The bigger picture is: Out of the box, sshd is not going to be acceptable security for me. I have to do something. The tutorial needs to cover something, or multiple somethings. I’m not going to get all bent out of shape regardless of what the option(s) covered is/are, as long as the tutorial doesn’t encourage customers to set up their sshd with weak security.
Perhaps those advocating key-based auth will write up the needed config file changes and other commands for the benefit of the OP.
I suggest a new section under the Community Wiki for Tutorials and then this can be the first tutorial under that section. I wouldn’t link to this topic as it has already become messy and disjointed. In other words, use a topic in the forum to refine and discuss the content, and when you are happy with it, copy the content into a tutorial in the Wiki.
I use key-based auth both with my Pinephone and with a couple of servers I run. Below are a couple links that explain how to generate the keys, and how to make the config changes on your server (or Librem 5, or Pinephone).
From that page (the example is using an account called vivek). Please note that you are creating your keys on the machine you are using to remote into the server (or phone). So, run these commands on your laptop/desktop.
Copy the contents of the id_rsa.pub key (on your laptop) into the ~/.ssh/known_hosts file on the phone. The permissions on the known_hosts file should be 600. The permissions on the .ssh directory should be 700.
Once the contents of the id_rsa.pub key is copied into the known_hosts file, restart your phone (just to be sure), and then you can authenicate using ssh purism@192.168.1.xxx (whatever your ip address is), and you will not be prompted for a password.
To disable the password-based authentication, taken from this site (when it says login as root, that is just your Librem 5 id, run with sudo):
@leetaur, thanks for that. I think it would be helpful if you or someone could write a simple, concise guide (“1. On your computer…, 2. On your L5…, 3. etc.”) from start to finish, like I did with the original post…something that even a brand new Linux user could follow without confusion. I’d do it myself, but I’m not as competent as others here.
Things can even be simpler. On your Linux-based client, start nautilus (the file manager) hit ctrl-l or chose connect to server and use sftp://purism@182.168.x.x as address. There you can navigate through your phones file system and copy files as if they were local.
P.S. Similar things work on different DEs, file managers, and even in MacOS, I think.
P.P.S. sftp uses ssh, so you still need to enable the ssh server in your phone.
In did that for some time, but I had difficulties opening files remotely by applications. The applications could not write the files, even the user had the permissions and were able to override the file by file manager.
For me the solution was sshfs which is also easy as it can get.
If you prefer to do this from the shell, you can use gio mount ... to get the same result, and it may be easier to (semi-)automate from the shell, as distinct from a GUI.
Please see the Community Wiki for the new “Tutorials” section (https://source.puri.sm/Librem5/community-wiki/-/wikis/Tips-&-Tricks), and add to it if you have some useful tips. Above all, keep the language simple and don’t write elliptically…assume you’re instructing complete newbies. Thanks!
I was suggesting to create a new page i.e. a new Tutorial section within the Wiki, and then a new page within that section, rather than a new document section within the Tips and Tricks page.
Otherwise I think Tips and Tricks will end being thousands and thousands of lines long.
Tips and Tricks could perhaps intro and link to any tutorial that someone writes. So Tips and Tricks could explain what you can use SSH for and then link to the tutorial for how to set it up initially.
A new page with expandable individual tutorials would be better, I agree. If you know how to create that, please go ahead. Something like @amosbatto’s FAQ page would be nice.
It never gets to the nice point of connecting to the remote L5 device over WIFI.
Environment:
ssh server up and running on L5
ports open in ufw L5 firewall and accept incoming connections on (port 22)
public L5 IP used to connect on the client using client SSH (installed)
router firewall checked and does not block IP, public L5 IP can be pinged from client, client can be pinged using client public IP from L5 with no connectivity issues
Gnome sharing settings show “Remote Login=on” and “File Sharing=Enabled”
Error stated as above. (and i am just interested in getting the instructions to work as laid out here, no fancy keys other than the L5 user password that has to be entered on remote connection attempt)
From all of that, what is the secret to configuring (configuration file settings?) SSH on the L5 to work?
Besides my issues above isn’t it much safer to just use the USB cable and connect locally only over ethernet IP where no security precautions are needed since you can be assumed to be operating from a secure environment already?
I take it you’re trying to connect over the internet, as opposed to within your home wifi network?
Here’s what I based my tutorial on: https://www.makeuseof.com/tag/beginners-guide-setting-ssh-linux-testing-setup/
It lists some troubleshooting steps that may help.
Excerpt:
“The IP address you use should be the one suitable for the connection. So, if the device is on the same network as the client, use the local IP address. For connections across the internet, use the public IP address. If the computer is located on a different network, make sure that port 22 is forwarded to the computer.”
Though work is starting, so it will have to wait until this evening.