Changes

Line 229: Line 229:  
== SSH Access ==
 
== SSH Access ==
   −
You will often want to be able to use file-transfer and remote-login operations to access your Sugar environment.  We generally recommend using ssh-based access for working with your Sugar environment remotely.
+
You will often want to be able to use file-transfer and remote-login operations to access your Sugar environment.  We recommend using ssh-based access for working with your Sugar environment remotely.
    
Note: If you are using sugar-jhbuild you likely do '''not''' need to follow these instructions (since you're already using a running Linux desktop that shares its login and file-system with the Sugar instance).
 
Note: If you are using sugar-jhbuild you likely do '''not''' need to follow these instructions (since you're already using a running Linux desktop that shares its login and file-system with the Sugar instance).
Line 240: Line 240:  
=== Password Based ===
 
=== Password Based ===
   −
Password-based SSH authentication is convenient and simple to set up, but it is far easier to crack than key-based access.  Consider using key-based authentication unless you are absolutely sure that no-one can reach your Sugar environment from untrusted networks (and maybe even then).
+
Password-based SSH authentication is convenient and simple to set up.
 +
 
 +
''(However, it is far easier to crack than key-based access.  This is because a password can be guessed, especially if multiple automatic attacks are made.  Attacks can arrive over a wireless network from hosts that you trust.  It is more secure to use key-based authentication.  Accept password-based authentication if you are confident that your network is secured.)''
    
Open a [[OLPC:Terminal]] activity and run:
 
Open a [[OLPC:Terminal]] activity and run:
Line 246: Line 248:  
   passwd
 
   passwd
   −
which will prompt you to enter a password (and confirm it).
+
which will prompt you to enter a password (and confirm it).  This enables remote access for the default user.
   −
Note: you can also set a password on the root account by doing:
+
Since the default user can su, you should also set a password on the root account:
    
  su root
 
  su root
 
  passwd
 
  passwd
  −
in the terminal window.  This is strongly recommended if you are going to allow remote access to your machine.
      
=== SSH Key Based ===
 
=== SSH Key Based ===
Line 261: Line 261:  
In summary, you create a private key which will be stored on your remote system and encrypted with a strong password.  You transfer the public key (think of it as a lock) that corresponds to that key to the Sugar environment and install it as an "authenticated key" which can be used to log into the Sugar environment.
 
In summary, you create a private key which will be stored on your remote system and encrypted with a strong password.  You transfer the public key (think of it as a lock) that corresponds to that key to the Sugar environment and install it as an "authenticated key" which can be used to log into the Sugar environment.
   −
On your remote system, install SSH (Linux and MacOS will already have it installed, on Windows use the PuTTY program) and generate a new ssh key pair (following is for Linux/MacOS, refer to PuTTY's documentation for details on Windows):
+
On your remote system, install SSH (Linux and Mac OS X will already have it installed, on Windows use the PuTTY program) and generate a new ssh key pair (following is for Linux and Mac OS X, refer to PuTTY's documentation for details on Windows):
    
   ssh-keygen
 
   ssh-keygen
Line 269: Line 269:  
* Accept the defaults for key-type and size.
 
* Accept the defaults for key-type and size.
 
* If ssh-keygen asks if you want to overwrite a key say '''No''', you are about to destroy your current ssh key!
 
* If ssh-keygen asks if you want to overwrite a key say '''No''', you are about to destroy your current ssh key!
* Use a strong pass-phrase that you can remember easily (the pass phrase will need to be entered frequently unless you make use of an ssh-agent such as offered by PuTTY or Gentoo's keychain)
+
* Use a strong passphrase that you can remember easily (the passphrase will need to be entered frequently unless you make use of an agent such as offered by PuTTY, ssh-agent or Gentoo's keychain)
   −
This will normally create a file in your ~/.ssh/ directory named id_rsa.pub (if you accepted the defaults).  You now need to copy this file to your Sugar environment and add it to the contents of your ~/.ssh/authorized_keys file (you may need to create the file).
+
''ssh-keygen'' will normally create a file in your ~/.ssh/ directory named id_rsa.pub (if you accepted the defaults).  Copy this file to your Sugar environment and add it to the contents of the ~/.ssh/authorized_keys file (you may need to create the file).
   −
  mkdir ~olpc/.ssh
+
  mkdir ~/.ssh
  cat id_rsa.pub >> ~olpc/.ssh/authorized_keys
+
  cat id_rsa.pub >> ~/.ssh/authorized_keys
   −
add your key to your keychain/ssh-agent application and you can now use SSH with just a single sign-on for many concurrent actions.
+
add your key to your keychain or ssh-agent application and you can now use SSH with just a single sign-on for many concurrent actions.
    
See: [[OLPC:Emulating the XO/Help_and_tips#SSH into qemu|SSH Into Qemu]] for Qemu-specific notes regarding port forwarding
 
See: [[OLPC:Emulating the XO/Help_and_tips#SSH into qemu|SSH Into Qemu]] for Qemu-specific notes regarding port forwarding