How to connect to the Nextcloud Box with SSH
Sometimes you need to log into the box' command line interface over a secure shell. This can enable you to install snaps or roll back changes or set up TLS (https) certificates.
The Nextcloud Boxes sold until April 2017 come with the RPI2 compatible image with the 'old' way of having a default ssh login/password combination. Since some time in April we will be shipping new RPI3 images (which can also be downloaded) that have a new, more secure connection mechanism.
By default, the Box can be reached easily via your browser on the local network, see the inlay which came with your Box for the URL. But if you want to log in through ssh, follow the instructions below.
You can first try to use the hostname defined in the Box, which is:
ubuntu-standard.local or ubuntu-standard.localdomain or nextcloud.local (see the inlay which came with your Box)
If that doesn't work, you can open a command prompt in your favourite OS and type:
$ arp -a
In the list of entries, if you're using a Raspberry Pi 2, you should see one which starts with:
b8-27
Use the IP address next to it as the URL to use to connect to the Box
- Use Putty on Window or your Linux command line and open an SSH session using your Box's IP or internal hostname
- Use the password/login ubuntu/ubuntu
If you haven't done so already, you should change your SSH password
$ passwd
Note: type your new password twice and make sure to remember it or you will lose access to the Box!
To enhance security, connecting your Nextcloud box now requires to create a user profile and a core system user on your Nextcloud box.
You have two options:
- either you plug a keyboard in the USB port and a monitor in the HDMI port to go through the Out-of-the-box-experience and complete the device configuration
- or you can create a secure system user on their unmanaged Core device. Then they can log into the device and, for example, install new snap applications.
In both cases, you need to create a Ubuntu SSO
This option requires to plug in a keyboard and a monitor to your Nextcloud box.
First, user needs to create a Ubuntu SSO Account.
- Ubuntu SSO account is required to setup an user profile. User needs to create an Ubuntu SSO account before logging into Ubuntu Core 16.
- To create Ubuntu SSO account, go to https://login.ubuntu.com
- Complete account verification
- Link to the instructions how to generate SSH Key: https://help.ubuntu.com/community/SSH/OpenSSH/Keys
- For Window users, please refer to the following link about how to generate SSH key: https://support.rackspace.com/how-to/generating-rsa-keys-with-ssh-puttygen
- User needs a keyboard and a monitor plugged to the device to be able go through OOBE and complete the device configuration.
- Internet connection is required.
- At the beginning of OOBE, the device will prompt “Press enter to configure”
After system boots up completely, the default hostname is set to “nextcloud”, and a MDNS service is also up, so if you would like to connect to Nextcloud in a local network:
- Open a browser and use this URL: http://nextcloud.local.
- After a nextcloud user account is created, you can use ‘nextcloud.local’ to connect to nextcloud from owncloud client and webdav
After the OOBE is done completely, you can use SSH to log into the system:
- $ ssh {default user}@nextcloud.local
- Password: Ubuntu Core 16 uses SSH key of the default user to log in, so the private SSH key needs to be placed in the ~/.ssh folder.
This option allows you to connect to your Nextcloud box from your device.
You may want to create a secure system user on your unmanaged Core device. Then you can log into the device and, for example, install new snap applications.
Note that you can not add a system user to a device that already has one.
An Ubuntu system is needed. If you do not have Ubuntu already you can create an Ubuntu virtual machine in Windows with VirtualBox, and do similar in Mac OS.
To make the system user with this procedure, you need the following:
- An Ubuntu 16.04 system. This is step one , covered below.
- An Ubuntu Store account. This is the first step of this documentation. In your account, you must fill the Developer namespace . See: https://myapps.developer.ubuntu.com/dev/account/ You can use firstnamelastname, or any other value.
- The brand of the device. This is provided to you by the entity that created the Core system.
- The model of the device. This is also provided to you by the entity that created the Core system.
The result of this procedure is a new file (named “auto-import.assert”) that you copy to a USB stick and insert in your device. The device responds by creating your user account, so you can log in and, for example, install snap applications.
Note: As mentioned, the user can only be created upon USB insertion if the device is not already managed. This means the device cannot already have a system user. For example, some devices provide a configuration experience in an attached console when they turn on. If this configuration experience was ever completed and a user was created, then you cannot add another one using this procedure. Instead, you could log in using that account.
You need Ubuntu (desktop or server) 16.04. If you have Ubuntu 16.04 installed on a computer,you can skip this step and continue with creating the system user as explained below.
If you run Windows, you can create an Ubuntu system inside Windows using VirtualBox, and in Mac OS using similar steps. VirtualBox allows you to create virtual machines inside your host operating system (inside Windows). Each virtual machine runs its own operating system inside a window in Windows. That is, the virtual machine has its own window and is just like any other application. The following link/document explains how to create a VirtualBox virtual machine in Windows and install Ubuntu16.04 into it. You can use this Ubuntu instance to complete the process of creating a system user file as described here
Here we cover how to use your Ubuntu 16.04 system to create a system user on your core device.
Note: Screenshots in the following show Ubuntu running in a VirtualBox Ubuntu virtual machine on Windows. The commands and procedures shown here work in any Ubuntu 16.04 Desktop system, whether installed natively or in in a virtual machine.
Click the top icon on the left panel (just beneath Ubuntu Desktop ) and type in “terminal”, then
click the Terminal icon to launch it.
You use snapcraft to login to the Ubuntu store and create and register a security key.
Enter the following command to install the best version of snapcraft and snapd:
$ sudo apt update && sudo apt install snapcraft
Note: The dollar sign (“ $ ”) in the command above represents the command prompt and is probably different in your terminal. You need to enter everything stated above after the dollar sign command prompt.
Enter your password as prompted.
Please ensure snapd is up to date, as follows:
$ sudo apt install snapd
In the terminal, sign in with:
$ snapcraft login
Provide your Ubuntu store account email and password as prompted.
Create a security key named “system-user” as follows (you can name it differently if you want, but you need to use the name later):
$ snapcraft create-key system-user
Enter a password for this key as prompted.
Note: You must remember this key’s password. You can not use the key without the password.
It takes some time to create key. And it requires system activity to create it (this activity makes the key random and secure). During the period of creation, please do other activities in Ubuntu, for example, launch the Firefox browser (third icon from the top on the left in this case) and open tabs, open pages, and etc. The more you do, the faster the key is created.
The key is created when the terminal command prompt is returned, as here:
In the terminal, enter the following to register your new key:
$ snapcraft register-key system-user
Enter your Ubuntu store email and password as prompted.
And after that, enter your key password as prompted.
The make-system-user snap provides a tool that you can run to make a file (auto-import.assert) that you can later place on a USB stick and insert into a Core device to create the system-user account.
Install the make-system-user snap as follows:
$ sudo snap install make-system-user --classic
As noted with additional detail previously, you need the following from your device provider:
- Brand: This can be a long set of letters and numbers). In this example we use “mybrand”.
- Model: This can be human readable or a not. In this example we use “mymodel”
Note: The brand and model you use must be correct. They must be exactly what the device provider gave you (including capitalization). If they are not correct, the user will not be created on the system when you insert the USB stick into the device later (but the command here will succeed normally). This is a security feature that protects the system from having a user created by someone who does not know the required information. You also need the name of the snapcraft key you created previously, which in this case we named: “system-user”
Tip: Display your keys with: $ snapcraft keys
You also need a username and password for the account to be created on the device. In this case we use “myuser” and “mypassword”.
Note: You must not forget the username and password of the account.
Run the following command, replacing the command arguments in italics with the appropriate values as explained above:
$ make-system-user.run --brand mybrand --model mymodel --username myuser --password
mypassword --key system-user
Enter the password for your key as prompted:
On success , the following message displays:
Done. You may copy auto-import.assert to a USB stick and insert it into an unmanaged Core system, after which you can log in using the username and password you provided.
And, the following file is created in your current directory: auto-import.assert
Tip : Display command help with make-system-user.run --help
You can verify the file exists with the ls command:
$ ls
auto-import.assert
Tip: If you are in a virtual machine on Windows, you may find it easiest to open your web email (gmail, hotmail, etc.) and attach the file to a message you mail to yourself. Then, in Windows, download the email attachment and copy it into the top level directory of a USB stick.
Wait 10 seconds or so to ensure the system-user is imported from the USB stick.
Log into the device with the user account
You can now log into the device in various ways. The approach you should take depends on the particular device. One method is to sign in remotely from an Ubuntu system (or any system that has the ssh command, for example (enter your new user’s password as prompted):
$ ssh -o "IdentitiesOnly=yes" myuser@192.168.0.101 myuser@192.168.0.101's password:
Welcome to Ubuntu Core 16 (GNU/Linux 4.4.0-1030-raspi2 armv7l)
- Documentation: https://help.ubuntu.com
- Management: https://landscape.canonical.com
- Support: https://ubuntu.com/advantage Welcome to Snappy Ubuntu Core, a transactionally updated Ubuntu.
- See https://ubuntu.com/snappy It's a brave new world here in Snappy Ubuntu Core! This machine does not use apt-get or deb packages. Please see 'snap --help' for app installation and transactional updates. Last login: Fri Feb myuser@localhost:~$ 3 15:55:37 2017 from 192.168.0.111