Thanks Jim for your kind help!
Tom
--- In Jim Jackson <> wrote:
>
>
>
>
> On Sun, 12 Mar 2006, chentom60 wrote:
>
> > > Ok I've checked this, and it appears that dropbear supports the
same
> > > key authorised access as openssh.
> > >
> > > On your client machine (the one you are going to use to ssh to
your remote
> > > ts72xx board) you need to create a public/private key pair.
Using openssh
> > > this is done e.g. by
> > >
> > > $ ssh-keygen -t rsa
> > > Generating public/private rsa key pair.
> > > Enter file in which to save the key (/home/jj/.ssh/id_rsa):
> > > Enter passphrase (empty for no passphrase):
> > > Enter same passphrase again:
> > > Your identification has been saved in /home/jj/.ssh/id_rsa.
> > > Your public key has been saved in /home/jj/.ssh/id_rsa.pub.
> > > The key fingerprint is:
> > > 1c:5d:91:47:33:ae:bb:2d:00:74:44:ed:ff:0a:75:b2
> > >
> >
> >
> > Are you in root mode on host PC or do you have a "jj" account in
the
> > board?
>
> You do this logged in as the account you will be using on the host.
This
> creates the private and public keys. The private key stays,
privately, on
> your host machine.
>
> I have a jj account on the board. BUT that actually doesn't
matter....
>
> > > Make sure you just press <return> for the passphrase (twice :-).
> > > This creates an unencrypted private key in ~/.ssh/id_rsa so
it is
> > > important that you keep this file secret. Make sure the
permissions
> > > only allow you to read the file.
> > >
> > > It also creates the matching public key in ~/.ssh/id_rsa.pub
> > > The public is just that - public and it doesn't matter who sees
this.
> > >
> > > You must now copy your public key in the file
~/.ssh/authorized_keys
> > > or, if this file already exists, copy the public key to the end
of that
> > > file - there can be many public keys that authorise you access.
> > >
> > > you should be able now to remote login without a password, or
run commands
> > > remotely without a password.
> > >
> >
> > Perhaps you forgot to mention that you used someway to copy the
> > authorized_keys to the board.
>
> see above where I say "You must now copy ....", but you are right I
left
> that as an exercide for the reader :-)
>
> How did I do it? I had 2 xterm windows open on my host machine, in
one I
> did
>
> cat ~/.ssh/id_rsa.pub
>
> and on the other I did
>
> ssh
>
> and used my password to login. Then I did
>
> vi .ssh/authorized_keys
>
> and I cut and pasted the public keys into the file and saved it.
> Next time I ssh'd I didn't need a password.
>
> A perhaps simpler way would be to just execute this command on the
host
> machine....
>
> cat ~/.ssh/id_rsa.pub | ssh "cat
>> .ssh/authorized_keys"
>
> and give you password when prompted.
>
> > I googled ssh on the web and found that this is a must. Otherwise,
> > remote host could not be recognized. Where did you save the
public key
> > on the board?
> >
> > http://kimmo.suominen.com/docs/ssh/ is a good how-to tutorial.
> >
> > >From root mode, I tried to use "$ scp authorized_keys
> > ". Though I did not get any error msg, the
> > authorized_keys could not be copied by scp.
>
> you should not need to copy the authorized_keys file. This file
exists
> on the board, and contains a list of public keys of hosts that can
> connect.
>
>
>
> > Finally I had to use NFS to copy to board. Now, I can login in to
> > board without password. But I have to use root mode on host PC.
> > I have tried a lot tonight, scp still does not work.
>
> I've never succeeded with scp either to the ts7200 board.
>
> There are different ways of enabling several accounts - other than
root on
> the HOST
>
> - login as your non-root account on the host and check if it
already
> has a ~/.ssh/id_rsa.pub (or id_dsa.pub for dsa keys). If not
then
> repeat the
>
> ssh-keygen -t rsa
>
> command.
>
> Then append the public key to the authorized_keys
> file in the relevant account on the TS7200 board, as above.
>
> - if your non-root account doesn't have a public/private key,
> i.e. ls ~/.ssh/*.pub lists nothing, then you could login as
root on
> the host and
>
> # cp -p ~/.ssh/id_rsa* ~account/.ssh
> # chown account ~account/.ssh/id_rsa*
>
> to give your non-root account the same key pair as root. So you
can use
> either the root or non-root account on the host.
>
> On the TS7200 board, you can add the same public key(s) to different
> authorized_keys files in different accounts so that from the same
_HOST_
> account you can access root and non-root on the TS7200 board.
>
> > > I believe dropbear also does some port forwarding, and would
guess that
> > > this works as per openssh, though I've done no testing.
> > >
> > > All the testing I did was for Dropbear sshd v0.44test4
>
>
> cheers
> Jim
>
> p.s. you got me at a good time, I'm putting off writing a report :-)
>
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ts-7000/
<*> To unsubscribe from this group, send an email to:
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
|