NSLU2-Linux
view · edit · print · history

This howto covers the setup and usage of the OpenSSH secure shell for remote command line access for MacUsers?

OpenSSH is a fully featured daemon which also requires the OpenSSL libraries. It is more sophisticated than DropBear and has more advanced features such as agent forwarding. It may also get around some of the multiple user problems that people experienced with DropBear.

I have a Mac OS 10.4 machine which I want to be able to use from work (behind a number of firewalls) to access the slug on my home broadband network. So what do I need to do?

Install SSH daemon On Unslung

  1. Unsling your slug - see Unslung
  2. Install the OpenSSH package which gives you your SSH daemon. You can do this by executing the following via telnet.

    # ipkg update
    # ipkg install openssh
  3. Reboot and check OpenSSH is running.

    # ps -ef

    And look for a line something like the following:

    1735 root 3208 R /opt/sbin/sshd

OK so it's running. What the heck do you do now? If you already know ssh then you can stop at this point because SSH is installed and working. If you want to perform additional configuration then read on.
(Note: You can stop dropbear now and free some memory, just do the following steps: Goto /etc/rc3.d and delete de S10dropbear link. Note, this will not remove Dropbear from your Slug, but only won't start it for run level 3.)

Configure SSH Server With Public Key

For this example, we will be working to authorize the 'root' user to use SSH.

  1. First of all telnet into the SLUG as the user we want to authorise (e.g. root)

    Since this setting does not persist after slug reboots, don't forget to authorize this by going to

    http://(slug IP address)/Management/telnet.cgi.
  2. Look in your telnet session and see if it came up with a message stating that the home directory could not be found.

    If you see this message, you need to create one and ensure that the permissions are correct. Permissions are very important, since OpenSSH checks them very carefully before allowing logins authenticated by keys.

    # mkdir /root
    # chmod a+rx /root
    # chmod og-w /root

    This should result in a folder which everyone can read but no-one but the owner (i.e. root) can write. Check this by:

    # ls -l /

    And look for a line which looks like the following (noting the dwrxw-xw-x particularly)

    drwxr-xr-x 1 root root 0 Jan 30 16:21 root
  3. Change to the home directory:

    # cd ~/
  4. Now create the hidden directory for the SSH settings

    # mkdir /root/.ssh
    # cd /root/.ssh

Install and Configure SSH Client

  1. You need to get an SSH client for your Mac OS X Terminal box.

    I use the Terminal.
  2. Now we need to generate some keys.

    * So run the terminal
    *

    As usually, open a terminal window and type the following command
    followed by Enter

ssh-keygen -b 1024 -t dsa
It will create a DSA key.
ssh-keygen ask you where to record generated keys.
Validate simply by Enter to install them at default place
where some SSH elements can find them.
ssh displays then its code result.
<your name station>:~ <nameuser>$ ssh-keygen -b 1024 -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/~ <nameuser>/.ssh/id_dsa):\\

# Copy the '''public key''' (similar to the "ssh-rsa" string above) to the folder shown by default (type Return).

Enter passphrase (empty for no passphrase): Enter same passphrase again:


Make this password reasonably long (>8 characters), easy to remember, and significant to you but not to anyone else. This is especially true if you plan to make the NSLU2 visible on the Internet.

ssh-keygen -b 1024 -t rsa1
It will create a RSA key.
ssh-keygen ask you where to record generated keys.
Validate simply by Enter to install them at default place
where some SSH elements can find them.


Update: The above used command "ssh-keygen -b 1024 -t rsa1" will generate a rsa1 key. If you need a rsa2 key use "ssh-keygen -b 1024 -t rsa" (mhomscheidt, 26. May 2006)

ssh displays then its code result.
<your name station>:~ <nameuser>$ ssh-keygen -b 1024 -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/~ <nameuser>/.ssh/id_dsa):\\

# Copy the '''public key''' (similar to the "ssh-rsa" string above) to the folder shown by default (type Return).

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Make this password reasonably long (>8 characters), easy to remember, and significant to you but not to anyone else.
This is especially true if you plan to make the NSLU2 visible on the Internet.

# Copy the '''public key''' to the NSLU2
ssh-keygen record two keys generated on your computer.
However, in order NSLU2 can to be able to use,
you must transfer public key to the place where
it can to be able to find automatically and to use it.
In that purpose, we use scp, a command who uses SSH.
in spite a simple syntax,this command is able to do secure file transferts easily.
In fact, just using scp, you will open a secure connection, will do file transfert by this way,
and close it, the whole of it in once.
To copy files, use the following command in a Terminal window :
scp ~/.ssh/id_dsa.pub root@nslu2_ip_address:~/.ssh/authorized_keys
scp ~/.ssh/id_rsa.pub root@nslu2_ip_address:~/.ssh/authorized_keys

Using SSH to manage NSLU2 from a Terminal Window

Type ssh root@nslu2_ip_adress
<Name Station>:~ <username>$ ssh root@xxx.xxx.x.xx
Enter passphrase for key '/<username>/.ssh/id_dsa':

Welcome to Unslung V2.3R63-uNSLUng-6.8-beta

   ---------- NOTE: THIS SYSTEM IS CURRENTLY UNSLUNG ----------

BusyBox? v0.60.4 (2005.03.22-06:52+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands.

#

view · edit · print · history · Last edited by mhomscheidt.
Originally by Pierre LASSALLE.
Page last modified on May 26, 2006, at 04:11 AM