Active Topics
-
[HOWTO] Comprehensive Firmware Flashing Guide for N9 (1,580)
to Nokia N9 / N950 by aspergerguy - 8 hrs, 11 mins ago -
Nokia N9-00 Prototype Build S1.12 (RM-680 codename "Dali") (250)
to Nokia N9 / N950 by en0s - 3 days, 4 hrs ago -
[Announce] Maebble - Pebble support for Maemo (118)
to Applications by glo-worm - 3 days, 16 hrs ago -
Possible to flash Leste to eMMC? (6)
to Maemo 7 / Leste by Eri - 4 days, 7 hrs ago - more...
 |
|
2010-01-12
, 12:32
|
|
Posts: 71 |
Thanked: 65 times |
Joined on Oct 2009
@ Brighton, UK
|
#2
|
You can't SSH onto the N900 as 'user', because in /etc/passwd the second field, where the password would normally be, contains an exclamation mark. This effectively disables the account as far as logon access is concerned.
The solution I put in place was to create a new user account under a different name and set the UID and GID in /etc/passwd to 29999, the same as the 'user' account. Set your new account to have '/home/user' as it's home directory and put a password on it using the regular 'passwd' command.
You can then SSH onto the N900 as the user you just created, then do 'sudo gainroot' if you need root access.
This also means that you can edit /etc/ssh/sshd_config and disable root logins, which gives a little bit of extra security. Don't forget to restart the SSH daemon to make this take effect.
The solution I put in place was to create a new user account under a different name and set the UID and GID in /etc/passwd to 29999, the same as the 'user' account. Set your new account to have '/home/user' as it's home directory and put a password on it using the regular 'passwd' command.
You can then SSH onto the N900 as the user you just created, then do 'sudo gainroot' if you need root access.
This also means that you can edit /etc/ssh/sshd_config and disable root logins, which gives a little bit of extra security. Don't forget to restart the SSH daemon to make this take effect.
__________________
Phil Edwards
Brighton, UK
Phil Edwards
Brighton, UK
 |
|
2010-01-12
, 12:36
|
|
Posts: 850 |
Thanked: 626 times |
Joined on Sep 2009
@ Vienna, Austria
|
#3
|
you just need to enable the user account, since you're going to use key authorization anyways. setting a password for user is not recommended.
a description can be found here (post #23).
a description can be found here (post #23).
__________________
"What we perceive is not nature itself, but nature exposed to our method of questioning."
-- Werner Karl Heisenberg
"What we perceive is not nature itself, but nature exposed to our method of questioning."
-- Werner Karl Heisenberg
|
|
2010-01-12
, 13:41
|
|
Posts: 169 |
Thanked: 56 times |
Joined on Jan 2010
@ Italia
|
#4
|
Originally Posted by SubCore
thank you both, i tried to unlock the user account with "passwd -u user", it says: "Password changed.", but I can not connect to the user account yet. The idea of crating an account "mirrored" to user is nice, but I would like to better understand what's going on.
you just need to enable the user account, since you're going to use key authorization anyways. setting a password for user is not recommended.
a description can be found here (post #23).
any idea?
|
|
2010-01-12
, 13:52
|
|
Posts: 850 |
Thanked: 626 times |
Joined on Sep 2009
@ Vienna, Austria
|
#5
|
Originally Posted by cipper
did you copy the file authorized_keys as root into your user folder?
thank you both, i tried to unlock the user account with "passwd -u user", it says: "Password changed.", but I can not connect to the user account yet. The idea of crating an account "mirrored" to user is nice, but I would like to better understand what's going on.
any idea?
if so, you first have to issue this in xterm as root:
Code:
chown -r user:users /home/user/.ssh
also, make sure your private key file (if you have one on your N900) is safe:
Code:
chmod 600 /home/user/.ssh/id_ra
__________________
"What we perceive is not nature itself, but nature exposed to our method of questioning."
-- Werner Karl Heisenberg
"What we perceive is not nature itself, but nature exposed to our method of questioning."
-- Werner Karl Heisenberg
|
|
2010-01-12
, 14:02
|
|
Posts: 24 |
Thanked: 2 times |
Joined on Jan 2010
|
#6
|
Originally Posted by SubCore
Why is setting the user password and login as active not a good idea?
you just need to enable the user account, since you're going to use key authorization anyways. setting a password for user is not recommended.
a description can be found here (post #23).
|
|
2010-01-12
, 14:08
|
|
Posts: 850 |
Thanked: 626 times |
Joined on Sep 2009
@ Vienna, Austria
|
#7
|
Originally Posted by tk421
Milhouse described it in the post i mentioned.
Why is setting the user password and login as active not a good idea?
SSH, by default, will NOT accept empty passwords, so a user without a password can't be "brute forced". if the user has a password and the SSH daemon is running, anyone on the same WiFi could try to crack the user password.
of course, if you allow root login (which is default) and password authentication (which is also default), the same is true for the root user
key authentication is simply the most secure option.
there might be other implications when using a user password that i'm not aware of.
__________________
"What we perceive is not nature itself, but nature exposed to our method of questioning."
-- Werner Karl Heisenberg
"What we perceive is not nature itself, but nature exposed to our method of questioning."
-- Werner Karl Heisenberg
|
|
2010-01-12
, 14:12
|
|
Posts: 162 |
Thanked: 25 times |
Joined on Dec 2009
|
#8
|
For what it is worth, I had no problems in (a) setting a pasword for 'user', (b) entering the n900 with 'ssh user@192.168.1.101' and (c) using ssh-keygen to create a ~/.ssh/authorized_keys2 with an empty passphrase for direct login without a password.
Using ssh to enter root with or without password is frowned upon though, and probably disabled by default in /etc/ssh/sshd_config.
Paai
Using ssh to enter root with or without password is frowned upon though, and probably disabled by default in /etc/ssh/sshd_config.
Paai
|
|
2010-01-12
, 14:23
|
|
Posts: 388 |
Thanked: 842 times |
Joined on Sep 2009
@ Finland
|
#9
|
Originally Posted by tk421
Just use a strong password and you'll be fine.
Why is setting the user password and login as active not a good idea?
|
|
2010-01-12
, 14:39
|
|
Posts: 169 |
Thanked: 56 times |
Joined on Jan 2010
@ Italia
|
#10
|
Originally Posted by SubCore
i switced to user (su user) and then copied, thus no need to modify owner. I don't have a private key file on n900, is it required? for root is not!
did you copy the file authorized_keys as root into your user folder?
if so, you first have to issue this in xterm as root:
this changes ownership of the directory .ssh to "user", and the group ownership to "users".Code:chown -r user:users /home/user/.ssh
also, make sure your private key file (if you have one on your N900) is safe:
Code:chmod 600 /home/user/.ssh/id_ra
When I ssh root@192.168.0.5 it asks the password and I can login.
Then I created the /root/.ssh/authorized_keys file by copying in it the pub key of my desktop account. Now I can ssh to the N900 without entering the password. Until here was all as expected.
The problem is that if I create the /home/user/.ssh/authorized_keys file as above, the ssh client asks me to enter a password (that doesn't exists - does it?) insted of using the keyfile access.
Anybody managed to ssh into the user account?