On Sun, 12 Mar 2006, chentom60 wrote:
> > Ok I've checked this, and it appears that dropbear supports the same
> > key authorised access as openssh.
> >
> > On your client machine (the one you are going to use to ssh to your remote
> > ts72xx board) you need to create a public/private key pair. Using openssh
> > this is done e.g. by
> >
> > $ ssh-keygen -t rsa
> > Generating public/private rsa key pair.
> > Enter file in which to save the key (/home/jj/.ssh/id_rsa):
> > Enter passphrase (empty for no passphrase):
> > Enter same passphrase again:
> > Your identification has been saved in /home/jj/.ssh/id_rsa.
> > Your public key has been saved in /home/jj/.ssh/id_rsa.pub.
> > The key fingerprint is:
> > 1c:5d:91:47:33:ae:bb:2d:00:74:44:ed:ff:0a:75:b2
> >
>
>
> Are you in root mode on host PC or do you have a "jj" account in the
> board?
You do this logged in as the account you will be using on the host. This
creates the private and public keys. The private key stays, privately, on
your host machine.
I have a jj account on the board. BUT that actually doesn't matter....
> > Make sure you just press <return> for the passphrase (twice :-).
> > This creates an unencrypted private key in ~/.ssh/id_rsa so it is
> > important that you keep this file secret. Make sure the permissions
> > only allow you to read the file.
> >
> > It also creates the matching public key in ~/.ssh/id_rsa.pub
> > The public is just that - public and it doesn't matter who sees this.
> >
> > You must now copy your public key in the file ~/.ssh/authorized_keys
> > or, if this file already exists, copy the public key to the end of that
> > file - there can be many public keys that authorise you access.
> >
> > you should be able now to remote login without a password, or run commands
> > remotely without a password.
> >
>
> Perhaps you forgot to mention that you used someway to copy the
> authorized_keys to the board.
see above where I say "You must now copy ....", but you are right I left
that as an exercide for the reader :-)
How did I do it? I had 2 xterm windows open on my host machine, in one I
did
cat ~/.ssh/id_rsa.pub
and on the other I did
ssh
and used my password to login. Then I did
vi .ssh/authorized_keys
and I cut and pasted the public keys into the file and saved it.
Next time I ssh'd I didn't need a password.
A perhaps simpler way would be to just execute this command on the host
machine....
cat ~/.ssh/id_rsa.pub | ssh "cat >> .ssh/authorized_keys"
and give you password when prompted.
> I googled ssh on the web and found that this is a must. Otherwise,
> remote host could not be recognized. Where did you save the public key
> on the board?
>
> http://kimmo.suominen.com/docs/ssh/ is a good how-to tutorial.
>
> >From root mode, I tried to use "$ scp authorized_keys
> ". Though I did not get any error msg, the
> authorized_keys could not be copied by scp.
you should not need to copy the authorized_keys file. This file exists
on the board, and contains a list of public keys of hosts that can
connect.
> Finally I had to use NFS to copy to board. Now, I can login in to
> board without password. But I have to use root mode on host PC.
> I have tried a lot tonight, scp still does not work.
I've never succeeded with scp either to the ts7200 board.
There are different ways of enabling several accounts - other than root on
the HOST
- login as your non-root account on the host and check if it already
has a ~/.ssh/id_rsa.pub (or id_dsa.pub for dsa keys). If not then
repeat the
ssh-keygen -t rsa
command.
Then append the public key to the authorized_keys
file in the relevant account on the TS7200 board, as above.
- if your non-root account doesn't have a public/private key,
i.e. ls ~/.ssh/*.pub lists nothing, then you could login as root on
the host and
# cp -p ~/.ssh/id_rsa* ~account/.ssh
# chown account ~account/.ssh/id_rsa*
to give your non-root account the same key pair as root. So you can use
either the root or non-root account on the host.
On the TS7200 board, you can add the same public key(s) to different
authorized_keys files in different accounts so that from the same _HOST_
account you can access root and non-root on the TS7200 board.
> > I believe dropbear also does some port forwarding, and would guess that
> > this works as per openssh, though I've done no testing.
> >
> > All the testing I did was for Dropbear sshd v0.44test4
cheers
Jim
p.s. you got me at a good time, I'm putting off writing a report :-)
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ts-7000/
<*> To unsubscribe from this group, send an email to:
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
|