meta data for this page
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
howto:security [2022/06/17 03:03] boud warning on usbguard - modem firmware update incompatibility - discussion today at https://app.element.io/#/room/#pinephone_modem_sdk-issue-9:matrix.org |
howto:security [2022/06/20 14:29] (current) wibble Trying to remove ambiguity about ssh setup after at least one user got confused |
||
|---|---|---|---|
| Line 14: | Line 14: | ||
| sudo apt install openssh-server | sudo apt install openssh-server | ||
| - | If you don't have already have a private/public key pair, you want to first generate one. | + | If you don't have already have a private/public key pair on the device you want to access the phone from (say your desktop or laptop), you want to first generate one. Assuming you're using linux or something similarly unix-compatible: |
| ssh-keygen -t ed25519 | ssh-keygen -t ed25519 | ||
| - | You should probably secure your key with a password. Now copy your public key to the device | + | You should probably secure your key with a password. Now copy your public key to the phone. Again assuming linux or similar, and that the phone is accessible using the name ''mobian'' on your local network: |
| ssh-copy-id mobian@mobian | ssh-copy-id mobian@mobian | ||
| - | Now you can log in via SSH. Search for ''PasswordAuthentication'' in ''/etc/ssh/sshd_config'' | + | Check the man pages for the commands if you want to know more about the options. If you are using PuTTY then the process will be somewhat different. |
| - | and change it to ''PasswordAuthentication no''. | + | |
| + | You should now be able to log in via SSH using the key rather than the password for the user on the phone. If you specified a password for the key you will be asked for that password. | ||
| + | |||
| + | Once you know login works with the key you can change the sshd configuration on the phone to disable access using the phone user's password, and optionally change the port it listens on. Search for ''PasswordAuthentication'' in ''/etc/ssh/sshd_config'' and change it to ''PasswordAuthentication no''. | ||
| Or run this command: | Or run this command: | ||
| Line 32: | Line 35: | ||
| sudo sed -i "s/#Port 22/Port 45673/" /etc/ssh/sshd_config | sudo sed -i "s/#Port 22/Port 45673/" /etc/ssh/sshd_config | ||
| + | Change ''45673'' to any port that isn't already being used. Note that you will have to specify this port when connecting to the phone via ssh in future, usually with the ''-p'' option. | ||
| - | Finally restart the sshd: | + | Finally on the phone restart the sshd so that it will use the settings you just changed: |
| sudo systemctl restart sshd | sudo systemctl restart sshd | ||