N950 tip: enable ssh user@n950 with public key authentication

EDIT This continues to work just fine with 39-5 for me.
EDIT Seems to also work on the fresh 34-2 firmware without issues.

With aegis watching over us like a true eye in the sky, getting N950 to let you ssh in as unprivileged user with public key authentication took a bit of effort. Sure, you could ssh root@n950 and then su – user, but doesn’t the sane world do it the other way around?

Anyway, get your authorized_keys file on the device as root with sftp, or manually typing it. No, just sftp it, dude. Now aegis won’t let root see ~user/.ssh and also won’t let user see /root/.ssh contents.

# cp /root/.ssh/authorized_keys /tmp
# chmod 644 /tmp/authorized_keys
# su - user
$ cp /tmp/authorized_keys .ssh
$ exit

At this point ssh user@n950 still shouldn’t be letting you in, because apparently the account is locked by default. syslogd doesn’t by default log sshd stuff, so if you want to see this for yourself do this as root:

# echo "auth.* -/var/log/secure.log" >> /etc/syslog.conf
# stop syslogd
# start syslogd
# tail -f /var/log/syslog /var/log/secure.log

Now try ssh user@n950, this is what you should see:

==> secure.log <==
Jul 25 01:09:11 RM680 sshd[2838]: User user not allowed because account is locked
Jul 25 01:09:11 RM680 sshd[2838]: Failed none for invalid user user from port 354
83 ssh2

Solution is to unlock the account.

EDIT Originally I thought usermod -U user would do the trick. It turns out it doesn't work out so well. aegis-loader (and possibly other parts) started puking when doing dpkg -i etc.

/home/developer $ dpkg -i conboy_0_0_1_armel.deb                               
aegis-loader: Failed parsing '/etc/passwd
...hanging forever

After a bunch of folks on #harmattan helped me get to the bottom of this, mgedim pointed out passwd seemed to work for him:

# passwd -u user

I have no idea what usermod and passwd are doing different aegis-wise. Hints welcome!