Install SSH

From AwkwardTV
Revision as of 07:11, 9 September 2007 by XvnJ6r (talk | contribs)
Jump to: navigation, search
cheap paxil cheap ephedrine cheap vigrx free cingular ringtones cheap cialis free cellular ringtones wellbutrin online sprint ringtones albuterol online buy ultracet cheap celebrex phendimetrazine online tmobile ringtones free alltel ringtones norco online cheap cipro darvon audiovox ringtones free animal ringtones zocor online free real ringtones celexa online cheap celebrex cheap hoodia buy tenuate cheap protonix free turkey ringtones free mtv ringtones cheap vardenafil cheap didrex free sony ringtones cheap adderall cool ringtones diovan cheap pharmacy online norco americanairlines cheap xanax free sonyericsson ringtones oxycontin online cheap buspar cheap provigil buy diazepam cheap sibutramine order xanax free true ringtones midi ringtones wwe ringtones alprazolam cheap ephedra cheap ambien pantech ringtones cheap morphine cheap lortab buy atenolol buy amoxicillin hydrocodone online cheap xenical cheap phendimetrazine cheap wellbutrin free real ringtones home mortgage loans buy cipro cheap diazepam free polyphonic ringtones sildenafil cheap propecia xenical online phentermine online cheap ativan order zoloft animal ringtones cheap rivotril cheap zyban mono ringtones buy flagyl alprazolam buy albuterol cheap flexeril cheap diethylpropion retro ringtones free mobile ringtones cheap ritalin free metal ringtones sharp ringtones free alcatel ringtones cheap actos buy lipitor disney ringtones cheap zithromax free alcatel ringtones hgh online mortgage second cheap xanax cheap vicodin car insurance florida cheap soma free punk ringtones cheap metformin buy azithromycin coppola luigi valencia guillermo ver video de michell viet cogiendo storia d amore celentano profumo iris una sposa per due rossetto lancome turner hotel roma volo settimo torinese wakash emmanuelle significado de nombres centri per l impiego di varese arte della bigiotteria reggio emilia giada tronchetti dawn addams miele novotronic w 155 colonna sonora fuochi d artificio disponibile la demo di pro evolution soccer 4 dragons lear parco natura musica tropical messaggio per un aquila che si crede franki hi energy fuck women tatuaggi farfalla new york new york franco simoni bouble double ingresso dv sony videocamere georgie e bonnie plextor dvd r rw seagate 15000 nuovi farmaci sclerosi multipla acer 3212wxmi annuncio affitti ragusa keygen lfs s1 mocellin dlink dwl2700ap glenn close patas blancas stampanti hp laserjet 3030 www a1 lopez jennifer nuda suonerie parlate sorrento sposi thirteen tredici anni joe satriani always whit me always with yo fagersta la muta di portici www metro it fotos follando de pamela anderson www itinerari it matematica espressione un siciliano a milano libri radeon x800 256mb ddr3 emp s3 organizzare una serata romantica broken by seether featuring amy lee dvd pioneer dvr109 ati firegl v5000 128mb gddr3 cdx f7750 mj peter andre formula 1 world grand prix 2 psicologia dello sviluppo con semp semp lavori di fabbro siamo cosi c200 siemens stornelli di claudio villa non sono una persona perfetta grembiule moduli fotovoltaici weider 125 pro www kenwood it tvi novelas mp3 cuffie auricolari e testo della canzone di tommy vee dreamcam home teatre dvd hd luigi tenco se stasera sono qui virtua tennis in movimento su psp www hart sexe com sole sesso e pastorizia pagine bianche di verona ecokeno luca in cinese abit nf7s 2 0 heroes nacionales tiziano ferro non me wainwright seagate momentus 2 5 mariti inculati www donne porche it il divorzio olvidame y pega la vuelta a fine pix a340 fujifilm home cinema senza fili ram kingston 2gb

<Google>WIKI</Google>

Introduction

These instructions are for installing ssh on the Apple TV from an Intel Mac. If you don't have an Intel Mac, you can extract an sshd from one of the recent OS X security updates or from the OS X 10.4.9 update, which you can download from Apple's web site.

To find the sshd in an update, mount the .dmg image, right-click on the .pkg install package, select 'Show Package Contents', find the Archive.pax.gz file, extract it using OpenUp, and you will find the the sshd daemon in Archive_X/usr/sbin/. Verify that it's an x386 executable by using file sshd.

Without an Intel Mac, though, you won't be able to get the Kerberos framework, and you'll be stuck with ssh v1. You can NOT use the sshd or Kerberos framework from a PPC Mac (G3, G4, or G5).

  • Changed 2007-06-01: You also can use ssh v2 now. (This was formerly a problem)
  • Changed 2007-06-02: Fixed up the rest of the page a bunch. Eliminated significant errors in first half of last section. Now shows how to connect without having to provide either the password or the username.
  • Changed 2007-06-10: Fixed up the Kerberos stuff (see #Notes for some history).

For the following steps you need to remove the Apple TV's hard drive and mount it using some sort of firewire or usb enclosure, or use a USB-to-PATA adapter such as the one sold by OWC. Perform these steps, and then reinstall the drive. It is not necessary to disable the firewall (see Disable Firewall).

How to install SSHD

Preparations

Make sure that your AppleTV drive is mounted on your Intel Mac (or whatever machine you're using to do this). It should be in your filesystem at /Volumes/OSBoot. If it's not, you'll need to modify the instructions below accordingly.

Copy the SSHD Binary

Copy sshd from your Mac to your AppleTV. For example:

cp -p /usr/sbin/sshd /Volumes/OSBoot/usr/sbin/

The "-p" preserves permissions while copying sshd; if you forgot it, mark the copy as executable:

chmod  x /Volumes/OSBoot/usr/sbin/sshd

Creating an automatic startup file

Make sshd start automatically on boot. If you have the AppleTV disk mounted on a Mac, it's easy. Make sure SSH is enabled, on your Mac (Preferences, Sharing, Services, Remote Login) this will create startupfile ssh.plist then do:

cp -p /System/Library/LaunchDaemons/ssh.plist /Volumes/OSBoot/System/Library/LaunchDaemons/
defaults delete /Volumes/OSBoot/System/Library/LaunchDaemons/ssh Disabled

Otherwise, create a text file /Volumes/OSBoot/System/Library/LaunchDaemons/ssh.plist containing:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>com.openssh.sshd</string>
        <key>Program</key>
        <string>/usr/libexec/sshd-keygen-wrapper</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/sbin/sshd</string>
                <string>-i</string>
        </array>
        <key>SessionCreate</key>
        <true/>
        <key>Sockets</key>
        <dict>
              <key>Listeners</key>
                <dict>
                        <key>Bonjour</key>
                        <array>
                                <string>ssh</string>
                                <string>sftp-ssh</string>
                        </array>
                        <key>SockServiceName</key>
                        <string>ssh</string>
                </dict>
        </dict>
        <key>StandardErrorPath</key>
        <string>/dev/null</string>
        <key>inetdCompatibility</key>
        <dict>
                <key>Wait</key>
                <false/>
        </dict>
</dict>
</plist>

Installing the Kerberos framework (optional)

  • This step is not possible if you do not use an Intel machine.

Copy over the Kerberos framework, so sshd will be able to use the ssh v2 protocol (without this step, you're limited to v1).

mkdir /Volumes/OSBoot/System/Library/Frameworks/OSXFrames
cp -pr /System/Library/Frameworks/Kerberos.framework /Volumes/OSBoot/System/Library/Frameworks/OSXFrames/.
cd /Volumes/OSBoot/usr/libexec/
sudo sed -i"" -e 's;^exec;DYLD_FRAMEWORK_PATH="/System/Library/Frameworks/OSXFrames" exec;' sshd-keygen-wrapper

(The effect of that ugly sed line is to add DYLD_FRAMEWORK_PATH="/System/Library/Frameworks/OSXFrames" to the beginning of the last line of sshd-keygen-wrapper. Using pico or vi is another possibility.)

Logging in

The basics are done and you can now put the disk back in the AppleTV, restart it, and log in. If you installed the Kerberos framework, the command is:

ssh frontrow@appletv.local

Otherwise use the command below which forces ssh to use the v1 protocol.

ssh -1 frontrow@appletv.local

The password, as shipped from Apple, is frontrow. If your box doesn't support Bonjour (that's most machines that aren't Macs, though you can install it on Windows, Linux, etc.), you'll have to connect to it by IP address, or put it in your local DNS or your /etc/hosts file (or analogue). In that case, figure out its IP address, and use that instead of "appletv.local".

IMPORTANT NOTE
The first time you try to SSH into the AppleTV, it will generate host keys. This takes a long time (at least compared to modern machines). If you try to connect right after rebooting it, you may have to wait as long as a couple of minutes for it to work. Be patient, and just try ssh again if it times out.

Other misc. notes:

  • If you are on a windows machine, use Putty or other ssh clients to connect.
  • The user "frontrow" has complete sudo privileges. To be root, do sudo -s and put in the password again (frontrow by default, remember?).

Logging in without a username or password

The previous contents of this section were terribly confusing. They recommended taking the ATV's private host key and using it as your personal key on your Mac (or perhaps as the host key on your Mac, it wasn't clear). Someone else later provided an "Alternate Method" which was correct, and this is mostly a light edit of that.

Everything here is done on your Mac, unless explicitly stated otherwise.

Checking for an existing identity

First, check to see if you have an identity already; if not, make one:

cd ; ls .ssh/id_rsa

If you see a file called id_rsa, then you already have an identity, and you can skip the next step.

Creating a new identity

Do this step only if you have no id_rsa file. (Don't worry if you have other files in .ssh- they don't matter, and we won't disturb them.)

To create a new identity file, type:

ssh-keygen

It'll ask for input three times, with lines that begin with "Enter". Just hit return each time. (You can use a passphrase if you're comfortable that you know what you're doing. Leave the filename alone.) It'll look like this, though the username and fingerprint will be different:

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/alexis/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/alexis/.ssh/id_rsa.
Your public key has been saved in /Users/alexis/.ssh/id_rsa.pub.
The key fingerprint is:
ef:3a:22:12:30:8e:37:7f:b5:0e:47:d4:e8:2f:9b:e9 alexis@alexis

Make SSH use username "frontrow" automatically

Do this on your Mac. It will only affect connections from your Mac to the AppleTV:

cat >>.ssh/config
Host appletv.local
 User frontrow
^D

"^D" means you must hit the Control and D button synchronously.

Once this is done, you can just do "ssh appletv.local" instead of "ssh frontrow@appletv.local". Or, if you're really lazy (like me), this (instead of the above) will let you do just "ssh atv" to connect!

cat >>.ssh/config
Host appletv.local atv
 HostName appletv.local
 User frontrow
^D

Installing the ssh key on the AppleTV

  • Copy your public key to your AppleTV. You'll need to enter the password, but you no longer need to specify a username:
scp .ssh/id_rsa.pub appletv.local:~/
  • ssh to your AppleTV (still using password "frontrow", but you no longer have to give a username):
ssh appletv.local
  • Now, while still connected to the AppleTV, make an .ssh directory on your AppleTV, create an "authorized_keys" file and move your public key into it.
mkdir .ssh
mv id_rsa.pub .ssh/authorized_keys

You're done. Exit the ssh session, and try it again. This time, you can connect to the AppleTV without having to enter a password (or by using your passphrase, if you chose to use one).

For more information, see the man pages for ssh, ssh-keygen, and sshd.

Notes

  • The old Step 5 described how to make ssh keys. You won't have to create those, as OS X will create them the first time you connect to its sshd if they don't already exist. Thus, this section was removed.
  • The previous author of this page suggested getting sources for OpenSSL and OpenSSH, if you don't have an Intel Mac handy. This method might be easier if you don't know how to extract files from packages such as the OS or Security updates.)
  • Old instructions were replacing the Kerberos.framework file of the AppleTV. This is causing some problems. In particular, mount_afp fails with "Illegal instruction". If you're running a hacked kernel with SSE3 emulation, this probably won't affect you, but otherwise, it's a major issue. If you followed these previous instructions and overwrote your Kerberos.framework, I'm sorry. :-( The good news is that it's not so hard to recover- just mount the recovery partition, open the DMG, and extract the stub.