https://maemo.octonezd.me/api.php?action=feedcontributions&feedformat=atom&user=94.193.104.142Maemo Wiki Mirror - User contributions [en]2026-04-22T04:25:11ZUser contributionsMediaWiki 1.45.1https://maemo.octonezd.me/index.php?title=SSH&diff=37250SSH2009-12-29T14:03:21Z<p>94.193.104.142: /* OpenSSH */</p>
<hr />
<div>SSH (Secure SHell) is a network protocol that allows you to access a terminal shell remotely. The following use-cases are common:<br />
<br />
#Administrating remote computers such as servers by using the device over a secure connection instead of plain-text.<br />
#When performing console operations one may stumble upon limits such as text-input, battery life, raw horsepower, or available software.<br />
#Some applications require a better network connection than device provides. E.g. a colocated 100 mbit server running 24/7 is usually both faster as well as more reliable than a device on WiFi or 3G.<br />
#Combined with a terminal emulator supporting detaching such as screen or dtach an application remains running after network connection is gone, device is unpowered.<br />
#SSH protocol can be used for remote X11, forwarding, tunneling, [[VPN]], port knocking alternative. These are intermediate-advanced topics requiring sufficient background knowledge.<br />
<br />
== Flavours to install on your device ==<br />
=== OpenSSH ===<br />
<br />
OpenSSH is the most common client and server package. It is available in [[Extras]]. You can install either only the client or server, or both depending on your particular use-case. Be aware that the installation may take a while and appear frozen, as SSH keys have to be generated during the install.<br />
<br />
Also the server install asks you to set a new password.<br />
<br />
=== Dropbear ===<br />
Dropbear is an alternative ssh client/server package which uses less disk/memory.<br />
<br />
== On-device Usage ==<br />
<br />
=== Client ===<br />
To allow you to use your tablet/phone to connect to other machines.<br />
<br />
You can connect to a remote machine from the tablet by running <code>ssh ''user''@''server ip''</code>. This will give you a remote shell on the server machine.<br />
<br />
=== Server ===<br />
To allow other machines to connect to your tablet/phone.<br />
<br />
If you wish to access a shell on the tablet from a remote machine (to edit a local file with a real keyboard, perhaps), then all that you need to do is make sure OpenSSH server is installed on the tablet and <code>ssh root@''tablet ip''</code><br />
<br />
Note that N900's are called "Nokia-N900-41-10" if allocated an IP address via DHCP (see [https://bugs.maemo.org/show_bug.cgi?id=2758 this bug])<br />
<br />
== PuTTY ==<br />
<br />
PuTTY is a client for the SSH & [the abysmally insecure] Telnet protocols. It is a popular client for Microsoft Windows, *Nix Operating Systems with ports even existing for Symbian phones, Windows Mobile and even the internet tablet itself. It can be used to connect to a tablet running OpenSSH to get a remote shell.<br />
<br />
=== Usage ===<br />
<br />
# Load up PuTTY on the machine you want to connect to the tablet from.<br />
## You should see the window titled "PuTTY Configuration" and the "Session" category selected.<br />
# Ensure "SSH" is selected as the "Connection type:" and enter <code>the tablet's ip</code> in the "Host Name (or IP address)" section.<br />
# ''If'' you need to change any other settings out of necessity or personal preference for example, go and change settings as required.<br />
# If you want to save these settings for future use to connect to the tablet quickly, add a name in "Saved Sessions" and press Save.<br />
# Press Open and enter the name of the user you wish to connect as when prompted. (root is commonly used)<br />
<br />
=== Extra security AND convenience ===<br />
It is fairly easy to generate a secure key to allow key-based authentication to the device. Provided you keep the key secure this is more secure than using a UNIX password (PAM).<br />
<br />
First, make sure you can use SSH to log in to your remote *NIX computer's user account.<br />
<br />
On the device you need to create a directory in the appropriate users home directory:<br />
cd<br />
mkdir .ssh<br />
chmod 700 .ssh<br />
<br />
Back on the remote *NIX computer run the following command:<br />
ssh-keygen -t rsa<br />
You'll find a file in your home directory called .ssh/id_rsa.pub and .ssh/id_rsa<br />
The .pub one is allowed out in public - you give it to other machines. The other one must be kept private.<br />
<br />
In the case your private key is stolen (ie. device stolen) the perpetrator has access to your machine without requiring a password. It is therefore recommended to use a password when issuing ssh-keygen command. Note this password must [i]not[/i] be the same as your UNIX password.<br />
<br />
Then if you use OpenSSH:<br />
su -c "scp .ssh/id_rsa.pub <user>@<hostname_or_ip_address:/home/user/.ssh/authorized_keys2"<br />
For dropbear:<br />
su -c "scp .ssh/id_rsa.pub <user>@<hostname_or_ip_address:/home/user/.ssh/authorized_keys2"<br />
This will ask for your UNIX password to copy across the key.<br />
<br />
Now try:<br />
ssh <user>@<hostname_or_ip_address><br />
and you should just get a shell login. If usernames on local and remote machine match you can omit the [i]user@[/i] part.<br />
<br />
=== VPN, tunneling ===<br />
Please see howto [http://www.undeadly.org/cgi?action=article&sid=20090903183235 Tunneling out of corporate networks (Part 1)].<br />
<br />
[[Category:Users]]<br />
[[Category:Connectivity]]<br />
<br />
[[Category:Power users]]</div>94.193.104.142