Hello Guest, if you are reading this it means you have not registered yet. Please take a second, Click here to register, and in a few simple steps you will be able to enjoy our community and use our OpenViX support section.
Results 1 to 5 of 5

Thread: Guide: Setting up SSH with public/private keys

  1. #1

    Title
    ViX Beta Tester
    Join Date
    Jun 2014
    Location
    UK
    Posts
    642
    Thanks
    157
    Thanked 318 Times in 173 Posts

    Guide: Setting up SSH with public/private keys

    Following is a pretty complex guide to setup SSH on your E2 box with public/private keys.
    If you try this and get stuck at any point, let me know and I'll correct the below/try to help where I can.

    This is not for the feint hearted and needs a bit of Linux skills/understanding. If you attempt this without understanding what you're doing, then I definitely recommend a full image backup on USB so you can restore should you get anything wrong or lock yourself out of the box.


    1. Download putty (including puttygen) if you've not already got this
    2. Using puttygen, press 'Generate' to create an SSH2 key pair, move the mouse as instructed, and for added security, add a key passphrase.
    3. Save the public key
    4. Save the private key (you might want to take the opportunity to export it to the openssh and ssh.com formats here!
    5. Make sure you backup your private key and that it remains private - this will grant you access to your E2 box so you won't want to lose it!
    6. Connect onto your E2 box with telnet and run the following commands
      1. Install Nano (use of VI is beyond a lot of people )
        Code:
        opkg install nano
      2. Create the authorized_keys file
        Code:
        cd ~
        mkdir .ssh
        cd .ssh
        touch authorized_keys
        nano authorized_keys
      3. Paste in the key from the paste area of putty gen. It'll start with ssh-rsa and end with rsa-key-DATE
      4. Press Ctrl+X to quit and save the file
      5. Change the permissions using the following command
        Code:
        chmod 0600 authorized_keys

    7. Now create a new connection to your E2 box in putty, but this time pick SSH (Not Telnet), and in the auth section point to your private key file. The remember to save the session.
    8. connect using SSH and your private key and you should be prompted for your private key password (which can be different from the actual user password!)
    9. Assuming this connects, then you'll want to remove password authentication via SSH and only allow certificate based authentication. To do this in your SSH session you just connected with, run the following commands
      1. Code:
        nano /etc/default/dropbear
      2. add -s to the extra arguments, e.g.
        Code:
        DROPBEAR_EXTRA_ARGS="-s -B"
      3. Press Ctrl+X and save
      4. Restart dropbear
        Code:
        /etc/init.d/dropbear restart

    10. Test your connection again - the connect with the private key should work. If you try to connect without the private key you'll get an error message.


    Now we can take this a step further to allow secured external access
    1. Forward a port in your router to the E2 box on port 22, but don't use 22 as the external port, use something such as 10100, 10101, 10102, 41001, 41002, etc, just make sure it's not a common port and something above 9999 but within the allowed range.
    2. Once the forward is in place, you should now be able to SSH into your box externally by setting up an SSH connection with the private key on the external IP address/port. You'll need an dyn dns name or alternative if you haven't got a fixed ip to ensure you can always reach home. You might also want to configure the keepalives (under connection in putty) as if you're not using the SSH client directly (i.e. you're only using forwarded ports (next step!) it will disconnect you after a time period without these in place.
    3. SSH has a concept of forwarding ports through its connection, therefore you can setup port forward in the SSH client to port 80, 8001 and 8002 forwarding to localhost:80, localhost:8001 and localhost:8002.
    4. Once you've forwarded ports, as long as you are connected via SSH, you can open up a browser on the machine where you've connected from, go to http://localhost/ and you'll get to openwebif and can stream/transcode so long as you forward all the relevant ports over SSH.
    5. Finally if you want to do this from a mobile, in android look at ConnectBot which is an SSH client with port forwarding. You can configure this to connect and forward the ports, then allowing you to use whatever streaming app you want to - you just connect to 'localhost' as you're connecting to ports forwarded via SSH, not to the external address


    Note - only forward the SSH port in the router (and never use the default SSH port - 22 as the external port!). Do not forward 80,23,8001,8002 or any other port otherwise its only a matter of time before you will be hacked
    Last edited by abu baniaz; 15-07-15 at 00:41. Reason: User request 2

  2. The Following 14 Users Say Thank You to pembo For This Useful Post:

    + Show/Hide list of the thanked

    2stein (13-10-15),abu baniaz (12-07-15),Alankellyeire (14-05-17),ArowonA (12-07-15),Bangord30 (26-06-16),cwebb66 (16-07-15),khan888 (15-07-15),markitos (19-03-18),Marshy33 (02-07-16),Sicilian (13-07-15),simono5 (02-09-16),snootyfox (15-10-15),Weissbier (14-05-16),Willo3092 (01-01-19)

  3. #2

    Title
    Senior Member
    Join Date
    Jun 2015
    Posts
    238
    Thanks
    53
    Thanked 90 Times in 64 Posts
    thanks for the instructions, but don't you mean port 22 rather than 23?

  4. The Following User Says Thank You to ArowonA For This Useful Post:

    pembo (12-07-15)

  5. #3

    Title
    ViX Beta Tester
    Join Date
    Jun 2014
    Location
    UK
    Posts
    642
    Thanks
    157
    Thanked 318 Times in 173 Posts
    lol - yes

  6. The Following User Says Thank You to pembo For This Useful Post:

    abu baniaz (05-05-23)

  7. #4

    Title
    ViX Beta Tester
    Join Date
    Jun 2014
    Location
    UK
    Posts
    642
    Thanks
    157
    Thanked 318 Times in 173 Posts
    So, number 1 should say:


    1. Forward a port in your router to the E2 box on port 22, but don't use 22 as the external port, use something such as 10100, 10101, 10102, 41001, 41002, etc, just make sure it's not a common port and something above 9999 but within the allowed range.

    and the last note should say:

    Note - only forward the SSH port in the router (and never use the default SSH port - 22 as the external port!). Do not forward 80,23,8001,8002 or any other port otherwise its only a matter of time before you will be hacked

  8. The Following User Says Thank You to pembo For This Useful Post:

    Blu-ray (11-09-16)

  9. #5
    Sicilian's Avatar
    Title
    The Boss
    Join Date
    Mar 2010
    Posts
    29,645
    Thanks
    23,575
    Thanked 26,044 Times in 7,633 Posts
    nice guide, thank you, made a sticky
    D I S C L A I M E R

    My right to post information is protected under the rights for freedom act. In all instances, information discussed here on my posts are either hypothetical in nature, out of general curiosity, common knowledge, public knowledge, or role-play. Any use of the collective descriptions and shared knowledge from any of my posts are at the sole discretion of the reader. I am not responsible for what you do with it!

    Follow us on Twitter 0penViX
    Rules can be found
    HERE
    Support our sponsor World-Of-Satellite
    HERE
    GIGABLUE UHD QUAD 4K, VU+ DUO 4K SE, ZGEMMA H7S, VU+ UNO 4K SE
    Triax 1.1m Powered by TM2600, Fixed 28.2 Zone 2 dish with GT-SAT Unicable





  10. The Following User Says Thank You to Sicilian For This Useful Post:

    Clabs (13-07-15)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
This website uses cookies
We use cookies to store session information to facilitate remembering your login information, to allow you to save website preferences, to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners.