Application:OpenSSH

Introduction

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on.

Please refer to the OpenSSH Home Page and read the OpenSSH Manual Pages before using this package.

There are two ways to generate the keys below. The PC one assumes you have a user account name and password to gain access with putty I assume it is not possible to complete the steps for that method without setting up a user account. I find the webOS method to be much easier to follow. And I imagine if you are new to linux and accessing linux on webOS then you will find the webOS method is the one you will want to follow. I also recommend the webOS method if you have trouble following the PC method or find it too wordy.

Generate Keys from Windows PC Method

If you are connecting to your webOS device from a Windows host computer, please read the Secure Linux/UNIX access with PuTTY and OpenSSH Tech Tip and follow those instructions for generating your SSH keys. For the section "Install public key on Linux system", you will need to put the "Public Key for pasting into OpenSSH authorized_keys file" into a /home/root/.ssh/authorized_keys file.

Optware installs openssh under /opt, so you should replace any references to /bin, /sbin, and /etc in the OpenSSH documentation with /opt/bin, /opt/sbin and /opt/etc respectively.

Setting up ExpanDrive (SftpDrive)

Note: This requires access to the device's file system by any means.

• Open ExpanDrive
• Click "New drive..."
• Type a name into the "Drive Name" box.
• Type in the IP address of the device in the "Server" box.
• Type "root" into the "Username" box.
• Choose "Use a public key to log in..." from the "Authentication" drop-down.
• Click "Create New Key Pair"
• Choose "RSA (ssh-rsa)" from the "Key type" drop-down.
• Click "Create Key Pairs".
• Click "Ok".
• Click "Export current Key Pair"
• Click both "Export Private Key" and "Export Public Key" and save the files somewhere (remember where you saved them) and click "Ok".
• Open the .pub file you saved in the previous step using a plain text editor.
• Copy the contents of the entire file and paste it into "/var/home/root/.ssh/authorized_keys" (on the device) on the next line and save it.
• Go back to ExpanDrive and click "Ok" on the still open "Public Key Authentication Properties" dialog.
• Choose "Show the entire server" from the "Directory" drop-down.
• Click "Connect" to connect and save the configuration.
• After the connection process is complete, a new Explorer window will open and you will be in the "%DriveLetter%:\var\home\root" directory.

Generate Keys from webOS Method

Launch Preware and install Terminal if you haven't previously installed it. It will be used to create your secure SSH keys for use with OpenSSH directly on your webOS device. Once Terminal is installed launch it and follow these steps:

To go to the root directory type:

cd /

Then type:

/opt/bin/ssh-keygen

to create the private and public keys. After a short time (about a minute) accept the default filename by pressing Enter at the prompt. Enter a passphrase for your private key file. You will use this passphrase later, so remember it. After the key file is generated type:

mv /home/root/.ssh/id_rsa.pub /home/root/.ssh/authorized_keys

to move the public key to become the /home/root/.ssh/authorized_keys file.

Now the secret key needs to be transferred to the PC you want to access linux on webOS from. First copy the secret key to the area accessible from drive mode. To do this, type:

cp /home/root/.ssh/id_rsa /media/internal/id_rsa

We are all done using Terminal so you can close it by tossing it off the top of the screen like you would for any other application. Next you need to connect your device to the PC with the USB cable and tap drive mode. Once drive mode is active open the drive letter for the device on your PC (ex. "PALM PRE (E:)"). Copy the "id_rsa" file to your PC somewhere you will remember it's location (ex. to the desktop).

Using the key with PuTTY

If you have the webOS SDK installed you will already have PuTTY (in \SDK\bin\ of the folder the SDK was installed in). If you don't have the webOS SDK installed you can install it to get PuTTY or you can download PuTTY. You will also need PuTTYgen. If you will be using winSCP you already have it (in start menu>winSCP>key tools) or download it from the same site as PuTTY. If this is your first time using PuTTY to access linux on webOS or wish to verify the configuration is correct please follow these steps:

• Open PuTTY.
• Enter the IP address assigned to your webOS device (ex. 192.168.1.100).
• Enter 22 for the port number.
• Select the radio button for SSH
• Select the Data section under Connection on the left.
• Enter root for the auto-login username.
• Select the Auth section under SSH under Connection on the left.
• Leave PuTTY open here and follow these steps:
  • Open PuTTYgen.
  • Select the conversions menu.
  • Select import key.
  • Choose the id_rsa file you copied to the PC from your device and click open.
  • Enter the passphrase you entered during key generation and click ok.
    • You will see all sorts of information in the window at this point.
  • Click the save private key button.
  • Enter a name for it (no need to type the ppk extension) and save it somewhere you will remember it's location.
  • Close PuTTYgen and go back to PuTTY where we left off.
• Click the Browse button for private key file.
• Select the ppk file you made with PuTTYgen and click open.
• Select Session on the left.
• Enter a name in the Saved Session box and click the save button.
  • This will allow you to load the settings for future use.
• Make sure your device's wifi is on.
  • You can install nodoze to keep wifi on if need be.
• Click open in PuTTY to connect.

If everything is configured correctly you should see the following in the terminal window on your pc:

Using username "root".
Authenticating with public key "imported-openssh-key"
Passphrase for key "imported-openssh-key":

• Enter the passphrase you created during key generation.

You should now see:

root@palm-webos-device:/var/home/root#

Congratulations you now have access to linux on your webOS device. You may now begin using the command prompt to work with anything you need or want to use the command prompt for. There is all sorts of stuff you can use it for so if you haven't already check out the rest of the webos-internals site for a number of things you can do. You may also want to setup winSCP for a explorer like windows interface to access and work with files etc as well.

Using the key with winSCP

• Open winSCP.
• Enter the IP address assigned to your webOS device (ex. 192.168.1.100) in the host name box.
• Enter 22 for the port number.
• Enter root in the user name box.
• Leave winSCP open and follow these steps:
  • Open PuTTYgen (startmenu>winSCP>key tools).
  • Select the conversions menu.
  • Select import key.
  • Choose the id_rsa file you copied to the PC from your device and click open.
  • Enter the passphrase you entered during key generation and click ok.
    • You will see all sorts of information in the window at this point.
  • Click the save private key button.
  • Enter a name for it (no need to type the ppk extension) and save it somewhere you will remember it's location.
  • Close PuTTYgen and go back to winSCP where we left off.
• Click the "..." button for the private key file box.
• Select the ppk file you made with PuTTYgen and click open.
• Click the save button and enter a name and click ok.
  • This will allow you to load the settings for future use.
• You should now be seeing the stored sessions list with the session you just saved.
• Make sure your device's wifi is on.
  • You can install nodoze to keep wifi on if need be.
• Select the session you saved and click the login button.
• Enter the passphrase you created during key generation.

If everything is configured correctly you should see a window with a list of folders similar to explorer. Congratulations you now have access to linux on your webOS device. You may now begin working with files on the device. You can do stuff like copy, delete, etc file like in windows. You can also edit files. Certain actions will require read write mode (mount -o remount,rw / entered at the command prompt in PuTTY or terminal, mount -o remount,ro / to go back to read only mode).

Using the key with SSH in Terminal

Put your private key file in the standard location ~/.ssh/id_rsa on the machine you are using to connect to the Pre or you can inform ssh by using the -i switch as follow:

user@host:~$ ssh -i /path/to/private/key remoteuser@remotehost

Enabling non-root Password logins via SSH using the command line

Access the command line on your Pre via Terminal, SSH, or Novaterm.

Type the following at the root prompt to allow write access to your / disk:

mount -o remount,rw /

Edit the mobi.optware.openssh file in the /etc/event.d/ directory. Find the exec line and change

PasswordAuthentication no"

to

"PasswordAuthentication yes"

The line should now look like this:

exec /opt/sbin/sshd -D -p 22 -o "PasswordAuthentication yes" -o "PermitRootLogin without-password"

Save and exit with ZZ or :wq, then restart the openssh service as follows:

stop mobi.optware.openssh
start mobi.optware.openssh

Once you are finished make sure you make your / disk read-only again (this is the default):

mount -o remount,ro /

Do not change anything else. Now if you've created a username for yourself and set a password, you'll be able to log in with a password. After every Palm WebOS upgrade, you'll need to recreate any accounts other than root with adduser <account>, which will then prompt you to set a password.

Warning: It is strongly suggested that you set up another ssh key for any additional users instead of using the password authentication method. Just follow the steps above.