Line 229: |
Line 229: |
| == SSH Access == | | == SSH Access == |
| | | |
− | You will often want to be able to use file-transfer and remote-login operations to access your Sugar environment. We generally recommend using ssh-based access for working with your Sugar environment remotely. | + | You will often want to be able to use file-transfer and remote-login operations to access your Sugar environment. We recommend using ssh-based access for working with your Sugar environment remotely. |
| | | |
| Note: If you are using sugar-jhbuild you likely do '''not''' need to follow these instructions (since you're already using a running Linux desktop that shares its login and file-system with the Sugar instance). | | Note: If you are using sugar-jhbuild you likely do '''not''' need to follow these instructions (since you're already using a running Linux desktop that shares its login and file-system with the Sugar instance). |
Line 240: |
Line 240: |
| === Password Based === | | === Password Based === |
| | | |
− | Password-based SSH authentication is convenient and simple to set up, but it is far easier to crack than key-based access. Consider using key-based authentication unless you are absolutely sure that no-one can reach your Sugar environment from untrusted networks (and maybe even then). | + | Password-based SSH authentication is convenient and simple to set up. |
| + | |
| + | ''(However, it is far easier to crack than key-based access. This is because a password can be guessed, especially if multiple automatic attacks are made. Attacks can arrive over a wireless network from hosts that you trust. It is more secure to use key-based authentication. Accept password-based authentication if you are confident that your network is secured.)'' |
| | | |
| Open a [[OLPC:Terminal]] activity and run: | | Open a [[OLPC:Terminal]] activity and run: |
Line 246: |
Line 248: |
| passwd | | passwd |
| | | |
− | which will prompt you to enter a password (and confirm it). | + | which will prompt you to enter a password (and confirm it). This enables remote access for the default user. |
| | | |
− | Note: you can also set a password on the root account by doing:
| + | Since the default user can su, you should also set a password on the root account: |
| | | |
| su root | | su root |
| passwd | | passwd |
− |
| |
− | in the terminal window. This is strongly recommended if you are going to allow remote access to your machine.
| |
| | | |
| === SSH Key Based === | | === SSH Key Based === |
Line 261: |
Line 261: |
| In summary, you create a private key which will be stored on your remote system and encrypted with a strong password. You transfer the public key (think of it as a lock) that corresponds to that key to the Sugar environment and install it as an "authenticated key" which can be used to log into the Sugar environment. | | In summary, you create a private key which will be stored on your remote system and encrypted with a strong password. You transfer the public key (think of it as a lock) that corresponds to that key to the Sugar environment and install it as an "authenticated key" which can be used to log into the Sugar environment. |
| | | |
− | On your remote system, install SSH (Linux and MacOS will already have it installed, on Windows use the PuTTY program) and generate a new ssh key pair (following is for Linux/MacOS, refer to PuTTY's documentation for details on Windows): | + | On your remote system, install SSH (Linux and Mac OS X will already have it installed, on Windows use the PuTTY program) and generate a new ssh key pair (following is for Linux and Mac OS X, refer to PuTTY's documentation for details on Windows): |
| | | |
| ssh-keygen | | ssh-keygen |
Line 269: |
Line 269: |
| * Accept the defaults for key-type and size. | | * Accept the defaults for key-type and size. |
| * If ssh-keygen asks if you want to overwrite a key say '''No''', you are about to destroy your current ssh key! | | * If ssh-keygen asks if you want to overwrite a key say '''No''', you are about to destroy your current ssh key! |
− | * Use a strong pass-phrase that you can remember easily (the pass phrase will need to be entered frequently unless you make use of an ssh-agent such as offered by PuTTY or Gentoo's keychain) | + | * Use a strong passphrase that you can remember easily (the passphrase will need to be entered frequently unless you make use of an agent such as offered by PuTTY, ssh-agent or Gentoo's keychain) |
| | | |
− | This will normally create a file in your ~/.ssh/ directory named id_rsa.pub (if you accepted the defaults). You now need to copy this file to your Sugar environment and add it to the contents of your ~/.ssh/authorized_keys file (you may need to create the file).
| + | ''ssh-keygen'' will normally create a file in your ~/.ssh/ directory named id_rsa.pub (if you accepted the defaults). Copy this file to your Sugar environment and add it to the contents of the ~/.ssh/authorized_keys file (you may need to create the file). |
| | | |
− | mkdir ~olpc/.ssh | + | mkdir ~/.ssh |
− | cat id_rsa.pub >> ~olpc/.ssh/authorized_keys | + | cat id_rsa.pub >> ~/.ssh/authorized_keys |
| | | |
− | add your key to your keychain/ssh-agent application and you can now use SSH with just a single sign-on for many concurrent actions. | + | add your key to your keychain or ssh-agent application and you can now use SSH with just a single sign-on for many concurrent actions. |
| | | |
| See: [[OLPC:Emulating the XO/Help_and_tips#SSH into qemu|SSH Into Qemu]] for Qemu-specific notes regarding port forwarding | | See: [[OLPC:Emulating the XO/Help_and_tips#SSH into qemu|SSH Into Qemu]] for Qemu-specific notes regarding port forwarding |