Active Topics
-
Porting apps to Leste (29)
to Maemo 7 / Leste by Arno_11 - 2 days, 7 hrs ago -
Install Fonts in N900 (68)
to Maemo 5 / Fremantle by teroyk - 3 days, 11 hrs ago - more...
 |
|
2008-08-28
, 19:33
|
|
Posts: 4,672 |
Thanked: 5,455 times |
Joined on Jul 2008
@ Springfield, MA, USA
|
#22
|
Originally Posted by Laughing Man
Yep! On the server side, where you created your keys, you would issue a:
Ok I've gotten around to messing with this again. And I have several questions..
ssh-copy-id
What do I do with this command? The Ubuntu wiki says
"Assuming the remote Ubuntu computers you wish to use the keys for have running ssh daemons already, then locating your public portion of the key pair on those machines is quite simple. For example, if you'd like to begin using key-based logins as user username on a remote machine named host, and host is running sshd, and reachable by name on your network, simply use the ssh-copy-id command to properly locate your key:
ssh-copy-id -i ~/.ssh/id_rsa.pub username@host"
So username@host would be something like root@N800. Correct? But from where do I issue the command? My desktop/laptop (clients) or my tablet? (host?). And does this copy the ID onto whatever computer I need it on?
@danramos, I tried following your instructions though I didn't want to set an IP address. I'm going leave my desktop at home this year, and just bring my laptop with me to college so I'd need the ability to connect to it from my desktop or laptop depending on which network I am on. (at home, desktop. at college, my laptop).
And if I'm already logging into root via ssh, how would I switch it to the more secure key+ password? And how would this effect programs such as winscp or the Ubuntu Nautilus file manager?
ssh-copy-id -i ~/.ssh/id_rsa.pub user@192.168.0.10 (assuming .10 is your tablet).
As for the IP address, you NEED to use the IP address inside your network as I'm sure you don't have a DNS server that you admin locally or hosts file to resolve the name to hosts. If you want to add your tablet to a fixed IP in your router's DHCP and then associate a name to that IP address, that would work while you're at home. But if you're roaming around in the cloud and connecting from, say, Burger King, that won't work.
You could do what I did, though. Set a fixed DHCP address for your laptop/server at home on your router... tell your router to route ALL traffic for a high and unusual port (let's say 2222) and route all traffic destined to port 2222 to your laptop/desktop's address at port 22. Then, set up a DynDNS.com domain name that will ALWAYS resolve to whatever your router reports to DynDNS as your current IP address with your ISP.
Once you're roaming around on the Internet cloud, you can go to a terminal session and type, say in this example:
ssh -p 2222 user@mydomain.dyndns.com
This assumes you got the name 'mydomain' from dyndns.com.
Let me know if I should flesh out any of that any further and I hope it helps you out.
|
|
2008-08-28
, 19:36
|
|
Posts: 4,672 |
Thanked: 5,455 times |
Joined on Jul 2008
@ Springfield, MA, USA
|
#23
|
Originally Posted by Laughing Man
Yup! They're mounted with user's access.. so that's actually the whole point--the user using the tablet should be able to access the SD card contents.
Can I access my /media/mmcs cards with just the regular user? And any additional help is much appreciated (I'm trying to read up on this and google it though it's a wee bit confusing).
Edit: And I have changed the root password, though I don't think I've changed the user password yet. (it has a password?)
And yep.. the user has a password. Just 'passwd user' and that should do it. Don't lose the root password. If you lose the user's password, though.. no biggy. You can go back in as root from the terminal and just 'passwd user' to change it without already knowing the old one. Hence why you want to try NOT TO LOG IN AS ROOT as much as possible. If anyone manages to get root.. they are GOD of your tablet.
hehehAs for the mmc cards, you'll find them at:
internal: /media/mmc2
removeable: /media/mmc1
So, for instance, you can issue:
ls -la /media/mmc1
And you'll see the contents of the external card.. and you'll also notice that the files are all "owned" to the 'user' account.
|
|
2008-08-28
, 20:39
|
|
Posts: 4,556 |
Thanked: 1,624 times |
Joined on Dec 2007
|
#24
|
Edit: Disabled root login for openssh.
Now to just get the keys setup.
Last edited by Laughing Man; 2008-08-28 at 20:49.
Now to just get the keys setup.
__________________
Originally Posted by ysss
They're maemo and MeeGo...
"Meamo!" sounds like what Zorro would say to catherine zeta jones... after she slaps him for looking at her dirtily...
Last edited by Laughing Man; 2008-08-28 at 20:49.
|
|
2008-08-29
, 02:55
|
|
Posts: 4,672 |
Thanked: 5,455 times |
Joined on Jul 2008
@ Springfield, MA, USA
|
#25
|
Whoa.. you sure you want to actually DISABLE root login? Are you using any other method to be able to get root access?
 |
|
2008-08-29
, 03:33
|
|
Posts: 168 |
Thanked: 104 times |
Joined on Feb 2008
@ California, USA
|
#26
|
Originally Posted by danramos
Actually, you'd want to remove the compromised client's public keys from the 'authorized_keys' file(s) for any accounts on any machines you care about.
...
Not necessarily. If someone has stolen your tablet or if you suspect any kind of abuse, you can tell the ssh server on your laptop or desktop to regenerate private server-side keys so that anyone logging in needs new keys to connect to it.
Regenerating keys on the server isn't going to do anything useful, aside from generating 'hey, the key for this server changed' messages for any clients that connect to a server with new keys, and happen to have different server keys cached.
Last edited by slvr32; 2008-08-29 at 03:36.
|
|
2008-08-29
, 04:31
|
|
Posts: 4,556 |
Thanked: 1,624 times |
Joined on Dec 2007
|
#27
|
Originally Posted by danramos
I disabled it for openssh.
Whoa.. you sure you want to actually DISABLE root login? Are you using any other method to be able to get root access?
changed allowrootlogin to no in its config file and reduce timeout to 60
Can still use root on the device.
__________________
Originally Posted by ysss
They're maemo and MeeGo...
"Meamo!" sounds like what Zorro would say to catherine zeta jones... after she slaps him for looking at her dirtily...
 |
|
2008-08-29
, 21:42
|
|
Posts: 82 |
Thanked: 5 times |
Joined on Jun 2007
@ New Mexico, USA
|
#28
|
Why not just use Bluetooth file transfer to move files back and forth?
I also use https:// Gmail, or an SD card//USB gadget. All three seem like secure, easy ways to do Mac-N800 transfers
I also use https:// Gmail, or an SD card//USB gadget. All three seem like secure, easy ways to do Mac-N800 transfers
|
|
2008-08-29
, 21:50
|
|
Posts: 4,672 |
Thanked: 5,455 times |
Joined on Jul 2008
@ Springfield, MA, USA
|
#29
|
Originally Posted by slvr32
You're right--I'm not sure why I said that, given I've actually done this a million times. Once the public key is removed from the .ssh/authorized_keys file on the destination end, it's no longer going to work.
Actually, you'd want to remove the compromised client's public keys from the 'authorized_keys' file(s) for any accounts on any machines you care about.
Regenerating keys on the server isn't going to do anything useful, aside from generating 'hey, the key for this server changed' messages for any clients that connect to a server with new keys, and happen to have different server keys cached.
|
|
2008-08-29
, 21:56
|
|
Posts: 4,672 |
Thanked: 5,455 times |
Joined on Jul 2008
@ Springfield, MA, USA
|
#30
|
Originally Posted by HalSF
Bluetooth is slower and generally feels a whole lot more klunkier. It's also not scriptable, whereas I can write an easy shell script to scp or ssh something to another box using the keys to authenticate.
Why not just use Bluetooth file transfer to move files back and forth?
I also use https:// Gmail, or an SD card//USB gadget. All three seem like secure, easy ways to do Mac-N800 transfers
By the by, Bluetooth is a whole lot less secure if someone nefarious is within range.
Using https and gmail is too awkward and out-of-the-way.
USB only makes sense if you're connecting to a PC to access the SD cards--which may or may not serve your purpose. If you're trying to simply read/write the media cards, this is fine. If you're trying to script some cross-server automation or some file transfers to the /home/user path, this will be insufficient.
Using the SD card is, again, only appropriate if the whole point is to simply move files over to the SD card. Then there's the whole argument of wear and tear on the kickstand and the SD card's door.
I personally prefer to use ssh and scp to access and to transfer files. On rare occasion I will use bluetooth. I prefer not to use wires as much as possible and see very little reason to put any more wear and tear on my device by doing so.
| The Following User Says Thank You to danramos For This Useful Post: | ||
Edit: And I have changed the root password, though I don't think I've changed the user password yet. (it has a password?)