SSH Keys

[ljurgs]

Hi,

I was wondering if it was at all possible to link /.ssh to /system/sdcard somehow? I would like to use authorized_keys but obviously the root filesystem is read-only and dropbear expects to find the list of keys at ~/.ssh. It doesn't appear to accept any command line options to override this.

Thanks

[EliasKotlyar]

I dont see any possibility to mount ".ssh" to this location. However i can try to compile a new dropbear-version, which will change the the keys location from ".ssh" to "/system/sdcard".

[ljurgs]

Thanks, it's not really a big deal, I was just interested in locking down access via ssh so I could tunnel into it since I don't have any other low power devices like this on my home network.

Just out of interest is it possible to unpack the contents of the rootfs with unsquashfs, add a symlink like /.ssh -> /system/sdcard and then repack and reflash or would that invalidate the checksum on the loader somehow?

Thank you so much for sharing all your work on this device with the world. My dafang was effectively a brick before I found this repo.

[EliasKotlyar]

@ljurgs : Yes, you can do it this way using the following guide:
https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks/blob/master/hacks/firmware/create_hacked_firmware.sh

(Basically this creates a new firmware)

[mattzuba]

You can try something like mount --bind /.ssh /system/sdcard/ssh and then store your keys in the sdcard's ssh directory (that you'll need to create). No need to repack and reflash any firmware, and bind mounts work even on RO filesystems. If that works for you, just modify run.sh to do the bind mount at boot up.

Edit: Just realized this probably won't work because the /.ssh directory doesn't already exist. Nevermind. :(

[jmtatsch]

Since 3d50d0e you can have your key at ~/.ssh.
Just use ssh-copy-id to set up - it works like a charm.