Key-based SSH authentication for root

[boxbox]

Hi, how can I use key-based SSH authentication for the root user? Rather than having to type the password, I'd like to be able to simply do 'ssh ro...@ip.of.the.device' and have it automatically put me into a root SSH session, after having copied my public key over to the DNS-323. Thanks for your advice.

[João Cardoso]

On Friday, June 14, 2013 12:30:23 AM UTC+1, boxbox wrote:

Hi, how can I use key-based SSH authentication for the root user? Rather than having to type the password, I'd like to be able to simply do 'ssh ro...@ip.of.the.device' and have it automatically put me into a root SSH session, after having copied my public key over to the DNS-323. Thanks for your advice.

Put the keys under /root/... but *first*, to make the /root folder survive a reboot, you have to create it under /Alt-F (*after* installing any Alt-F package)

aufs.sh -n
mkdir /Alt-F/root
aufs.sh -r

From now on, every file or directory that you create under /root will also appear under /Alt-F/root (as long as its parent directory already exists under /Alt-F/root)

There are a few rules on how this works. The parent directory must exists, etc, read about aufs branches.

worked?

[boxbox]

Thanks, I've now read about aufs in https://code.google.com/p/alt-f/wiki/HowToFixOrCustomizeFirmware, but one thing isn't clear. If I want to make /Alt-F/root/ssh/authorized_keys file, can I do it all in one step? (You say parent directories must exist). For example is it safe to do:

aufs.sh -n
mkdir -p /Alt-F/root/ssh # Note the '-p' flag, creating both 'root' and 'ssh' directories at the same time
aufs.sh -r
mkdir /root/ssh # Is this step necessary?
# Now add /root/ssh/authorized_keys


Or do I need to do something like:

aufs.sh -n
mkdir /Alt-F/root
aufs.sh -

r
aufs.sh -n
mkdir /Alt-F/root/ssh
aufs.sh -r
mkdir /root/ssh # Create it in the main root filesystem
# Now add /root/ssh/authorized_keys

[boxbox]

Hi, I tried some different combinations of the commands above but it doesn't seem to be working. What might be the way you recommend to get /root/.ssh/authorized_keys file to be persistent even after a restart? I read the wiki but I'm still not so sure about it. Thanks.

[Federico Paolantoni]

I see you write about /root/.ssh but João wrote you to create a directory /Alt-f/root/ssh.

So i can imagine you should create a path like the dir under /Alt-f, correct?

However, i'm writing because i succesfully configured the access with key for root user, but i would do the same for other users.

Should i write another mail with another subject?

[João Cardoso]

On Monday, October 14, 2013 10:22:49 PM UTC+1, Federico Paolantoni wrote:

I see you write about /root/.ssh but João wrote you to create a directory /Alt-f/root/ssh.

So i can imagine you should create a path like the dir under /Alt-f, correct?

Yes (apart from the typo, it's /Alt-F, not /Alt-f, case matters)

However, i'm writing because i succesfully configured the access with key for root user, but i would do the same for other users.

There's no special needs for them, as their home folder is already on disk, just follow the standard method.

There are however two small details that might complicate things for those who use recipes without understanding them:

1-/home is a symlink to the folder you specify in the webUI when you first create an user (Setup->Users), thus '/home' points to  '/mnt/<whatever>/Users'

2-A user folder name uses the full user name, not the user nick name, as is customary in linux. Thus, if you create a user with full name 'Joe Doe' and nick name 'jdoe', its home folder will be '/home/Joe Doe' and not '/home/jdoe' (really '/mnt/<whatever>/Users/Joe Doe')

The difference for the root user, is that the root home folder exists only in memory, and its contents disappears after a reboot or power-down.

Thus, for the root user you need to create a /Alt-F/root folder, which exists on disk, making the folder contents permanent.

As for the Users home folder, '/Alt-F' points to the disk folder you specify when you install Alt-F packages for the first time (Packages->Alt-F). It is *not* enough to just create an /Alt-F folder, '/Alt-F' must be a symlink to '/mnt/<whatever>/Alt-F'.

The 'root' user doesn't need to have a real on-disk home folder. You can create a normal user that you use to login to the system, then use 'su' to become root.

Just a detail regarding the root home folder: if it exists as /Alt-F/root, you probably *might* have problems when trying a new Firmware (using the 'TryIt' button in one of the System->Firmware webUI pages). This is because the new firmware to be tried will be stored in /root, and when /Alt-F/root exists it will be in disk, which might make impossible to unmount the filesystem as part of the TryIt/reboot process.

Not sure if this is a real problem, never tried it.