the itjerk

my adventures with technology

Tag Archives: mac

ssh-keygen

There's a couple of reasons to use keys for ssh connectivity, but not entering a password has to be at the top of the list.

[EDIT: This first part was written for MAC OS X].
First, create a key pair with dsa encryption on your local machine: BTW, I didn't enter a passphrase because I don't want to enter one later when I connect. Make sure you have a secure console if you skip this option.

one:~ one$ ssh-keygen -t dsa
one:~ one$ ls .ssh
id_dsa      id_dsa.pub	        known_hosts

Copy the public key to the remote server you wish to connect to:

one:~ one$ scp .ssh/id_dsa.pub user@two:~
Password:
id_dsa.pub                                    100%  635     0.6KB/s   00:00  

ssh to the remote server, and move the key to the right place and fix permissions so only the user you logged in as can use it:

one:~ one$ ssh user@two
Password:
two:~ user$ mv id_dsa.pub .ssh/authorized_keys
two:~ user$ chmod 600 .ssh/authorized_keys 

if you have more than one key, then you need to cat them onto authorized_keys:

cat new_key.pub >> .ssh/authorized_keys

Now log in to the remote server and you won't be prompted for a password! It may also be a good idea to regenerate the keys after a period of time, especially if you don't use a passphrase.

[EDIT: This was revised for Ubuntu/Raspian] Create a key pair with rsa encryption on your local machine (this is the machine you will login FROM, e.g. one): BTW, I didn't enter a passphrase because I don't want to enter one later when I connect. Make sure you have a secure console if you skip this option.

one:~ one$ ssh-keygen -t rsa
one:~ one$ ls .ssh
id_rsa      id_rsa.pub	        known_hosts
one:~ one$ ssh-add
Identity added: /home/one/.ssh/id_rsa (/home/one/.ssh/id_rsa)

Copy the public key to the remote server you wish to connect TO, e.g. two:

one:~ one$ scp .ssh/id_rsa.pub user@machine_two:~
Password:
id_rsa.pub                                    100%  635     0.6KB/s   00:00  

ssh to the remote server, cat the key to the right location, and fix permissions so only the user you logged in as can use it:

one:~ one$ ssh user@machine_two
Password:
machine_two:~ user$ cat id_rsa.pub >> .ssh/authorized_keys
machine_two:~ user$ chmod 600 .ssh/authorized_keys
machine_two:~ user$ rm .id_rsa.pub

If you're using an encrypted home folder (as you very well should), you'll need a couple of extra steps to get everything to work.

First, create a folder /etc/ssh/<user name>, chown it to <user name> and give it 755 permissions. Next, copy the authorized_keys file to it, ensure <user name> owns it and give it 644 permissions. Then, add this line in your /etc/ssh/sshd_config file:

AuthorizedKeysFile /etc/ssh/%u/authorized_keys

Restart the ssh service and you should be good to go. Note that you will need to mount your encrypted home folder once you ssh in (ecryptfs-mount-private).

Advertisements

hackintosh

Remember that Dell Mini 9 that I bought earlier in the year. Check it out now:


How easy was this? Very. First, I purchased a Super Talent 16GB SSD drive to replace the paltry 4GB STEC that came with the Mini (you'll need about 8-10GB for the install). SuperBiiz/eWiz had it for $49.95 delivered, with coupon. It's a fast drive (this is the FEM16GFDL), much like the Runcore drives, but less inexpensive and in stock (ordered it Sunday, had it Friday).

Then, on a tip from the great resource of MyDellMini, I found a guide at Mechdrew that details the installation process. The step-by-step instructions show how to create a bootable flash drive from your Snow Leopard DVD ($29) on a Mac computer, and then install the OS on the netbook. The magic is two-fold: First, the Dell Mini 9 has extremely compatible hardware to OS X. Secondly, NetBookMaker, a GoogleCode project, adds the appropriate extensions to make it all work.

And work it does! Trackpad, wireless, camera, sound, battery meter, software updates (10.6.1), even sleep mode. But even more impressive is how responsive Snow Leopard is on the Mini – maybe this is the SSD too? So, however much I think Apple sucks, it's testament to the fact that OS X is Unix, and Unix is good.

On the web:
MechDrew guide
Netbook-Installer software