Public key logins
andrewfblack (Talk | contribs) (New page: It is worth setting up your tablet to use public key authentication. The main advantage is that you can login through ssh directly into the user account and keep root access for those situ...) |
andrewfblack (Talk | contribs) |
||
| Line 107: | Line 107: | ||
[[Category:Users]] | [[Category:Users]] | ||
| + | [[Category:Internet Tablet Talk]] | ||
Revision as of 16:24, 19 August 2008
It is worth setting up your tablet to use public key authentication. The main advantage is that you can login through ssh directly into the user account and keep root access for those situations which really need it. It also makes the process of logging in by ssh somewhat simpler as you don't have to type in any passwords.
The following describes how to achieve this for putty, pscp and winscp.
First off, if you can, then set your tablet to use a fixed IP address on your network. Do this from the 'advanced' part of the connection setup in the tablet and choose an address accessible on your network but outside the range allocated by DHCP. Then you can edit \windows\system32\drivers\etc\hosts to include an entry for your tablet. You need a line with ip address and the name. e.g.
192.168.1.21 n810
If you use putty as your Windows SSH client (and pscp to copy files to/from the tablet), then follow these instructions to generate keys:
On the windows system run 'puttygen'. Make sure that SSH-2 RSA is selected in the radio buttons at the foot of the window then press the 'generate' button. Wave the mouse round over the window until the key is generated.
In the 'Key comment' box type in something memorable by which to identify the key. e.g. I use 'duncan-n810-20080113' (my name-target system-date). It doesn't much matter what you use, but if you generate multiple keys it can help to distinguish them.
You can enter a passphrase if you want. I think that you don't need one for accessing your tablet: if someone wants to get at the data that badly they can simply hit you over the head and steal the device. So leave the passphrase field blank.
Save the private key using a name such as duncan-n810-20080113.ppk. Don't close puttgen yet.
Now run 'putty root@n810' and login using your root password. At the
command prompt enter the following commands (the mkdir may not be
needed, if so it will tell you the file alreayd exists):
Nokia-N810-50-2:~# mkdir /home/user/.ssh
Nokia-N810-50-2:~# vi /home/user/.ssh/authorized_keys
In vi, press 'i' to get into insert mode. Now find the Putty Key Generator window, and copy the entire text from the box under 'Public key for pasting into OpenSSH authorized_keys file'. It will be quite long so be sure you get it all (it starts with 'ssh-' and ends with the key comment you entered earlier).
Switch back to the putty session running vi and right click to paste the key into the window; it must be all in one line. When it has finished pasting, press the escape key then the three keys ':wq'
This should put you back at the command prompt. Try the following
command just to check. You should see something like this:
Nokia-N810-50-2:~# cat /home/user/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBx5B1fZksY4shwePrPVfy5x02m0RTtcDY6jZRL0aC0lxlV
sEHYuk4aPtsFTJb3JOveWrKqtOuJbmnQ831bw4RpCoFJonrTEGP4sFyS2dFALQEqQr9lXzGAKXbPWUij
N/eZLcORpvxuCCvzbCNjgKBUxR4uGrGw0HajXkfWQLuaDQ== duncan-n810-20080113
-update by bluesubaru: in my case I also had to make sure the permissions on this directory are 700 and that it is owned by user "user". My directory permissions were 770 and I got a "refused key" message until I made this change.-
Check that you got both the start 'ssh-rsa' and the end of this string
in the file, it is quite easy to not quite copy all of it. Now go back
to Windows and run putty again specifying the private key file to be
used for the login:
C:\>putty -i duncan-n810-20080113.ppk user@n810
The output in the putty window should look something like this:
Using username "user".
Authenticating with public key "duncan-n810-20080113"
BusyBox v1.6.1 (2007-09-27 18:08:59 EEST) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
~ $
Next create a putty saved session. Run putty without any arguments. Select category 'Auth', and in the 'Private key for authentication' box select the ppk file you created. Then select the top category 'Session', in the 'host name' field enter 'user@n810' (replace n810 with the name you gave your tablet in your hosts file) then in the 'Saved Sessions' box enter 'n810'.
You can make putty use the saved session by running with the '-load' option: e.g. putty -load n810
pscp will use the session automatically (provided the hostname and the
session name are the same):
pscp myvideo.mp4 n810:/media/mmc1/Video
For winscp create a new session filling in the host name (n810), user name (user), and private key file (the ppk file you saved).