OOKB - Olaf's Own Knowledge Base

User Tools

Site Tools

Trace:
sat:ssh_key

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
sat:ssh_key [2023/01/25 21:42] – removed - external edit (Unknown date) 127.0.0.1sat:ssh_key [2023/06/10 11:19] (current) olaf
Line 1: Line 1:
 +====== OpenHDF 6.x/7.x SSH and SFTP access with key files ======
 +
 +
 +To control a Linux server with SSH, it is more secure to use an encrypted key to authenticate than a simple password. That’s also the case for file transfers – especially since SSH and SFTP server can share the same secret.
 +
 +The OpenHDF image contains already a tiny SSH server: dropbear. For SFPT we need to add the openSSH SFTP server from the OpenHDF repository. Connect as root on the box and install it:
 +
 +<code bash>
 +opkg update
 +opkg install openssh-sftp-server
 +</code>
 +
 +if it doesn’t exist, create a directory .ssh in the home of the user you use to connect to the box.
 +
 +''mkdir  /home/sshuser/.ssh''
 +
 +I am using PuTTYgen to generate the public and private key 
 +You can download PuttyGen (and other Putty stuff) from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
 +
 +Start PuTTYgen in a command shell as Administrator.
 +
 +Select Type of key to generate to EdDSA and curve to use Ed25519
 +
 +Under Key in the menu select ''“SSH-2 EdDSA key”'', ''“Use proven primes with even distribution”'', ''“Use strong primes as RSA key factors”'' and ''“Show fingerprint as SHA256”''
 +
 +{{:puttykeygen-01.png?400|}} {{ :puttykeygen-02.png?400|}}
 +     
 +I set the Key comment to something like ''<user>@<host>''  to remember for what the key was and set the key passphrase (password). Then press the ''“Generate”'' button.
 +
 +Click ''“Save private key”'' and select the directory and file name. Then Click ''“Save public key”'' and select the directory and file name.
 +
 +Copy the content of ''“Public key for pasting into OpenSSH authorized_keys file”'' 
 +
 +In your terminal on the box just generate the file in ''.ssh'':
 +
 +''cat > /home/sshuser/.ssh/authorized_keys''
 +
 +paste the content of ''“Public key for pasting into OpenSSH authorized_keys file”'', press enter key and ctrl-D
 +
 +Now, we need to modify the parameters in putty to use the key:
 +
 +Set the user under ''“Connection”'' – ''“Data”'' – ''“Auto-login username”'' and enter the path and file name of the saved private key under ''“Connection”'' – ''“SSH”'' – ''“Auth”'' – ''“Private key file for authentication”''.
 +{{:putty-01.png?400|}} {{ :putty-02.png?400|}}
 +
 +Then open the connection. You’ll be asked for the passphrase for the key and then the session connects.
 +In your SFTP client you can change now the protocol to SFTP, provide the private key and after providing the passphrase it connects to the box.
 +
 +Now, the dropbear configuration could be changed to only allow root with keys and/ or access only with key. 
 +
 +Modify /etc/default/dropbear
 +
 +Original :
 +  * DROPBEAR_EXTRA_ARGS="-R -B"
 +No passwords: 
 +  * DROPBEAR_EXTRA_ARGS="-R -B -g -s"
 +
 +The parameters for DROPBEAR_EXTRA_ARGS:
 +  * Allow blank passwords: -B
 +  * Generate hostkeys automatically: -R
 +  * Disable password logins for root: -g
 +  * Disable password logins: -s
  

Page Tools