Results 1 to 10 of 10
  1.    #1  
    I have rooted and installed dropbear, and everything is working great. I'm pretty new to the whole concept of using SSH, so I have a question.

    From what I understand, it is possible to prevent brute force attacks against a an SSH server (in this case, the Pre) to determine the correct password by using a public and private key.

    I've done a little research on this but am confused how to implement this on the Pre. How do I generate public and private keys with dropbear, and use these keys with Putty on a windows machine to SSH with my Pre? Do I even need a password if I am using these keys?

    If someone would be willing to explain not only how to do it, but give a brief description also of what is actually going on, I'd appreciate it all the more. I'm here to learn, people!
  2.    #2  
    Just to make it more clear what I'm talking about, I am interested in learning how to implement method #2 found at this link (an article on making your SSH connections more secure):

    How to Secure SSH Server from Attacks
  3. RickNY's Avatar
    Posts
    254 Posts
    Global Posts
    319 Global Posts
    #3  
    Its pretty easy to do.. No, you do not need to use a password once you have keys set up -- in fact, once I have public key authentication set up on anything I have control of, I disable the ability to use password logins on the SSH server. I strongly suggest using a passphrase with your key -- without it, if someone gets a hold of your keyfile, they'll have free access to use it. On the page you linked to, in the section "Method 2: Using SSH Public/Private Key Authentication", at Step 3 -- enter a passphrase in the two fields puttygen provides. If you do not want to keep entering the passphrase in every time you use the key, you can use Pageant (inlcuded in the putty.zip), which is an authentication agent. You basically load your key the first time, enter the passphrase, and the agent will push through your key for you each time automatically without having to enter the passphrase a second time.

    For the instructions on that page, to modify it for Dropbear:

    1) Log into your Pre with Putty using your username. Make the filesystem read/write:
    Code:
    sudo mount -o remount,rw /
    2) Make sure you are in your home directory by typing pwd -- You should be in /var/home/(yourusername) -- if you are not, cd to it
    3) Type the following:
    Code:
    mkdir .ssh
    3) Follow that with
    Code:
    chmod 700 ~/.ssh
    4) Copy the public key from puttygen to your clipboard. In the program, on the window at the top, make sure all of the key is selected. If it isnt, you can right-click in the window and choose 'Select All'. Copy it to your clipboard with CTRL-C
    5) Go to your SSH session in Putty
    6) Enter the following:
    Code:
    vi ~/.ssh/authorized_keys
    7) Press 'i' to enter insert mode in vi
    8) You can right-click the mouse -- that should paste the contents of your public key to the vi window
    9) Once its pasted, press ESC in vi to return to command mode. Then:
    Code:
    :x
    to exit and save your file.
    10) Set the proper permissions on authorized_keys:
    Code:
    chmod 600 ~/.ssh/authorized_keys
    At this point, you should check to make sure it works. If you are using Puttygen and Putty, you'll want to go back to the same Puttygen session that has your key and save the key pair. Save both the public and private keys. The private key is what you will use in Putty, and is the file you'll need for the section titled 'Final Steps' in that page you found.

    Once you get public key auth working, its a good idea to then disable password authentication. To do this, you need to edit the optware-dropbear script in /etc/event.d:
    Code:
    sudo vi /etc/event.d/optware-dropbear
    Scroll down to the line that begins with exec /opt/sbin/dropbear -g -F -p 222 move the cursor to the first - after dropbear. Enter insert mode in vi by pressing i. Type -s and a space, then ESC to exit insert mode. Your line should now look like this:
    Code:
    exec /opt/sbin/dropbear -s -g -F -p 222
    Save your changes by making sure you are in command mode (hit ESC again just to make sure). Save your changes with :x

    Make the filesystem readonly again:
    Code:
    sudo mount -o remount,ro /
    Reboot your pre:
    Code:
    sudo -i
    reboot
    Check to make sure you can login with your key.. It should work.. The -s switch on the dropbear script disables password logins. Its important that you are certain the key authentication works before disabling password authentication.

    Sorry -- this was a quick writeup.. It may need some tweaking.
    Last edited by RickNY; 10/04/2009 at 12:35 AM. Reason: Corrected typo, added chmod for authorized_keys
  4.    #4  
    Thanks Rick this answer came much more quickly and detailed than I expected! I haven't done it yet but I'll be sure to thank and give you feed back when I do.

    I might be paranoid, but this seems like information that really ought to be on the Pre Dev Wiki- if thousands of people have used the Pre Dev Wiki to get password-enabled SSH working on their Pres, and enough of them follow the directions on enabling connecting via SSH over the EVDO connection, you could have a major security problem that could easily be avoided. I don't know a whole lot about this stuff, but it seems like it would be easy enough for a smarty pants hacker to sniff the sprintpcs range of ip addresses, find open port 222 (dead giveaway that a person used the Pre Dev to install SSH on their Pre, no?), and brute force their way into the thing. From there, it would be easy to steal all kinds of information, alter system files, backdoors, VIRUSES.... nightmare!

    This (or a strong password) seems like a good solution to stop that from happening.

    Thoughts from anyone who knows more about this stuff? I really am pretty clueless when it comes right to it.
  5.    #5  
    Rick, some quick corrections to the instructions above.

    This line didn't work as written:

    chmod 700 /.ssh
    I think it should read:

    chmod 700 .ssh

    That worked fine for me.

    Other than that, perfect! Thanks!
  6. RickNY's Avatar
    Posts
    254 Posts
    Global Posts
    319 Global Posts
    #6  
    Quote Originally Posted by Ricyteach View Post

    I think it should read:

    chmod 700 .ssh

    Actually was supposed to be

    Code:
    chmod 700 ~/.ssh
    I forgot the tilde.

    Also, I dont know how strict the checks are in Dropbear, but you should also do a:

    Code:
    chmod 600 ~/.ssh/authorized_keys
    Last edited by RickNY; 07/12/2009 at 11:10 PM.
  7. RickNY's Avatar
    Posts
    254 Posts
    Global Posts
    319 Global Posts
    #7  
    Quote Originally Posted by Ricyteach View Post
    I don't know a whole lot about this stuff, but it seems like it would be easy enough for a smarty pants hacker to sniff the sprintpcs range of ip addresses, find open port 222 (dead giveaway that a person used the Pre Dev to install SSH on their Pre, no?), and brute force their way into the thing.
    There's probably very little interest in doing such a thing.. They would have much more productive results scanning for real computers running SSH on its IANA assigned port of 22. Contrary to popular belief, most hacking attempts these days are attempts at finding machines that can be rooted to participate in botnets and not by smarty pants hackers looking to steal people's files. People's file usually are worth nothing. Well equipped botnets can make you some good coin.
  8. #8  
    This is exactly what I've been looking for. Worked great for both my Pres.

    dave
  9.    #9  
    yup been working great for mine ever since, too!
  10. #10  
    Hi

    I installed dropbear via optware. How do I actually start the daemon? I do not see it running in the "top"

    thanks

Posting Permissions