 |
 |
 |
|
 |
|
|
|
|
|
|
|
|
SSH will allow you to get a remote terminal on your eeepc, it also can be used as another way to transfer files remotely with scp and can be used to forward X11 allowing you to run a GUI application from the eeepc remotely from another system.
Firstly you need to add either Xandros or Debian repositories.
Then you need to install the ssh server:
sudo apt-get install openssh-server
Next you want to start the sshd server, this will happen automatically at boot but you can save a reboot by doing it manually:
sudo /etc/init.d/ssh
If ssh does not start automatically at boot time, just create the file /etc/fastservices with the command:
sudo nano /etc/fastservices
and just add 1 line with the single word “ssh”, save & close the file.
You can also let the ssh daemon be run from inetd. It takes less memory (and you can run other services from the inetd daemon, without any continuous memory impact). On the other hand, connecting will take longer (not noticeable) and if you really run out of RAM, you might not connect at all (but that's true with ssh running as permanent daemon as well). This is great, if you connect to your EEE just from time to time.
First, add the repositories and install the ssh server, as described above.
Then, start the ssh server once, to create the /var/run/sshd directory:
sudo /etc/init.d/ssh start
(ideally, we should write a script that does it at the boot time… maybe later)
and stop it:
sudo /etc/init.d/ssh stop
openbsd-inetd should be installed, but just in case:
sudo apt-get install openbsd-inetd
Create the file /etc/fastservices with the command:
sudo nano /etc/fastservices
and just add 1 line with the single word “openbsd-inetd”, save & close the file.
Make sure there is not a ssh line in /etc/fastinit!
Edit /etc/inetd.conf:
sudo nano /etc/inetd.conf
and to the end of the file add this line:
ssh stream tcp nowait root.root /usr/sbin/sshd sshd -i
Run the inetd (or reboot):
/etc/init.d/openbsd-inetd start
Now you should be able to ssh into your eeepc, most Linux distributions will come with a ssh client accessible from the terminal:
ssh user@hostname
You can try connection from the laptop to itself if you are encountering problems with “localhost” as the hostname.
People connecting from Windows can use putty (You just need putty.exe).
SSH can use many different methods to authenticate users. If you follow the steps on this page you will be logging in with just your username and password, most people do not keep their usernames very private. This means that an attacker trying to gain access to your system only has to find one piece of information to get control of your computer. With a default installation this can be done by brute force, trying a, aa, aaa … b, bb, bbb, … etc. The more an attacker knows about the person, the easier it is to guess their password. Lower case dictionary words as passwords, numbers and birthdays are so easy to crack that you might as well not have a password at all.
You can avoid this easy route into your machine by using public key authentication. You make a key, give it a passphrase and make sure that only key authentication is allowed.
Get a terminal up (CTRL-ALT-T) and type
ssh-keygen -t rsa -b 2048 -C "SSH Key for my EEE"
This will create a key for you and ask for a passphrase to go with it. You don't need a passphrase, but if you lose control of that key it will grant access to your machine for whoever has it. If you want to use a passphrase, make it a sentence like
This is the key to my EEE 4G, and I don't want anyone else to use it
Obviously, don't use that. Notice the CAPS, the punctuation, and the spaces. The longer the better, but remember that you will have to type it every time you want to log in to your machine. A sentence that is fairly easy to remember for you will still be hard for a computer to work out.
Once you have made your key it will be stored (by default) in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. There are two parts to the key, id_rsa is private and should never be given, shown, mailed, accessed by anyone other than you. Copy it to an SD card and keep it in your pocket. If you lose the key or someone copies it, make another by following these instructions again. The other part is the public part. You can share that with others if they want to give you SSH access to their computers.
For this system to work the SSH authorisation routine needs the public part on the server, the client needs the private part and if you set a passphrase the client needs that to be typed in during the connection too.
Now to tell your computer that you're allowed to use that key.
cd ~/.ssh cat id_rsa.pub >> authorized_keys chmod 600 authorized_keys
Using “cat” to read the public part of the key and then directing the output to “authorized_keys with ”»” is a good habit to get into. This will not overwrite the file like “cp” (copy) will, and means that if you are adding someone else's key to the list, yours won't be overwritten; you won't lose SSH access to your computer by accident.
You're almost there, but at the moment SSH will still fall back to password access if public key fails. For security you should turn this fallback behaviour off.
sudo nano /etc/ssh/sshd_config
These parts need to be changed:
If some of these are already set, or are missing you can just change or add them.
The last thing to do is to make sure that the SSH server notices the changes you have made to the “sshd_config” file by restarting it:
sudo /etc/init.d/ssh restart
Now you can try
ssh localhost
you should be asked to “Enter passphrase for key '/home/user/.ssh/id_rsa':”.
If you have any problems, you can type
man ssh man ssh-keygen
for some help. Other than that Google Is Your Friend.
http://en.wikipedia.org/wiki/SSH - Wikipedia's article about SSH.
http://www.chiark.greenend.org.uk/~sgtatham/putty/ - PuTTY, a Windows SSH client.
http://en.wikipedia.org/wiki/PuTTY - Wikipedia's article about PuTTY.
