(old)Puppy Linux Discussion Forum

Hello,

enclosed are two openssh packages. The client (including ssh-agent _AND_ ssh-add) and the server packages.

The server depends on the installed client.

openssh-server will create RSA1, (for protocol1) RSA and DSA host-keys if needed and starts the sshd directly via the control-script /etc/rc.d/rc.sshd. There is also a symbolic link from /etc/init.d to start sshd after bootup.

compiled on nop-400 with devx_400.sfs. Should work on dingo.

Deinstallation will leave /etc/ssh/ssh_host.* keyfiles, cause the hostkey never changes.

Feedback would be appreciated. Works for me.

regards Sven

sshd works fine.

I clicked on the download link for the client and installed using petget. Then I clicked on the download link for the server and intalled using petget. Finally, I opened a console window and ran:

/etc/rc.d/rc.sshd start

That's all it took to install and run a SSH deamon on my Puppy 4.2

Now I access my Puppy remotely from my Debian laptop, simply by opening a console window in Debian and typing

ssh puppypc

Thanks for your good work, Sven !

Anyone know how to :
using ssh via script without password?

I want to restart my thin client remotely using ssh

Tx

Is there anything up to date yet?

thank you so much. it's verry good

Thanks Sven, I've just installed the sshd server and it works dandy in Precise 5.7.1, with one exception. X11 forwarding (using graphical applications over SSH) doesn't work out of the box even though all relevant options are correctly set.

I had installed xauth 1.0.6-1 from the Ubuntu Precise repositories, but sshd still complained about missing xauth. Inspired by this lifesaving post, I looked into sshd: Apparently sshd expects xauth in /usr/X11R7/bin/. As suggested in the post, I symlinked the existing /usr/bin/xauth to /usr/X11R7/bin/xauth: Lo and behold, X11 forwarding now works just great.

In a second attempt and after some tweaking, I seem to have succeeded in getting the sshd server from the Ubuntu repositories up and running.

1. Install the ssh_5.9p1 metapackage from the Ubuntu Precise Main repository. openssh-server_5.9p1 which is a part of the above metapackage might be sufficient too.
2. Proceed as described here to get rid of the Privilege separation user sshd does not exist error.
3. Comment out UsePAM yes in /etc/sshd.config (or else get the PAM configuration right, I didn't bother trying for now).
4. If you want the server daemon to run on startup, comment out 3 lines below # The init.d script is only for chroots in /etc/init.d/ssh.
5. Enjoy.

Disclaimer: The above are just quick hacks by a Linux beginner. There might be better ways of going about it (if you know of one, let me know).

Just thought this might be useful:

SSH lets you login to other people computers (remote server) from your own (local client) PC, if you and they are running SSH. You login as one of the users on the remote system, giving the username and remote URL in the ssh command:
SSH will ask you for the password of the user on that system, when you attempt to login.

However, SSH has its own, better way of authenticating your login - called 'SSH key pairs' or 'SSH keys'.

They're better than just giving the user login details of the user on the remote machine. Why? More secure - SSH keys come in two flavours, DSA and RSA - the RSA keys are even more secure.

Why more convenient? Well, when working with git or logging in & out of a server frequently for any reason, you don't want to give a password every time!

After adding your public SSH key to a server, you can run a simple command on your local PC, so that you no longer need to provide your login details, until you logout (or close your terminal emulator window!).

Don't worry..

It's not that complicated - don't be fooled by long winded blogs about it (like I was).

Summary steps (details follow after):

1. Create an SSH key ( this makes 2 files, a private 'id_rsa' and a public 'id_rsa.pub' )

2. Add the public key to the file ~/.ssh/authorized_keys on the server.

3. Add your key to SSH-agent (on your local system).

4. Then, login to remote system using SSH, it will ask for your SSH key.

It's so simple to setup SSH keys, and I can boil down the heaps of stuff I had to read into a few simple commands:


Details of how to make it work:

1.: on CLIENT (your local PC), set up the RSA keys, choose a 'passphrase' for your key:
2.: Then, on the CLIENT, add your key to authorized list (stored on the server):
3.: Then login to SERVER from CLIENT, via ssh, give passphrase created in step 1 when asked:
4.: then logout again, and on CLIENT, start ssh-agent and add your SSH key to the session:
Then, re-login to server, as in step 3, give your key, logout, re-login, and finally, you should be able to login via SSH without giving the users password, or your passphrase.
Done.

To test further, I then created new user on my server, to try it all again, logging into a different *nix user on the server.

I added my SSH key to the new users ~/.ssh/authorized_keys file, but it wouldn't work! I had to enter the users passsword, not my SSH passphrase, each time.

I tried other users on the server... same problem..

It was a permission thing...

For any user on my server not allowing login using SSH keys, I could fix it by logging in as that user on the server using ssh, then run these commands:


..as it was my server, i could do the su root thing.

Lastly, logout and, on the CLIENT, do the following to login using your SSH key:

Also useful, maybe:

Here is a good post about shortening commands typed into SSH and Git, using the SSH config file: https://coderwall.com/p/vznqwq

You might want to, and sometimes might need to, create shorter or different URLs than the ones you want to SSH into.

For example, maybe the server you want to login to, is something like this:

longuser@this.domain-is-too-long.com:1234

So the ssh command is (at least):
You don't want to type that all the time, or maybe Git is telling you the URL is malformed, cos of the custom SSH port..

So, in your ~/.ssh/config file, you can put:
Then, to login through ssh, you need only type:
Another example, from the post above, with Github.com:

SSH URL:
So, I add an ~/.ssh/config entry like this:
Now the Git command is much shorter than before:

Also, see here for stuff about X11 forwarding, and x2x, which lets you take control of the servers keyboard/mouse: http://murga-linux.com/puppy/viewtopic.php?t=88675

Great writeup, many thanks sc0ttman! I was going to look into using keys instead of passwords, and you have made it a lot easier for me. One command that hasn't worked for me was the one in Step 2: I had to replace it with this: (-p port number is only required if connecting to a different port than the standard 22)
The reason is explained here, the gist being that scp does not read data from stdin.
The shortening stuff and the potential permissions problems are good to know about, too, thanks! I take it from your description that bringing in ssh-agent to avoid entering the pass phrase on every login is probably more trouble than it's worth for occasional use (e.g. for remote control). In scenarios with frequent logins that's obviously different.

Endre wrote:Great writeup, many thanks sc0ttman! I was going to look into using keys instead of passwords, and you have made it a lot easier for me. One command that hasn't worked for me was the one in Step 2:

Code: Select all

cat ~/.ssh/id_rsa.pub | scp user@host_ip 'cat - >> ~/.ssh/authorized_keys'

I had to replace it with this:

Code: Select all

cat ~/.ssh/id_rsa.pub | ssh -p <port number> <username>@<host_ip> 'cat - >> ~/.ssh/authorized_keys'

You're welcome.. And whoops! Yep, you're right, well spotted.. I will update the post. Thanks.

I should note also, once you added your key to the server, it won't ever need to be done again... In order to re-enable the auto login after reboot, you would only need to run step 4 again, then login over ssh..