I installed the openssh server in my n900 and it asked to create a password for the root account. ok.

When I ssh root@192.168.0.5 it asks the password and I can login.
Then I created the /root/.ssh/authorized_keys file by copying in it the pub key of my desktop account. Now I can ssh to the N900 without entering the password. Until here was all as expected.

The problem is that if I create the /home/user/.ssh/authorized_keys file as above, the ssh client asks me to enter a password (that doesn't exists - does it?) insted of using the keyfile access.

Anybody managed to ssh into the user account?

You can't SSH onto the N900 as 'user', because in /etc/passwd the second field, where the password would normally be, contains an exclamation mark. This effectively disables the account as far as logon access is concerned.

The solution I put in place was to create a new user account under a different name and set the UID and GID in /etc/passwd to 29999, the same as the 'user' account. Set your new account to have '/home/user' as it's home directory and put a password on it using the regular 'passwd' command.

You can then SSH onto the N900 as the user you just created, then do 'sudo gainroot' if you need root access.

This also means that you can edit /etc/ssh/sshd_config and disable root logins, which gives a little bit of extra security. Don't forget to restart the SSH daemon to make this take effect.

you just need to enable the user account, since you're going to use key authorization anyways. setting a password for user is not recommended.

a description can be found here (http://talk.maemo.org/showthread.php?t=38820&page=3) (post #23).

you just need to enable the user account, since you're going to use key authorization anyways. setting a password for user is not recommended.

a description can be found here (http://talk.maemo.org/showthread.php?t=38820&page=3) (post #23).

thank you both, i tried to unlock the user account with "passwd -u user", it says: "Password changed.", but I can not connect to the user account yet. The idea of crating an account "mirrored" to user is nice, but I would like to better understand what's going on.

any idea?

thank you both, i tried to unlock the user account with "passwd -u user", it says: "Password changed.", but I can not connect to the user account yet. The idea of crating an account "mirrored" to user is nice, but I would like to better understand what's going on.

any idea?

did you copy the file authorized_keys as root into your user folder?
if so, you first have to issue this in xterm as root:
chown -r user:users /home/user/.ssh

this changes ownership of the directory .ssh to "user", and the group ownership to "users".
also, make sure your private key file (if you have one on your N900) is safe:
chmod 600 /home/user/.ssh/id_ra

you just need to enable the user account, since you're going to use key authorization anyways. setting a password for user is not recommended.

a description can be found here (http://talk.maemo.org/showthread.php?t=38820&page=3) (post #23).

Why is setting the user password and login as active not a good idea?

Why is setting the user password and login as active not a good idea?

Milhouse described it in the post i mentioned.

SSH, by default, will NOT accept empty passwords, so a user without a password can't be "brute forced". if the user has a password and the SSH daemon is running, anyone on the same WiFi could try to crack the user password.

of course, if you allow root login (which is default) and password authentication (which is also default), the same is true for the root user :)

key authentication is simply the most secure option.

there might be other implications when using a user password that i'm not aware of.

For what it is worth, I had no problems in (a) setting a pasword for 'user', (b) entering the n900 with 'ssh user@192.168.1.101' and (c) using ssh-keygen to create a ~/.ssh/authorized_keys2 with an empty passphrase for direct login without a password.

Using ssh to enter root with or without password is frowned upon though, and probably disabled by default in /etc/ssh/sshd_config.

Paai

Why is setting the user password and login as active not a good idea?

Just use a strong password and you'll be fine.

did you copy the file authorized_keys as root into your user folder?
if so, you first have to issue this in xterm as root:
chown -r user:users /home/user/.ssh

this changes ownership of the directory .ssh to "user", and the group ownership to "users".
also, make sure your private key file (if you have one on your N900) is safe:
chmod 600 /home/user/.ssh/id_ra

i switced to user (su user) and then copied, thus no need to modify owner. I don't have a private key file on n900, is it required? for root is not!

My user password is strong and I checked the sshd config and I'm pretty sure root login was disabled by default so I don't think its that big of a deal. I might put a key on it just in case but that might be annoying if I want to get to it from someone elses PC. You could also change the default port ..

i switced to user (su user) and then copied, thus no need to modify owner.

hm, then it should work. the next step i'd suggest would be to enable logging to get more info about what's wrong. this involves installing additional software, i've described how to do that here (http://talk.maemo.org/showpost.php?p=432775&postcount=33).

I don't have a private key file on n900, is it required? for root is not!

it's required if you want to use key authentication in the other direction, i.e. to automatically log into a remote machine without having to type it's password on the N900.

hm, then it should work. the next step i'd suggest would be to enable logging to get more info about what's wrong. this involves installing additional software, i've described how to do that here (http://talk.maemo.org/showpost.php?p=432775&postcount=33).



it's required if you want to use key authentication in the other direction, i.e. to automatically log into a remote machine without having to type it's password on the N900.

indeed, is not required in this case. BTW, could setting a password for 'user' affect other maemo functionality?

BTW, could setting a password for 'user' affect other maemo functionality?

as i said before, that might be the case, but i'm not aware of any actual issue.

could setting a password for 'user' affect other maemo functionality?

Don't know, that's why I suggested not fscking about with it in the first place... :(

SOLVED! The problem was about permissions of the .ssh directory: with 'chmod go-w .ssh' now works!

thank you guys!

Jebba has a section on using the user account in his part (http://wiki.maemo.org/User:Jebba/Setup#ssh_server_.26_keys) of the Maemo wiki. It works.