PINE64
How to enable SSH on UBPorts Ubuntu Touch? - Printable Version

+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone (https://forum.pine64.org/forumdisplay.php?fid=120)
+--- Forum: PinePhone Software (https://forum.pine64.org/forumdisplay.php?fid=121)
+---- Forum: UBPorts on PinePhone (https://forum.pine64.org/forumdisplay.php?fid=125)
+---- Thread: How to enable SSH on UBPorts Ubuntu Touch? (/showthread.php?tid=9862)

Pages: 1 2


How to enable SSH on UBPorts Ubuntu Touch? - eaglecup - 05-15-2020

This might seem like a beginners question - which it is. How do I get acces to the pinephone from my laptop?

With the Ubuntu-Phosh image I managed to get this to work easily, just like on a Raspberry Pi. But it's lacking the camera drivers I'm trying to acces (I'd like to work with the camera in python)
With the latest PostmarketOS image I don't even see how I can open a shell on the phone itself.
With Ubuntu Touch I can access a shell, but the normal `apt-get install openssh-server`doesn't do it.

I read somewhere that there is a change in how the new UBPorts images handle SSH in the first place, in order to improve security. But I can't find how to enable it anywhere.


RE: How to enable SSH on UBPorts Ubuntu Touch? - tgv34 - 05-16-2020

Hello,
Usualy it is enough to edit /etc/ssh/sshd_config to allow access then start the service with

sudo service ssh start

May be you ca find more on

https://askubuntu.com/questions/348714/how-can-i-access-my-ubuntu-phone-over-ssh/599041#599041


RE: How to enable SSH on UBPorts Ubuntu Touch? - PinetopPerkins - 05-16-2020

(05-16-2020, 09:37 AM)tgv34 Wrote: Hello,
Usualy it is enough to edit /etc/ssh/sshd_config to allow access then start the service with

sudo service ssh start

May be you ca find more on

https://askubuntu.com/questions/348714/how-can-i-access-my-ubuntu-phone-over-ssh/599041#599041

it still doesn't allow access.  You need the public key from your computer on the Pinephone. The instructions you mention are for Ubuntu Touch on Android phones.  We have a Pinephone, so....

How do we get the public key onto the Pinephone?  Anybody????


RE: How to enable SSH on UBPorts Ubuntu Touch? - noonker - 05-16-2020

(05-16-2020, 02:32 PM)PinetopPerkins Wrote:
(05-16-2020, 09:37 AM)tgv34 Wrote: Hello,
Usualy it is enough to edit /etc/ssh/sshd_config to allow access then start the service with

sudo service ssh start

May be you ca find more on

https://askubuntu.com/questions/348714/how-can-i-access-my-ubuntu-phone-over-ssh/599041#599041

it still doesn't allow access.  You need the public key from your computer on the Pinephone. The instructions you mention are for Ubuntu Touch on Android phones.  We have a Pinephone, so....

How do we get the public key onto the Pinephone?  Anybody????

There's a couple of ways you could do it. I generated a key on my pinephone with
Code:
ssh-keygen && mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys
 
Then copied the private key to my local nextcloud instance using the web browser.

You could also generate the key on your desktop then start a simple http server. Once that's running you could just go to your desktops IP and grab the public key.

Code:
python3 -m http.server --bind 0.0.0.0



RE: How to enable SSH on UBPorts Ubuntu Touch? - eaglecup - 05-17-2020

Thanks everyone! I'm going to try this out.


RE: How to enable SSH on UBPorts Ubuntu Touch? - tgv34 - 05-17-2020

Hello eaglecup,
I just transferred files from my computer to my pinephone successfully and rather easily.
I installed wifitransfer app from openstore on pinephone and filezilla on the computer.
Using Quickconnect on filezilla : host=pinephone IP user=ubuntu password and port are given by wifitransfer details when turned on


RE: How to enable SSH on UBPorts Ubuntu Touch? - Oleffa - 05-18-2020

Another option if you have ssh set up on your computer, just execute this on your pinephone to copy the private key to your pinephones .ssh directory:
Code:
scp user@computer:/home/user/.ssh/id_rsa.pub ~/.ssh/authorized_keys



RE: How to enable SSH on UBPorts Ubuntu Touch? - kugiigi - 05-20-2020

Actually, there's no need to generate a private key on the pinephone if you only intend to connect to it instead from connect from it.
The authorized_keys file is enough to allow your desktop to connect to UT pinephone. You can even share this file between devices you want to connect to.

WifiTransfer is indeed convenient way of transferring files from and to the PinePhone since there's no MTP yet at the moment.


RE: How to enable SSH on UBPorts Ubuntu Touch? - eaglecup - 05-20-2020

I've been trying the things mentioned in this thread, but haven't been succesful.

- /etc/ssh/sshd_config cannot be edited, the file system is read only. "It is required for for saving/loading search history or cursor position".
Should I made it read-write? But I keep reading that that's a big no-no?

- sudo service ssh enable
I thought I might set SSH to always run, but that didn't work.

- sudo service ssh start
This seems to do something. I get "ssh start/running, process 8977". But when I tried to connect to the phone I just get "operation timed out".

- "Actually, there's no need to generate a private key on the pinephone if you only intend to connect to it instead from connect from it.
The authorized_keys file is enough".
I tried creating a file called /home/phablet/.shh/authorized_keys, but that had no effect.

- Connect with Wifitransfer.
This never worked for me. I set all the parameters (the app is very clear and seems useful), but Filezilla just times out?


Could someone perhaps share a quick step-by-step beginner friendly guide?
Can I get SSH to just always be enabled?
- What command should I run on my mac to generate keys?
- And then in what directory on the phone should I place them? I suspect its ˜/.shh ?
- Do I then reboot?
- Could there be a firewall blocking things?

And while I'm at it: is there a way to send the CTRL key in the phone's terminal? Without it using Nano is quite difficult.


RE: How to enable SSH on UBPorts Ubuntu Touch? - afigegoznaet - 05-21-2020

Ssh doesn't work on my pinephone if the root directory is readonly, so, I guess, it's necessary to remount it in rw mode.
I don't need the extra-secure mode, so I prefer to ssh with username password.
This is what I ended up with in the /etc/ssh folder using trial and error method:
ssh_config:
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
SendEnv LANG LC_*
HashKnownHosts yes
# GSSAPIAuthentication yes
# GSSAPIDelegateCredentials no

////////////////////ssh_config ends above

sshd_config:

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
#PermitRootLogin prohibit-password
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords yes

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication yes

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

////////////////////sshd_config ends above

You can edit/copy the files over by mounting the mmcblk*p09 partition while the OS is not booted, e. g. when the SD card is in your laptop, or when you boot from the SD card and mount the eMMC in while booted from the SD card.

Also, I found it more convenient to use ssh after reinstalling it (remount required):
sudo apt purge openssh-server
sudo apt install openssh-server

For CTRL key, check the actions available when you press the icon with three short parallel lines in the terminal, it's on the panel at the bottom of the terminal (and on top of the keyboard when it's active).
Cheers!

P. S. this will only work until the next reboot or ro mount, you will need to remount & restart ssh every time. I would recommend you to write an alias in your /etc/bash.bashrc file to save you some typing.