Passwordless SSH login?
gamegotmatt
Newbie
Posts: 5
#1
2011-02-01, 11:56
Is it possible to enable passwordless ssh logins in AppleTV, iPhone and iPad? I already have it configured on my macs, but I don't know where to put my authorised_keys file on my ios devices and I don't know how to configure openssh on them or if it is even necessary. This would be pretty awesome combined with rsync. Thanks for looking!
Find
Reply
Muuh
Junior Member
Posts: 29
#2
2011-02-01, 14:54
/var/root/.ssh/authorized_keys
Find
Reply
vicbitter
Donor
Posts: 253
#3
2011-02-01, 20:31
I know, I know that this reduces "security" on your AppleTV2 but hey there is always a balance between security and ease of use... In my case, the AppleTV2 is used as a XBMC client only and holds no sensitive information...

Note: This assumes that you’re using a linux box as your main XBMC client

Follow the steps in the following article:
http://kramfs.com/more-on-ssh-passwordle...sadsa-key/

You need to substitute [email protected] to root@ip address of your appletv2

Also, the ssh-copy-id syntax wasn't quite right (it needed the -i) on my XBMCLive machine so I used the following instead:

ssh-copy-id -i ~/.ssh/id_rsa.pub root@ip address of your appletv2

Now you can log in to your AppleTV2 without prompting for a password Laugh

This allows you to setup a cron job to rsync "Thumbnails" between your main XBMC machine and your AppleTV2 Big Grin
Find
Reply
gamegotmatt
Newbie
Posts: 5
#4
2011-02-01, 22:39
Thanks! Got it working.
Find
Reply
PlayMoney
Newbie
Posts: 2
#5
2011-02-02, 00:50
vicbitter Wrote:I know, I know that this reduces "security" on your AppleTV2

Actually, key-based logins are substantially more secure than password-based logins. Just keep in mind that it's a good idea to use a passphrase to protect your private key on the computer you're logging in from. Especially if that computer is a Windows machine (though it's still a pretty good idea on any platform).

I recommend checking out the concept of an SSH Agent (such as PAgeant for Windows). This is a process that will hold your private key in memory so that you only need to type in your passphrase once each time you log into your computer. That way, you can have a secure key AND not be hindered by having to type in a password every time you want to log into your ATV2 (or any other machines you SSH into).
Find
Reply
darkscout
Posting Freak
Posts: 2,145
#6
2011-02-02, 01:17
PlayMoney Wrote:Actually, key-based logins are substantially more secure than password-based logins. Just keep in mind that it's a good idea to use a passphrase to protect your private key on the computer you're logging in from. Especially if that computer is a Windows machine (though it's still a pretty good idea on any platform).

I recommend checking out the concept of an SSH Agent (such as PAgeant for Windows). This is a process that will hold your private key in memory so that you only need to type in your passphrase once each time you log into your computer. That way, you can have a secure key AND not be hindered by having to type in a password every time you want to log into your ATV2 (or any other machines you SSH into).


Yeah, what he said. Most people with hard core security actually disable password logins and go to keys only.
Code:
GRANT ALL PRIVILEGES ON `xbmc_%`.* TO 'xbmc'@'%';
IF you have a mysql problem, find one of the 4 dozen threads already open.
Find
Reply
vicbitter
Donor
Posts: 253
#7
2011-02-02, 12:50
PlayMoney Wrote:Actually, key-based logins are substantially more secure than password-based logins. Just keep in mind that it's a good idea to use a passphrase to protect your private key on the computer you're logging in from. Especially if that computer is a Windows machine (though it's still a pretty good idea on any platform).

I recommend checking out the concept of an SSH Agent (such as PAgeant for Windows). This is a process that will hold your private key in memory so that you only need to type in your passphrase once each time you log into your computer. That way, you can have a secure key AND not be hindered by having to type in a password every time you want to log into your ATV2 (or any other machines you SSH into).

I wasn't referring to "key-based logins" as reducing security but the article I referenced as reducing security.... In the article it states "Note: Just press “enter” for every question for truly passwordless login"... ie. No passphrase is being used to protect the private key...

Another point to mention is that a lot of people who are using XBMC on Linux are using a XBMCLive (or variant) installation which is stripped down and automatically logs the xbmc user in and launches XBMC so having SSH Agent prompt for a password becomes cumbersome... Also, in my particular case I don't have a keyboard only a remote so it becomes even harder to enter a password so SSH Agent is not an option...

Again I was going for ease of use, not security in this particular instance...
Find
Reply
jd2157
Fan
Posts: 641
#8
2011-02-02, 23:56
vicbitter Wrote:Again I was going for ease of use, not security in this particular instance...

To take the ease of use idea a step further, you can define an alias in your ~/.profile to cd into the directory where the logs and XBMC are:
alias atv='ssh -t [email protected] "cd /private/var/mobile/Library/Preferences; bash --login"'
Find
Reply

Home
Search
Help
Logout Mark Read Team Forum Stats Members Help
Passwordless SSH login?0