SSH configuration [new SFOS user]

General
#1

Hi all,

I’m a new SFOS user and I recently received C2.
I decided to use SFOS because it is based on Linux and I used it everywhere outside mobile.
I will probably have a lot of questions how to customised it and what is / isn’t allowed.

Let’s start with SSH server.
I can see there are systemd services related to SSH with enabled “dev settings”:

[root@JollaC2 ~]# systemctl list-units | grep ssh
  sshd@0-192.168.2.15:22-192.168.2.9:56178.service                                                            loaded active running   OpenSSH per-connection server daemon (192.168.2.9:56178)                                          
  system-sshd.slice                                                                                           loaded active active    system-sshd.slice                                                                                 
  sshd.socket                                                                                                 loaded active listening OpenSSH Server Socket

My question is if I could manually adjust the main SSHD configuration file /etc/ssh/sshd_config.
I would like to allow SSH connections only with SSH key authentication.
My concern is if this could somehow “conflict” with other apps/processes running on phone by default.

Thx.

#2

It will not. SSHD is part of the developer package and by default is not installed.

1 Like
#3

This seems to work so far:

  • Allow SSH public key for defaultuser:
[defaultuser@JollaC2 ~]$ mkdir .ssh
[defaultuser@JollaC2 ~]$ chmod 700 .ssh/
[defaultuser@JollaC2 ~]$ vim ~/.ssh/authorized_keys
[defaultuser@JollaC2 ~]$ chmod 600 ~/.ssh/authorized_keys
  • Added following options to /etc/ssh/sshd_config:
PermitRootLogin prohibit-password
PasswordAuthentication no

No password prompt for SSH session.

#4

You probaly already read about devel-su.

#5

Hi, Anything specific to be aware? Thx.

#6

No. You seem to be quite fluent in root mode anyway.

#7

Can confirm, that this works here also. IIRC, the socket is not accessible via WAN interface but via WIFI or USB/RNDIS …

1 Like