Feature request: ssh keys

[doniks]

As a developer, I want a convenient way to enable ssh. Therefore my ssh key needs to be installed on the device.

Currently, the advice http://docs.ubports.com/en/latest/userguide/advanceduse/ssh.html#copy-the-public-key-to-your-device is to adb push it yourself. I have heard others using bluetooth, or younameit way of transporting the key to the device and then fiddling in the commandline to put the key in the right place and not mess up any of the access rights for ~/.ssh and ~/.ssh/authorized_keys

It would be great if I could tick a box in the installer and it would do it for me. Simple implementation could just:

• create on the phone:~/.ssh
• append my key as found on my laptop:~/.ssh/id_rsa.pub to the list on the phone:~/.ssh/authorized_keys
• chmod 700 the folder
• chmod 600 the file

[Justinzobel]

This would be great to have. It would enable fast access for those that want to tinker and improve Ubuntu Touch.

[Fuseteam]

Does this really belong on the installer? This sounds like something system settings could do, additionally you do need to transfer the public key one way or another. So some sort of a workflow needs to be worked out

[maciek134]

@Fuseteam how would system settings pull a key from the PC?

[Fuseteam]

Welp you be fast xd how about something like: https://sourceforge.net/projects/ssh-pull-id/

[Justinzobel]

For instance, postmarketOS can copy the user's public key during it's image creation.

[maciek134]

Welp you be fast xd how about something like: https://sourceforge.net/projects/ssh-pull-id/

That would require you to have sshd running and password login enabled on your PC (you should have neither and good luck on Windows). Installer seems like the only place this could be done before you touch the device, since after installation you'd have to enable adb to copy the key otherwise.

[Fuseteam]

Hmmm yeah windows would deffo not work

[Justinzobel]

Any progress on this? Even Putty can generate ssh keys I believe so it could be done on any installer. The other option is to allow password-based login initially and then the user can send their key and disable password-based auth.

[doniks]

Just a thought wrt scope / expectation management since I see a number of other ppl chime in.

Even if someone steps up and implements this, this is still only part of the bigger use case I would see: "As a developer, I want a convenient way to use ssh". In order to use it, I need the keys as discussed above, but also a way to turn sshd on (and off?!).

In my mind, that toggle would anyway not be in scope of the installer, but would always have to go into the OS/settings, related to this: https://gitlab.com/ubports/community-ports/pinephone/-/issues/104

[doniks]

Welp you be fast xd how about something like: https://sourceforge.net/projects/ssh-pull-id/

That would require you to have sshd running and password login enabled on your PC (you should have neither and good luck on Windows). Installer seems like the only place this could be done before you touch the device, since after installation you'd have to enable adb to copy the key otherwise.

[doniks]

(doh, wrong button)

[maciek134]

Even Putty can generate ssh keys I believe so it could be done on any installer

The issue is not with generating keys (you don't want a random key), the issue is in putting the key (or the override to enable sshd) in the image before flashing

but also a way to turn sshd on

halium-install can do this too, so I guess that's where this could start? I think I have an idea how this could happen

[Fuseteam]

fwiw it is now possible on focal to enable sshd with systemctl start ssh.socket

for the ssh key, i was thinking perhaps we could make use qr codes: the flow i have in mind is:

• generate a qr code of the ssh public key on the pc
• open settings app, select option to add a ssh key (exact location tbd)/use the barcode reader
• scan the qrcode, the system then adds the public key to ~/.ssh/authorized_keys with the appropriate permissions

the biggest hurdle is of course how we generate the qr code out of the public key........maybe the installer could do it, but that feels out of scope