OOKB - Olaf's Own Knowledge Base

User Tools

Site Tools

Trace: ssh_key

Sidebar

Welcome to my Wiki
Elasticsearch
Linux
Opensearch
Sat receiver Octagon SF 8008
Windows
Android: Disable WhatsApp backup
Arduino and ESP32
OpenSSL
Setup Occulus software for multi-user on PC
EasyMesh
Welcome to your new DokuWiki

sat:ssh_key

OpenHDF 6.x/7.x SSH and SFTP access with key files

To control a Linux server with SSH, it is more secure to use an encrypted key to authenticate than a simple password. That’s also the case for file transfers – especially since SSH and SFTP server can share the same secret.

The OpenHDF image contains already a tiny SSH server: dropbear. For SFPT we need to add the openSSH SFTP server from the OpenHDF repository. Connect as root on the box and install it: 

opkg update
opkg install openssh-sftp-server

if it doesn’t exist, create a directory .ssh in the home of the user you use to connect to the box.

mkdir /home/sshuser/.ssh

I am using PuTTYgen to generate the public and private key You can download PuttyGen (and other Putty stuff) from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Start PuTTYgen in a command shell as Administrator.

Select Type of key to generate to EdDSA and curve to use Ed25519

Under Key in the menu select “SSH-2 EdDSA key”, “Use proven primes with even distribution”, “Use strong primes as RSA key factors” and “Show fingerprint as SHA256”

I set the Key comment to something like <user>@<host> to remember for what the key was and set the key passphrase (password). Then press the “Generate” button.

Click “Save private key” and select the directory and file name. Then Click “Save public key” and select the directory and file name.

Copy the content of “Public key for pasting into OpenSSH authorized_keys file”

In your terminal on the box just generate the file in .ssh:

cat > /home/sshuser/.ssh/authorized_keys

paste the content of “Public key for pasting into OpenSSH authorized_keys file”, press enter key and ctrl-D

Now, we need to modify the parameters in putty to use the key:

Set the user under “Connection”“Data”“Auto-login username” and enter the path and file name of the saved private key under “Connection”“SSH”“Auth”“Private key file for authentication”.

Then open the connection. You’ll be asked for the passphrase for the key and then the session connects. In your SFTP client you can change now the protocol to SFTP, provide the private key and after providing the passphrase it connects to the box.

Now, the dropbear configuration could be changed to only allow root with keys and/ or access only with key.

Modify /etc/default/dropbear

Original :

  • DROPBEAR_EXTRA_ARGS=“-R -B”

No passwords:

  • DROPBEAR_EXTRA_ARGS=“-R -B -g -s”

The parameters for DROPBEAR_EXTRA_ARGS:

  • Allow blank passwords: -B
  • Generate hostkeys automatically: -R
  • Disable password logins for root: -g
  • Disable password logins: -s
sat/ssh_key.txt · Last modified: 2023/06/10 11:19 by olaf

Page Tools