Public key logins
andrewfblack (Talk | contribs) |
(Cleanup, markup, still needs Linux and OS X entries) |
||
| Line 1: | Line 1: | ||
| - | It is worth setting up your tablet to use public key authentication. | + | It is worth setting up your tablet to use public key authentication. The main advantage is that you can login through ssh directly into the |
| - | The main advantage is that you can login through ssh directly into the | + | user account and keep root access for those situations which really need it. It also makes the process of logging in by ssh somewhat |
| - | user account and keep root access for those situations which really | + | simpler as you don't have to type in any passwords. |
| - | need it. It also makes the process of logging in by ssh somewhat | + | |
| - | simpler as you don't have to type in any passwords. | + | |
| - | + | == Static IP == | |
| - | + | ||
| - | First off, if you can, then set your tablet to use a fixed IP address | + | First off, if you can, then set your tablet to use a fixed IP address on your network. You can do this on your router by assigning a specific IP to your tablet's MAC address, or this from on your tablet in the 'advanced' part of the connection setup and choose an address accessible on your network but outside the range allocated by DHCP. Then you can edit <code>\windows\system32\drivers\etc\hosts</code> to include an entry for your tablet. You need a line with ip address and the name. |
| - | on your network. | + | |
| - | setup | + | |
| - | but outside the range allocated by DHCP. Then you can edit | + | |
| - | \windows\system32\drivers\etc\hosts to include an entry for your | + | |
| - | tablet. You need a line with ip address and the name | + | |
| - | + | 192.168.1.21 n810 | |
| - | + | ||
| - | + | ||
| - | + | == Windows == | |
| - | + | ||
| - | + | If you use putty as your Windows SSH client (and pscp to copy files to/from the tablet), then follow these instructions to generate keys: | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | On the windows system run <code>puttygen</code>. Make sure that SSH-2 RSA is selected in the radio buttons at the foot of the window then press the 'Generate' button (this may take a few minutes). | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | In the 'Key comment' box type in something memorable by which to identify the key (e.g., 'duncan-n810-20080113'). It doesn't much matter what you use, but if you generate multiple keys it can help to distinguish them. | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | You can enter a passphrase if you want additional security, but it is not required. Otherwise leave the passphrase field blank. | |
| - | + | ||
| - | + | Save the private key using a name such as duncan-n810-20080113.ppk. Don't close puttgen yet. | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | In vi, press 'i' to get into insert mode. Now find the Putty Key | + | Now run <code>putty root@n810</code> and login using your root password. At the command prompt enter the following commands (the <code>mkdir</code> may not be needed, if so it will tell you the file already exists): |
| - | Generator window, and copy the entire text from the box under 'Public | + | |
| - | key for pasting into OpenSSH authorized_keys file'. It will be quite | + | Nokia-N810-50-2:~# mkdir /home/user/.ssh |
| - | long so be sure you get it all (it starts with 'ssh-' and ends with | + | Nokia-N810-50-2:~# vi /home/user/.ssh/authorized_keys |
| + | |||
| + | In <code>vi</code>, press 'i' to get into insert mode. Now find the Putty Key Generator window, and copy the entire text from the box under 'Public key for pasting into OpenSSH authorized_keys file'. It will be quite long so be sure you get it all (it starts with 'ssh-' and ends with | ||
the key comment you entered earlier). | the key comment you entered earlier). | ||
| - | Switch back to the putty session running vi and right click to paste | + | Switch back to the putty session running vi and right click to paste the key into the window; it must be all in one line. When it has |
| - | the key into the window; it must be all in one line. When it has | + | finished pasting, press the escape key then the three keys ':wq' |
| - | finished pasting, press the escape key then the three keys ':wq' | + | |
| - | This should put you back at the command prompt. Try the following | + | This should put you back at the command prompt. Try the following command just to check. You should see something like this: |
| - | command just to check. You should see something like this: | + | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| + | Nokia-N810-50-2:~# cat /home/user/.ssh/authorized_keys | ||
| + | ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBx5B1fZksY4shwePrPVfy5x02m0RTtcDY6jZRL0aC0lxlV | ||
| + | sEHYuk4aPtsFTJb3JOveWrKqtOuJbmnQ831bw4RpCoFJonrTEGP4sFyS2dFALQEqQr9lXzGAKXbPWUij | ||
| + | N/eZLcORpvxuCCvzbCNjgKBUxR4uGrGw0HajXkfWQLuaDQ== duncan-n810-20080113 | ||
| - | - | + | Check that you got both the start 'ssh-rsa' and the end of this string in the file, it is quite easy to not quite copy all of it. Now go back |
| + | to Windows and run putty again specifying the private key file to be used for the login: | ||
| + | |||
| + | C:\>putty -i duncan-n810-20080113.ppk user@n810 | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
The output in the putty window should look something like this: | The output in the putty window should look something like this: | ||
| - | < | + | |
| - | + | <pre> | |
| - | + | Using username "user". | |
| + | Authenticating with public key "duncan-n810-20080113" | ||
| + | |||
| + | BusyBox v1.6.1 (2007-09-27 18:08:59 EEST) Built-in shell (ash) | ||
| + | Enter 'help' for a list of built-in commands. | ||
| - | + | ~ $ | |
| - | + | </pre> | |
| - | + | ||
| - | + | Next create a putty saved session. Run putty without any arguments. Select category 'Auth', and in the 'Private key for authentication' | |
| - | + | box select the ppk file you created. Then select the top category 'Session', in the 'host name' field enter 'user@n810' (replace n810 | |
| - | </ | + | with the name you gave your tablet in your hosts file) then in the 'Saved Sessions' box enter 'n810'. |
| - | Next create a putty saved session. Run putty without any arguments. | + | |
| - | Select category 'Auth', and in the 'Private key for authentication' | + | You can make putty use the saved session by running with the '-load' option (e.g., putty -load n810). |
| - | box select the ppk file you created. Then select the top category | + | |
| - | 'Session', in the 'host name' field enter 'user@n810' (replace n810 | + | pscp will use the session automatically (provided the hostname and the session name are the same): |
| - | with the name you gave your tablet in your hosts file) then in the | + | |
| - | 'Saved Sessions' box enter 'n810'. | + | pscp myvideo.mp4 n810:/media/mmc1/Video |
| - | + | For winscp create a new session filling in the host name (n810), user name (user), and private key file (the ppk file you saved). | |
| - | + | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
[[Category:Users]] | [[Category:Users]] | ||
| - | |||
Revision as of 11:22, 23 April 2009
It is worth setting up your tablet to use public key authentication. The main advantage is that you can login through ssh directly into the user account and keep root access for those situations which really need it. It also makes the process of logging in by ssh somewhat simpler as you don't have to type in any passwords.
Static IP
First off, if you can, then set your tablet to use a fixed IP address on your network. You can do this on your router by assigning a specific IP to your tablet's MAC address, or this from on your tablet in the 'advanced' part of the connection setup and choose an address accessible on your network but outside the range allocated by DHCP. Then you can edit \windows\system32\drivers\etc\hosts to include an entry for your tablet. You need a line with ip address and the name.
192.168.1.21 n810
Windows
If you use putty as your Windows SSH client (and pscp to copy files to/from the tablet), then follow these instructions to generate keys:
On the windows system run puttygen. Make sure that SSH-2 RSA is selected in the radio buttons at the foot of the window then press the 'Generate' button (this may take a few minutes).
In the 'Key comment' box type in something memorable by which to identify the key (e.g., 'duncan-n810-20080113'). It doesn't much matter what you use, but if you generate multiple keys it can help to distinguish them.
You can enter a passphrase if you want additional security, but it is not required. Otherwise leave the passphrase field blank.
Save the private key using a name such as duncan-n810-20080113.ppk. Don't close puttgen yet.
Now run putty root@n810 and login using your root password. At the command prompt enter the following commands (the mkdir may not be needed, if so it will tell you the file already exists):
Nokia-N810-50-2:~# mkdir /home/user/.ssh Nokia-N810-50-2:~# vi /home/user/.ssh/authorized_keys
In vi, press 'i' to get into insert mode. Now find the Putty Key Generator window, and copy the entire text from the box under 'Public key for pasting into OpenSSH authorized_keys file'. It will be quite long so be sure you get it all (it starts with 'ssh-' and ends with
the key comment you entered earlier).
Switch back to the putty session running vi and right click to paste the key into the window; it must be all in one line. When it has finished pasting, press the escape key then the three keys ':wq'
This should put you back at the command prompt. Try the following command just to check. You should see something like this:
Nokia-N810-50-2:~# cat /home/user/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBx5B1fZksY4shwePrPVfy5x02m0RTtcDY6jZRL0aC0lxlV sEHYuk4aPtsFTJb3JOveWrKqtOuJbmnQ831bw4RpCoFJonrTEGP4sFyS2dFALQEqQr9lXzGAKXbPWUij N/eZLcORpvxuCCvzbCNjgKBUxR4uGrGw0HajXkfWQLuaDQ== duncan-n810-20080113
Check that you got both the start 'ssh-rsa' and the end of this string in the file, it is quite easy to not quite copy all of it. Now go back to Windows and run putty again specifying the private key file to be used for the login:
C:\>putty -i duncan-n810-20080113.ppk user@n810
The output in the putty window should look something like this:
Using username "user".
Authenticating with public key "duncan-n810-20080113"
BusyBox v1.6.1 (2007-09-27 18:08:59 EEST) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
~ $
Next create a putty saved session. Run putty without any arguments. Select category 'Auth', and in the 'Private key for authentication' box select the ppk file you created. Then select the top category 'Session', in the 'host name' field enter 'user@n810' (replace n810 with the name you gave your tablet in your hosts file) then in the 'Saved Sessions' box enter 'n810'.
You can make putty use the saved session by running with the '-load' option (e.g., putty -load n810).
pscp will use the session automatically (provided the hostname and the session name are the same):
pscp myvideo.mp4 n810:/media/mmc1/Video
For winscp create a new session filling in the host name (n810), user name (user), and private key file (the ppk file you saved).