... | @@ -115,7 +115,7 @@ That will show you your IMSI, among other pieces of information. |
... | @@ -115,7 +115,7 @@ That will show you your IMSI, among other pieces of information. |
|
|
|
|
|
## Tutorials
|
|
## Tutorials
|
|
|
|
|
|
* Secure Shell (ssh)
|
|
* ***Secure Shell (`ssh`)***
|
|
_Note that using the L5's passcode to log in remotely is relatively weak security. See related tutorials for better authentication solutions._
|
|
_Note that using the L5's passcode to log in remotely is relatively weak security. See related tutorials for better authentication solutions._
|
|
|
|
|
|
SECURE SHELL
|
|
SECURE SHELL
|
... | @@ -176,7 +176,7 @@ In the settings panel of the L5, under `Sharing`, you should now see that Remote |
... | @@ -176,7 +176,7 @@ In the settings panel of the L5, under `Sharing`, you should now see that Remote |
|
|
|
|
|
To exit `ssh`, use the command `exit` in the terminal.
|
|
To exit `ssh`, use the command `exit` in the terminal.
|
|
|
|
|
|
* SECURE COPY (scp)
|
|
* SECURE COPY (`scp`)
|
|
|
|
|
|
Copying files and folders remotely between devices on your network
|
|
Copying files and folders remotely between devices on your network
|
|
|
|
|
... | @@ -214,11 +214,11 @@ TIP: Although you perform `scp` without logging in to the other device with `ssh |
... | @@ -214,11 +214,11 @@ TIP: Although you perform `scp` without logging in to the other device with `ssh |
|
|
|
|
|
(Related discussion on this topic can be found in the community forum: https://forums.puri.sm/t/tutorial-using-ssh-and-scp/13080)
|
|
(Related discussion on this topic can be found in the community forum: https://forums.puri.sm/t/tutorial-using-ssh-and-scp/13080)
|
|
|
|
|
|
* Enhancing Security for Secure Shell (ssh)
|
|
* ***Enhancing Security for Secure Shell (`ssh`)***
|
|
|
|
|
|
Relying on the L5's passcode when using `ssh` for remote access provides relatively weak security. See below for more secure options.
|
|
Relying on the L5's passcode when using `ssh` for remote access provides relatively weak security. See below for more secure options.
|
|
|
|
|
|
* Option 1: Use private/public key-pair authentication, and disable password-based authentication for remote login.
|
|
* ***Option 1:*** Use private/public key-pair authentication, and disable password-based authentication for remote login.
|
|
|
|
|
|
These instructions will also work with a Unix/Linux-based server, or the Pinephone.
|
|
These instructions will also work with a Unix/Linux-based server, or the Pinephone.
|
|
|
|
|
... | @@ -227,7 +227,7 @@ Enable ssh access to your Librem 5. (See related tutorial.) |
... | @@ -227,7 +227,7 @@ Enable ssh access to your Librem 5. (See related tutorial.) |
|
|
|
|
|
On computer, generate the public/private RSA keys.
|
|
On computer, generate the public/private RSA keys.
|
|
|
|
|
|
Open a Terminal session your computer and type the following command:
|
|
Open a Terminal session on your computer and type the following command:
|
|
|
|
|
|
`ssh-keygen -t rsa`
|
|
`ssh-keygen -t rsa`
|
|
OR
|
|
OR
|
... | @@ -240,7 +240,7 @@ Enter file in which to save the key (/home/{YOUR_ID}/.ssh/id_rsa): |
... | @@ -240,7 +240,7 @@ Enter file in which to save the key (/home/{YOUR_ID}/.ssh/id_rsa): |
|
Your identification has been saved in /home/{YOUR_ID}/.ssh/id_rsa.
|
|
Your identification has been saved in /home/{YOUR_ID}/.ssh/id_rsa.
|
|
Your public key has been saved in /home/{YOUR_ID}/.ssh/id_rsa.pub.
|
|
Your public key has been saved in /home/{YOUR_ID}/.ssh/id_rsa.pub.
|
|
|
|
|
|
On computer copy the contents of the id_rsa.pub key onto the Librem 5. The following command will log into your Librem 5, and configure the keys to grant access via the authorized_keys file.
|
|
On computer, copy the contents of the id_rsa.pub key onto the Librem 5. The following command will log into your Librem 5, and configure the keys to grant access via the authorized_keys file.
|
|
|
|
|
|
`ssh-copy-id -i ~/.ssh/id_rsa.pub purism@host`
|
|
`ssh-copy-id -i ~/.ssh/id_rsa.pub purism@host`
|
|
|
|
|
... | @@ -282,9 +282,9 @@ To test that password-based authentication is actually disabled, from computer, |
... | @@ -282,9 +282,9 @@ To test that password-based authentication is actually disabled, from computer, |
|
`ssh otherid@host`
|
|
`ssh otherid@host`
|
|
|
|
|
|
You should get the following error:
|
|
You should get the following error:
|
|
`otherid@host: Permission denied (publickey)`.
|
|
`otherid@host: Permission denied (publickey)`
|
|
|
|
|
|
That’s it. You have successfully disabled password based authentication in `ssh`.
|
|
You have now successfully disabled password based authentication in `ssh`.
|
|
|
|
|
|
(Related discussion on this topic can be found in the community forum: https://forums.puri.sm/t/tutorial-enable-key-based-authentication-via-ssh-on-your-librem-5/13137)
|
|
(Related discussion on this topic can be found in the community forum: https://forums.puri.sm/t/tutorial-enable-key-based-authentication-via-ssh-on-your-librem-5/13137)
|
|
|
|
|
... | | ... | |