N950 tip: enable ssh user@n950 with public key authentication
EDIT This continues to work just fine with 39-5 for me.
EDIT Seems to also work on the fresh 34-2 firmware without issues.
With aegis watching over us like a true eye in the sky, getting N950 to let you ssh in as unprivileged user with public key authentication took a bit of effort. Sure, you could ssh root@n950 and then su – user, but doesn’t the sane world do it the other way around?
Anyway, get your authorized_keys file on the device as root with sftp, or manually typing it. No, just sftp it, dude. Now aegis won’t let root see ~user/.ssh and also won’t let user see /root/.ssh contents.
# cp /root/.ssh/authorized_keys /tmp # chmod 644 /tmp/authorized_keys # su - user $ cp /tmp/authorized_keys .ssh $ exit
At this point ssh user@n950 still shouldn’t be letting you in, because apparently the account is locked by default. syslogd doesn’t by default log sshd stuff, so if you want to see this for yourself do this as root:
# echo "auth.* -/var/log/secure.log" >> /etc/syslog.conf # stop syslogd # start syslogd # tail -f /var/log/syslog /var/log/secure.log
Now try ssh user@n950, this is what you should see:
==> secure.log <== Jul 25 01:09:11 RM680 sshd: User user not allowed because account is locked Jul 25 01:09:11 RM680 sshd: Failed none for invalid user user from 192.168.1.111 port 354 83 ssh2
Solution is to unlock the account.
EDIT Originally I thought usermod -U user would do the trick. It turns out it doesn't work out so well. aegis-loader (and possibly other parts) started puking when doing dpkg -i etc.
/home/developer $ dpkg -i conboy_0_0_1_armel.deb aegis-loader: Failed parsing '/etc/passwd ...hanging forever
After a bunch of folks on #harmattan helped me get to the bottom of this, mgedim pointed out passwd seemed to work for him:
# passwd -u user
I have no idea what usermod and passwd are doing different aegis-wise. Hints welcome!