did a cat id_rsa.pub >> ~/.ssh/authorised_keys.

I have password entry turned off in the sshd_config file on the XP end. When I create the reverse tunnel in xterm it works fine (I get a command prompt up from my xp box with my own custom banner - I'm assuming that's what I should get, i.e. just like opening a forward ssh tunnel to my XP box, which I often do for other purposes).

My problem is that, when I then try to ssh into n900 over the open reverse tunnel from an xp command prompt using:

my rsa key is being ignored and I get prompted for user@localhost's password - which I can't supply as there isn't one (but that's not the point, I don't understand why I'm even being asked for a password whren it should be authorising me via the authorized_keys entry).

I thought I knew what I was doing but I've clearly messed up some part of the rsa key generation or authorized_keys entries. (the perms are OK on the n900 side, read only access for user, no access for group, other). Seems strange though that one half is working OK while the other half isn't.

the -vvv (verbose) mode for ssh from XP isn't giving me any obvious pointers as to what I've done wrong: all I can see is that it is offering the id_rsa.pub key but it is ignored (so it drops back to interactive password request).

Any suggestions/ideas?

Read wotevah's reply, who answered this question. The user account is locked and need to be unlocked with "passwd -u user". You can then connect to it.