WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: SSH server  (Read 13621 times)

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 10957
Re: SSH server
« Reply #15 on: January 30, 2013, 01:52:50 AM »
Ouch, if your password is in DES, change it immediately. Also pretty bad if some busybox build for Pi defaulted to DES passwords.
The only barriers that can stop you are the ones you create yourself.

Offline str4ng3r

  • Newbie
  • *
  • Posts: 48
Re: SSH server
« Reply #16 on: January 30, 2013, 10:26:51 AM »
...

For Dropbear to start automatically add:
usr/local/etc/init.d/dropbear start to /opt/bootlocal.sh

And then do a backup to make it persistent
filetool.sh -b

Hi sbp.

This bit is always generating new keys everytime i reboot the device. Do you experience the same behaviour?

Thanks.

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: SSH server
« Reply #17 on: January 30, 2013, 10:32:07 AM »
Backup keys as adviced in my previous message to avoid regenerating them if exist.
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline str4ng3r

  • Newbie
  • *
  • Posts: 48
Re: SSH server
« Reply #18 on: January 30, 2013, 10:36:23 AM »
Will do bmarkus.

I've created a new user and placed it on the sudoers file.
However i can not manage for that user to run tce-load. Apparently it doesn't have permissions to use /tmp

How do i solve it?

Regards.

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: SSH server
« Reply #19 on: January 30, 2013, 10:41:58 AM »
The easiest way is to use new user only for login. When logegd in change user to tc.
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline justauser

  • Newbie
  • *
  • Posts: 17
Re: SSH server
« Reply #20 on: January 30, 2013, 01:57:39 PM »
I can't remember the name of the package right now, but there is an sftp capability that goes with dropbear.  Add that if you want to use sftp for secure file transfer.  I am using on x86 and it works like a charm

Offline tinypoodle

  • Hero Member
  • *****
  • Posts: 3857
Re: SSH server
« Reply #21 on: January 30, 2013, 10:35:31 PM »
I think you may have the standalone sftp server of OpenSSH in mind.
"Software gets slower faster than hardware gets faster." Niklaus Wirth - A Plea for Lean Software (1995)

Offline sbp

  • Sr. Member
  • ****
  • Posts: 429
    • piCorePlayer homepage
Re: SSH server
« Reply #22 on: February 03, 2013, 01:44:27 AM »
Hi
I just downloaded version 4.7.4, and trying to do exactly what I did in post #4 in this thread - but it seems like the password I supply for user:tc is not saved.

So when I start Putty, and supply the password, I'm denied access.

If I then define the new password directly on the raspberry, I can log in via putty. Even if I do a filetool.sh -b and backup, the password is not backed up.

So after a reboot, the same problem occur.

Steen
« Last Edit: February 03, 2013, 02:46:03 AM by sbp »

Offline sbp

  • Sr. Member
  • ****
  • Posts: 429
    • piCorePlayer homepage
Re: SSH server
« Reply #23 on: February 03, 2013, 02:08:25 AM »
OK I found a solution (I don't know if it is the correct one but it works)

I changed /opt/.filetools.lst so it looks like this:

Code: [Select]
opt
home
etc
etc/passwd
etc/shadow
/usr/local/etc/dropbear/dropbear_dss_host_key
/usr/local/etc/dropbear/dropbear_rsa_host_key


The important was to add "etc" below "opt" and "home" otherwise it would not save the password. I can't remember if etc was included in 4.7.3

Also please notice I had to change:
Code: [Select]
/usr/local/etc/dropbear/dropbear_dss_hostkey
/usr/local/etc/dropbear/dropbear_rsa_hostkey

To

Code: [Select]
/usr/local/etc/dropbear/dropbear_dss_host_key
/usr/local/etc/dropbear/dropbear_rsa_host_key


Otherwise Dropbear would still create new hostkeys.

Steen
« Last Edit: February 03, 2013, 02:10:00 AM by sbp »

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: SSH server
« Reply #24 on: February 03, 2013, 03:07:53 AM »
Steen

backing up whole /etc is bad practice. Backup only files must be saved. better to spend some time to identify necessary files.

Do not use leading '/' in .filetools.lst
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11178
Re: SSH server
« Reply #25 on: February 03, 2013, 06:07:43 AM »
Hi sbp
Here is what I have in  .filetool.lst  for the X86 version of  dropbear:
Code: [Select]
etc/passwd
etc/group
etc/shadow
etc/gshadow
etc/dropbear
Since you are using ARM, in your case the last line should read:
Code: [Select]
usr/local/etc/dropbear

Offline sbp

  • Sr. Member
  • ****
  • Posts: 429
    • piCorePlayer homepage
Re: SSH server
« Reply #26 on: February 03, 2013, 06:08:14 AM »
Hi bmarkus

Thanks for the advise. I have now tried to put all the files from /etc into the filetool.lst, and then commenting them out one by one. And it turned out that the problem was self inflected. I had two invisible empty spaces after etc/passwd in my original filetool.lst.

I also removed the leading "/".

But you still need to use:
usr/local/etc/dropbear/dropbear_dss_host_key
usr/local/etc/dropbear/dropbear_rsa_host_key

In order to have Dropbear to remember its keys.

So my working opt/.filetool.lst is like this:
Code: [Select]
opt
home
etc/passwd
etc/shadow
usr/local/etc/dropbear/dropbear_dss_host_key
usr/local/etc/dropbear/dropbear_rsa_host_ke

Steen

 
« Last Edit: February 03, 2013, 06:10:58 AM by sbp »

Offline str4ng3r

  • Newbie
  • *
  • Posts: 48
Re: SSH server
« Reply #27 on: February 03, 2013, 06:57:41 AM »
Hi sbp
Here is what I have in  .filetool.lst  for the X86 version of  dropbear:
Code: [Select]
etc/passwd
etc/group
etc/shadow
etc/gshadow
etc/dropbear
Since you are using ARM, in your case the last line should read:
Code: [Select]
usr/local/etc/dropbear

I'm running an ARM and in my filetool.lst i'm using

etc/dropbear instead of usr/local/etc/dropbear

It all seems to be working fine and dandy.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11178
Re: SSH server
« Reply #28 on: February 03, 2013, 07:17:57 AM »
Hi str4ng3r
I'm not running ARM, so that part of my answer is based on Reply #9 by bmarkus.

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: SSH server
« Reply #29 on: February 03, 2013, 07:39:15 AM »
In piCore there are no /etc/dropbear directory !
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."