Install SSH

From AwkwardTV
Revision as of 08:50, 4 May 2007 by Nsc (talk | contribs) (Formatting Step 5)
Jump to: navigation, search


These instructions are for installing ssh on the Apple TV from an Intel Mac (if you don't have an Intel Mac, you need to find another source for sshd, such as and - please verify that those work). You need to remove the Apple TV's hard drive and mount it using some sort of firewire or usb enclosure, perform the below steps, and then reinstall the drive. It is not necessary to disable the firewall (see Disable Firewall), however (for some unknown reason) the SSH server only allows SSH protocol version 1 connections so you will need to use the -1 option when using the ssh client.

If you copy sshd from a 10.4.9 Intel Mac (OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006), the sshd binary will crash when trying to establish a SSH2 connection. To get SSHv2 working, see Step 4.

Step 1

Copy sshd from /usr/sbin/ on your local Intel Mac, to /Volumes/OSBoot/usr/sbin/ on the Apple TV HD (you have to use an Intel-compiled version).

After that you have to change the sshd file classification from Document type to a UNIX shell script. The easiest is to do a
chmod +x /Volumes/OSBoot/usr/sbin/sshd
in the Terminal.

Step 2

Rewrite /Volumes/OSBoot/System/Library/LaunchDaemons/ssh.plist with this:

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "">
 <plist version="1.0">

Step 3

Log in like this:

ssh -1 frontrow@AppleTV.local

Password "frontrow"

  • If you are on a windows machine, use Putty to connect.
    • Under connections -> ssh, there is an option for "1 only". Use this.
    • You may need to connect by IP address instead of by name if you do not have Bonjour installed.
  • Note: user "frontrow" has sudo privileges. The password for sudo is "frontrow".

Step 4 - Creating Host Keys and Making ssh2 Work

As noted copying the sshd binary from a 10.4.9 install will only support version 1 of the ssh protocol. To enable ssh2, and create your host keys, follow these steps.
This is written assuming you already have ssh1 shell access to the device.

  1. Download the ssh package listed above from here and extract usr/sbin/sshd from the package.
  2. scp this file over to the ATV with the following command
    scp -1 sshd frontrow@<your ip address>:
  3. Log in to the ATV and remount the root partition as read write.
    -bash-2.05b$ sudo mount -o rw,remount /dev/disk0s3 /
  4. Backup the existing sshd
    -bash-2.05b$ sudo mv /usr/sbin/sshd /usr/sbin/sshd.old
  5. Move the new sshd binary to /usr/sbin
    -bash-2.05b$ sudo mv /Users/frontrow/sshd /usr/sbin/sshd
  6. Again change the sshd file classification from Document type to a UNIX shell script.
    -bash2.05b$ chmod +x /usr/sbin/sshd
  7. Generate the rsa key - Do not use a passphrase
    -bash-2.05b$ sudo ssh-keygen -t rsa -f /etc/ssh_host_rsa_key
  8. Generate the dsa key - Do not use a passphrase
    Note: this can be / is a bit slow on the ATV; be patient.
    -bash-2.05b$ sudo ssh-keygen -t dsa -f /etc/ssh_host_dsa_key
  9. Generate the rsa1 key - Do not use a passphrase
    -bash-2.05b$ sudo ssh-keygen -t rsa1 -f /etc/ssh_host_key

Note: You may need to create a sshd_config file in /etc for this to work. The file can be empty.

Step 5 - Logging in without a password

  1. It's assumed all prevous steps are completed.This section only works for a Mac, windows users should investigate Pagent, a program that comes with Putty. First create a special directory on the ATV for your keys.
 -bash-2.05b$ mkdir ~frontrow/.ssh
 -bash-2.05b$ chmod 700 ~frontrow/.ssh
  1. Add a key to the authorized_files file and protect the file. SSH checks the permissions of this file very carefully.
 -bash-2.05b$ cat /etc/ > ~frontrow/.ssh/authorized_keys
 -bash-2.05b$ chmod 600 ~frontrow/.ssh/authorized_keys
  1. Display the full private key and copy the text to the clipboard. You'll see something like
 -bash-2.05b$ sudo cat /etc/ssh_host_rsa_key
 ..lots more stuff here..
  1. Still on the ATV, remount the root partition read only.
    -bash-2.05b$ sudo mount -o ro,remount /dev/disk0s3 /
  2. On your Mac in a terminal window run nano -wci ssh_host_key and paste in the clipboard text. Press Ctrl-x to save and exit
  3. Change the permissions on this new file:
 chmod 700 /path_to_file/ssh_rsa_key
  1. Test your mod before logging out of the ATV by opening a new connection to the device. running this should not require a password, if it does check the permissions on your ATV .ssh directory, authorized_keys file and the key file on the Mac, all shoule be 600 or 700.
ssh -i /path_to_file/ssh_rsa_key frontrow@ 
  1. If you get something like this then just delete the known_hosts file
 Someone could be eavesdropping on you right now (man-in-the-middle attack)!
 It is also possible that the RSA host key has just been changed.
 The fingerprint for the RSA key sent by the remote host is
 Please contact your system administrator.
 Add correct host key in /Users/nsc/.ssh/known_hosts to get rid of this message.
 Offending key in /Users/nsc/.ssh/known_hosts:1
 RSA host key for has changed and you have requested strict checking