1,285
edits
Changes
Jump to navigation
Jump to search
Line 229:
Line 229: − + Line 240:
Line 240: − + + + Line 246:
Line 248: − + − Note: you can also set a password on the root account by doing:+ − − in the terminal window. This is strongly recommended if you are going to allow remote access to your machine. Line 261:
Line 261: − + Line 269:
Line 269: − + − This will normally create a file in your ~/.ssh/ directory named id_rsa.pub (if you accepted the defaults). You now need to copy this file to your Sugar environment and add it to the contents of your ~/.ssh/authorized_keys file (you may need to create the file).+ − + − + − +
Development Team/Manual/Setup (view source)
Revision as of 18:47, 3 January 2011
, 18:47, 3 January 2011→SSH Access
== SSH Access ==
== SSH Access ==
You will often want to be able to use file-transfer and remote-login operations to access your Sugar environment. We generally recommend using ssh-based access for working with your Sugar environment remotely.
You will often want to be able to use file-transfer and remote-login operations to access your Sugar environment. We recommend using ssh-based access for working with your Sugar environment remotely.
Note: If you are using sugar-jhbuild you likely do '''not''' need to follow these instructions (since you're already using a running Linux desktop that shares its login and file-system with the Sugar instance).
Note: If you are using sugar-jhbuild you likely do '''not''' need to follow these instructions (since you're already using a running Linux desktop that shares its login and file-system with the Sugar instance).
=== Password Based ===
=== Password Based ===
Password-based SSH authentication is convenient and simple to set up, but it is far easier to crack than key-based access. Consider using key-based authentication unless you are absolutely sure that no-one can reach your Sugar environment from untrusted networks (and maybe even then).
Password-based SSH authentication is convenient and simple to set up.
''(However, it is far easier to crack than key-based access. This is because a password can be guessed, especially if multiple automatic attacks are made. Attacks can arrive over a wireless network from hosts that you trust. It is more secure to use key-based authentication. Accept password-based authentication if you are confident that your network is secured.)''
Open a [[OLPC:Terminal]] activity and run:
Open a [[OLPC:Terminal]] activity and run:
passwd
passwd
which will prompt you to enter a password (and confirm it).
which will prompt you to enter a password (and confirm it). This enables remote access for the default user.
Since the default user can su, you should also set a password on the root account:
su root
su root
passwd
passwd
=== SSH Key Based ===
=== SSH Key Based ===
In summary, you create a private key which will be stored on your remote system and encrypted with a strong password. You transfer the public key (think of it as a lock) that corresponds to that key to the Sugar environment and install it as an "authenticated key" which can be used to log into the Sugar environment.
In summary, you create a private key which will be stored on your remote system and encrypted with a strong password. You transfer the public key (think of it as a lock) that corresponds to that key to the Sugar environment and install it as an "authenticated key" which can be used to log into the Sugar environment.
On your remote system, install SSH (Linux and MacOS will already have it installed, on Windows use the PuTTY program) and generate a new ssh key pair (following is for Linux/MacOS, refer to PuTTY's documentation for details on Windows):
On your remote system, install SSH (Linux and Mac OS X will already have it installed, on Windows use the PuTTY program) and generate a new ssh key pair (following is for Linux and Mac OS X, refer to PuTTY's documentation for details on Windows):
ssh-keygen
ssh-keygen
* Accept the defaults for key-type and size.
* Accept the defaults for key-type and size.
* If ssh-keygen asks if you want to overwrite a key say '''No''', you are about to destroy your current ssh key!
* If ssh-keygen asks if you want to overwrite a key say '''No''', you are about to destroy your current ssh key!
* Use a strong pass-phrase that you can remember easily (the pass phrase will need to be entered frequently unless you make use of an ssh-agent such as offered by PuTTY or Gentoo's keychain)
* Use a strong passphrase that you can remember easily (the passphrase will need to be entered frequently unless you make use of an agent such as offered by PuTTY, ssh-agent or Gentoo's keychain)
''ssh-keygen'' will normally create a file in your ~/.ssh/ directory named id_rsa.pub (if you accepted the defaults). Copy this file to your Sugar environment and add it to the contents of the ~/.ssh/authorized_keys file (you may need to create the file).
mkdir ~olpc/.ssh
mkdir ~/.ssh
cat id_rsa.pub >> ~olpc/.ssh/authorized_keys
cat id_rsa.pub >> ~/.ssh/authorized_keys
add your key to your keychain/ssh-agent application and you can now use SSH with just a single sign-on for many concurrent actions.
add your key to your keychain or ssh-agent application and you can now use SSH with just a single sign-on for many concurrent actions.
See: [[OLPC:Emulating the XO/Help_and_tips#SSH into qemu|SSH Into Qemu]] for Qemu-specific notes regarding port forwarding
See: [[OLPC:Emulating the XO/Help_and_tips#SSH into qemu|SSH Into Qemu]] for Qemu-specific notes regarding port forwarding