Here is a post by Leho Kraav on his website to Enable ssh [email protected] with public key authentication:
With aegis watching over us like a true eye in the sky, getting N950 to let you ssh in as unprivileged user with public key authentication took a bit of effort. Sure, you couldssh [email protected] and then su – user, but doesn’t the sane world do it the other way around?
Anyway, get your authorized_keys file on the device as root with sftp, or manually typing it. No, just sftp it, dude. Now aegis won’t let root see ~user/.ssh and also won’t let user see /root/.ssh contents.
# cp /root/.ssh/authorized_keys /tmp # chmod 644 /tmp/authorized_keys # su - user $ cp /tmp/authorized_keys .ssh $ exit
At this point ssh [email protected] still shouldn’t be letting you in, because apparently the account is locked by default. syslogd doesn’t by default log sshd stuff, so if you want to see this for yourself do this as root:
# echo "auth.* -/var/log/secure.log" >> /etc/syslog.conf # stop syslogd # start syslogd # tail -f /var/log/syslog /var/log/secure.log
Now try ssh [email protected], this is what you should see:
==> secure.log <== Jul 25 01:09:11 RM680 sshd: User user not allowed because account is locked Jul 25 01:09:11 RM680 sshd: Failed none for invalid user user from 192.168.1.111 port 354 83 ssh2
Solution is to unlock the account.
EDIT Originally I thought usermod -U user would do the trick. It turns out it doesn't work out so well. aegis-loader (and possibly other parts) started puking when doingdpkg -i etc.
/home/developer $ dpkg -i conboy_0_0_1_armel.deb aegis-loader: Failed parsing '/etc/passwd ...HANGING FOREVER
After a bunch of folks on #harmattan helped me get to the bottom of this, mgedim pointed out passwd seemed to work for him:
# passwd -u user
I have no idea what usermod and passwd are doing different aegis-wise. Hints welcome!
Source leho kraav