Secure Shell (ssh) and the PublicIP system

Why use ssh instead of telnet.

Aren’t they both the same thing?

Well – Yes and No!!!

SSH is a “form” of telnet BUT with a very big difference! SSH stands for “Secure Shell” which uses a strong form of encryption between the ssh client (runs on your computer) and the ssh server (which runs on the zonecd machine).

The PublicIP system has a sshd (Secure Shell deamon) program on the CD-Rom but it is not configured to startup by default.  There have been some people who ask “why” ssh is not configured to startup automatically in the ZoneCD machine.  Well – the answer is really quite simple!  If there were a default ssh startup script built into the ZoneCD machine which would start the ssh program automatically EVERY ZoneCD Machine would have the *SAME* username and password for the default login!!!  This is NOT a very secure manner of configuring a WiFi Portal system!

So – In order to configure and start the ssh program we need to construct an executable file that can be executed when the ZoneCD machine starts.

Luckly, the developer of the PublicIP system (Scott Tully) had the foresight to realize he could not think of all the possible things the PublicIP system might need to start running when it booted up so he built into the startup of the PublicIP a “hook” (actually two) that allowed “external” scripts to be executed during the bootup process!!!

One of the “hooks” looks for an executable file called “pre.sh” which executes near the beginning of the bootup process for the PublicIP system, the second “hook” looks for an executable file called “init.sh” which executes near the end of the bootup process!  the “hook” we are interested in for starting up the ssh program is the init.sh file.

The bootup process looks for these two “hook” executable files in the volatile storage device (floppy or USB thumb-drive or the ss-drive if you are using that device).  The actual filesystem path is /mnt/floppy/zonecd and the hook file must have the execute permissions set otherwise the file is ignored.

Now – you have a basic understanding of “how” we can “add” capabilities to the PublicIP system.  Here are the actual steps needed to setup ssh on the zonecd machine when the PublicIP system.

Using the GUI:

On the zonecd machine in the GUI open a terminal window.

(If you are using the NOX mode then just do the steps that are called out for the terminal window GUI version!):

Change the working directory to the location where the init.sh file is searched for by the bootup process:

cd /mnt/floppy/zonecd

Open a text editor to input the command lines in the file:

nano init.sh

Now – type the following in the text editor:

#!/bin/sh
#

# replace “zonecd” with your password choice

PASS=”zonecd”

echo “root:$PASS” > /tmp/passchpasswd < /tmp/pass

rm -f /tmp/pass

/etc/init.d/ssh start

# we are done here

 

Now – to save the file and exit the text editor perform the following:

ctrl-X and answer Yes to the questions.

to send a ctrl-x hold down the ctrl-key then press the x key …

We have one final thing to do in order for the system to execute the script file we just created – we need to set the permissions to allow the file to execute!

Type the following command:

chmod 400 init.sh

At this point you should have an executable file called init.sh in the /mnt/floppy/zonecd directory.

If you want to test what you have done without having to reboot the zonecd machine perform the following step:

/mnt/floppy/zonecd/init.sh

The init.sh script file should execute and start the sshd program.

 

A quick check to see if the program did indeed start execution is to perform the following command:

ps -ax | grep sshd

The ” | ” is called ‘pipe’ and is the virtical key on the keyboard – on a PC usually it is a shift-key such as shift-\ or one of the right-hand keys…

What you should see is something like:

704 ?        S      0:00 /usr/sbin/sshd

where the 704 is the process ID number, the S stands for “sleeping”, the 0:00 is the amount of cpu time expended by the program and the /usr/sbin/sshd is the actual program (and filesystem path) executing.

Don’t be concerned with anything other than the /usr/sbin/sshd as that shows the program is running!

If you do not see such a line then something is not correct – go back and double-check EVERYTHING to make sure you have it correct!

If you still have problems – jump on our forum and I am sure someone will lend a helping hand!

Once you are satisfied the sshd program is running it is time to see if you can actually log onto the zonecd machine using an ssh client.  The ssh client I use is the freely available Putty program.  You can obtain a free copy of the program here:

http://www.chiark.greenend.org.uk/~sgtatham/putty/

When you download the program just make a shortcut to your desktop that points directly at the putty.exe file.  There is nothing to install!

Check the documentation on the website as to how to use the program – even though it is free it has all sorts of capabilities!

There you have it – a method to start a secure command line interface to the zonecd machine!  A future article will discuss the use of the VNC remote control interface on a PublicIP machine and also how to configure the x-server system to run a remote X-Terminal session on the zonecd machine!

Gary McKinney

Leave a Reply

You must be logged in to post a comment.