meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
howto:security [2022/06/17 03:03]
boud warning on usbguard - modem firmware update incompatibility - discussion today at https://app.element.io/#/room/#pinephone_modem_sdk-issue-9:matrix.org
howto:security [2022/06/20 14:29] (current)
wibble Trying to remove ambiguity about ssh setup after at least one user got confused
Line 14: Line 14:
   sudo apt install openssh-server   sudo apt install openssh-server
  
-If you don't have already have a private/​public key pair, you want to first generate one.+If you don't have already have a private/​public key pair on the device you want to access the phone from (say your desktop or laptop), you want to first generate one. Assuming you're using linux or something similarly unix-compatible:​
  
   ssh-keygen -t ed25519   ssh-keygen -t ed25519
  
-You should probably secure your key with a password. Now copy your public key to the device+You should probably secure your key with a password. Now copy your public key to the phone. Again assuming linux or similar, and that the phone is accessible using the name ''​mobian''​ on your local network:
  
   ssh-copy-id mobian@mobian   ssh-copy-id mobian@mobian
  
-Now you can log in via SSH. Search for ''​PasswordAuthentication''​ in ''/​etc/​ssh/​sshd_config''​ +Check the man pages for the commands if you want to know more about the options. If you are using PuTTY then the process will be somewhat different. 
-and change it to ''​PasswordAuthentication no''​.+ 
 +You should now be able to log in via SSH using the key rather than the password for the user on the phone. If you specified a password for the key you will be asked for that password.  
 + 
 +Once you know login works with the key you can change the sshd configuration on the phone to disable access using the phone user's password, and optionally change the port it listens on. Search for ''​PasswordAuthentication''​ in ''/​etc/​ssh/​sshd_config''​ and change it to ''​PasswordAuthentication no''​.
  
 Or run this command: Or run this command:
Line 32: Line 35:
   sudo sed -i "​s/#​Port 22/Port 45673/" ​ /​etc/​ssh/​sshd_config   sudo sed -i "​s/#​Port 22/Port 45673/" ​ /​etc/​ssh/​sshd_config
  
 +Change ''​45673''​ to any port that isn't already being used. Note that you will have to specify this port when connecting to the phone via ssh in future, usually with the ''​-p''​ option.
  
-Finally restart the sshd:+Finally ​on the phone restart the sshd so that it will use the settings you just changed:
  
   sudo systemctl restart sshd   sudo systemctl restart sshd