Wednesday, July 09, 2008

SSH -- let's take a look

I decided today to try out ssh.
I used this tutorial and it really is as easy as the guy says.
He does leave out one important point however. This is the fact that unless you get ssh-RSA key of the remote computer into your ~/.ssh/known_hosts file you'll have a little trouble.
Actually, the fact that it's not a lot of trouble in indicative of just how insecure ssh really is.
Here's what happened to me.
1. Did this on the Mac (Ubuntu)

sudo apt-get install openssh-server

2. Then opened up Foresight on the Dell and typed
ssh -X tasque

3. Get a message telling me what the RSA key is and that it couldn't be added to the known_hosts file. But then it asks do I want to go ahead anyway (hmmm......)
4. So, I typed 'yes' (note it doesn't accept just a return key; you have to type 'yes')
5. Then it came up showing I was linked to the other computer (hostname became IP of other computer). After providing the login password for the remote box, I was away. No problems.

However, it's a lot more tidy looking to get the ssh-RSA key to be written to the known_hosts file. This is just a permissions problem.
So, I opened the file in root Nautilus (open as sudo nautilus) and changed the own of the file to my user and the group to me.
Then I started up ssh again and this time it went straight to the password request.
After this I changed the owner and group of the known_hosts file back to root.

Then I tried
ssh -X /usr/bin/lastfm

and a Last.Fm dialog opened on the Dell. Once I typed in what I wanted to hear, music came out the Mac.
This is nice, particularly that you don't need to be in Ubuntu in both computers. I'll have to see between what OSes I can conveniently ssh.

Edit (10-07-08):
Later on I switched client computer to Ubuntu rather than Foresight and left the server (Mac) on Ubuntu.
Now when I tried to ssh into the Mac, I got an message saying "An application wants access to the private key 'id_rsa' but it locked.
As my usual password didn't work I was in trouble as that dialog just wouldn't go away unless I hit Dent which shut everything down.
Luckily I found this reference and the solution was to go into Gconf Editor and go to Apps>>Gnome-Keyring>>Daemon Components and uncheck the ssh box. Then reboot and no more Private Key dialog.
Interestingly, this time ~/.ssh/known_hosts was owned by me.

No comments:

Post a Comment