PDA

View Full Version : SSH Public Key Authentication



hickinbottoms
2007-10-15, 13:58
My Jive beta turned up today for which I'm very grateful. One thing I've noticed is that whilst the randomised SSH password is handy and secure-ish, because it keeps changing it makes installing software on the device automatically with SCP a little cumbersome.

An alternative to passwords is public key authentication, which the SSH server in the remote supports very well. This allows you to securely logged on with, depending on how you've set it up, no password or a constant passphrase.

I've knocked up the following page in the wiki which explains how to enable it:

http://wiki.slimdevices.com/index.cgi?JivePublicKeyAuthentication

It's missing the detail of how to create your public/private keypair in the first place, but I'm sure everyone's an expert here and already knows how to do that! It does include a link to another tutorial I found that covers it, though. I've personally created suitable keys with OpenSSH and PuTTY (the latter on Windows).

Stuart

sdonham
2007-10-16, 09:10
Or, you could just change the root password. If you look at the Jive code, you can see that when you enable SSH it calls a "random" function to generate a new password.
If you leave SSH enabled on the remote, log in via SSH as root, and issue a "#passwd root" command. You can change it to whatever you like and it sticks as long as you do not disable SSH. I changed mine to something really simple like '0000'

sdonham
2007-10-16, 12:09
Just followed your wiki, works like a charm. This is MUCH easier that typing in a password and now I can automate uploading the nightly updates to the remote.

hickinbottoms
2007-10-16, 14:07
That's what I was thinking of it for - if developing an applet I think
you might have to download and restart the remote for that to be picked
up. If you can log in without a password (but still securely), you can
upload your new applet version and issue a 'reboot' command
automatically from a makefile or similar.

Stuart

sdonham wrote:
> Just followed your wiki, works like a charm. This is MUCH easier that
> typing in a password and now I can automate uploading the nightly
> updates to the remote.
>
>
>