Passwordless Access

In order for programs like Amarok to connect to your iPhone via SSH without asking for a password, you can set up key based logins. You can skip this step if you're happy mounting it manually from a terminal, typing your password each time.

  1. Make a private and a public key. We'll specify a different identity than the default, so it won't conflict with any existing keys you have. Run the following command in a terminal:
    • $ ssh-keygen -t rsa -f ~/.ssh/iphone_identity -N ""
      This will create a directory called .ssh in your home directory, and place three files in there: iphone_identity, iphone_identity.pub, and known_hosts. iphone_identy is your private keyfile, and iphone_identity.pub is your public one. You want your device to have the public key so you can authenticate towards it with your private one.
  2. Install your public key to the device. If it asks if you want to accept the untrusted device as a trusted host, do so.
    • $ ssh-copy-id -i ~/.ssh/iphone_identity.pub root@<device ip>
  3. Log into your iPhone again.
    • $ ssh root@<device ip>
      If it at this point asks for your password, that means the server installed on the device has not yet been configured to accept keys as a method of authorization. Ergo, you are not using "Ste's OpenSSH package", which will be mentioned later in this wiki. For the time being, the default password for 1.1.0 phones is 'dottie', and 'alpine' for 1.1.1 and 1.1.2 phones.
  4. Change the password. This is important for security. You will eventually be logging in via your key anyway, but make it something you'll remember.
    • $ passwd
      • NOTE: On firmware 1.1.3, BSD Subsystem maintainers highly recommend against using the "passwd" command until a stability bug is fixed. Until then, you can use this command, and replace the output password hashes for the users 'root' and 'mobile' in /etc/master.passwd on your device.
      • $ perl -e 'print crypt("yourpasswordhere", "/s");'


The following steps do NOT apply to Ste's OpenSSH package, which is probably the most common one now. In order to get passwordless login working with Ste's package, rename your ~/.ssh/authorized_keys file on your device to ~/.ssh/authorized_keys2 and proceed straight to adjusting the permissions as described below ("if all else fails"). Full instructions can be found here: http://blog.psmxy.org/pkg-info/openssh/

If you are not using said package on your device, follow these instructions to enable the public key authorization method.

  1. Edit /etc/sshd_config (/etc/ssh/sshd_config on iPhone OS 3.0):
    • $ pico /etc/sshd_config
  2. Scroll down to the segment beginning with '#RSAAuthentication', and set it up as follows:
    • RSAAuthentication yes
      PubkeyAuthentication yes
      AuthorizedKeysFile .ssh/authorized_keys
      Remove any commenting hashmarks (#) prepended to the beginning of these three lines.
  3. Hit Ctrl+X to exit, and save your changes.
  4. At this point you should be finished. Reboot your device.
    • $ reboot
  5. Give it some time to start up, then try logging back in. This time, it should automatically authenticate using your private key.
    • $ ssh -i ~/.ssh/iphone_identity root@<device ip>
  6. To make the process even simpler, add these lines to your ~/.ssh/config file on your computer.
    • Host iphone
        HostName <device ip>
        User root
        IdentityFile ~/.ssh/iphone_identity
    Now you should be able to login with this simple command:
    $ ssh iphone

If all else fails

If you're still asked for a password:

  • Check your local ~/.ssh/iphone_identity.pub file and compare it with the ~/.ssh/authenticated_keys file on your device. Does any entry match? If not, try the ssh-copy-id command again. Alternatively, just copy the contents of your iphone_identity.pub file and paste it on a line of its own in authenticated_keys. Entries must be one line only.

  • Did you properly input and save the changes to /etc/sshd_conf?
  • Did you reboot the device after changing /etc/sshd_conf?
  • If you used a tool other than ssh-copy-id, check the permissions for your SSH files. If you type the following command, it should look like this:
    # ls -al ~/.ssh
    total 4
    drwxr-xr-x 2 root wheel 102 Nov 21 04:25 .
    drwxr-xr-x 6 root wheel 306 Nov 20 00:02 ..
    -rw-r--r-- 1 root wheel 395 Nov 20 03:01 authorized_keys
  • Try resetting the permissions on the iPod or iPhone's SSH files manually:
    chmod 755 /var/root
    chmod 700 /var/root/.ssh
    chmod 644 /var/root/.ssh/authorized_keys
  • For more debugging, you can get verbose output from ssh:
    $ ssh -vvv iphone
  • You can also turn on syslog on the device to have it log any error messages that the SSH server might output.
    $ ssh iphone
    Password:
    $ echo "*.* /var/log/syslog" > /etc/syslog.conf
    $ killall syslogd
    $ /usr/sbin/syslogd -bsd_out 1
    $ tail -f /var/log/syslog

iphone passwordless access (last edited 2010-04-15 03:08:00 by brianherman)