chromeos-base/chromeos-sshd-init/files/openssh-server.conf.README - mirrors/cros/chromiumos/overlays/chromiumos-overlay - Git at Google

 Copyright 2015 The Chromium OS Authors. All rights reserved.
 Use of this source code is governed by a BSD-style license that can be
 found in the LICENSE file.

 ------------------------------
 Instructions for enabling sshd
 ------------------------------

 Normally base images will not automatically start sshd on boot. If sshd is
 needed, below are a few recommended ways to start it, from simplest to most
 complicated.


 1. OOBE debugging features.
   This is the easiest way to enable sshd, but if OOBE has already been bypassed
   the machine will have to be powerwashed first to get back to OOBE.

   Enabling the OOBE debugging features will cause sshd to start automatically
   on each boot, and both password and test key access will be enabled.

   For more information on OOBE debugging features, see
   dev.chromium.org/chromium-os/how-tos-and-troubleshooting/debugging-features.


 2. Run a helper program.
   An executable named dev_features_ssh is available to enable sshd. Rootfs
   verification must be removed first or the helper program will have no effect.

   This will cause sshd to start automatically on each boot with test key
   access. Password access can optionally be enabled after rootfs verification
   has been removed.

   # Remove rootfs verification.
   $ /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification
   $ reboot

   # Install sshd startup files.
   $ /usr/libexec/debugd/helpers/dev_features_ssh

   # Allow password access (optional).
   $ passwd


 3. Manually start sshd.
   This is the least convenient option, but doesn't require OOBE or rootfs
   verification removal, so can be used without changing the system too much.

   Unlike the above methods, this will not auto-start sshd on boot.
   Additionally, password access is not possible without rootfs verification
   removal, so test keys must be used to SSH into the device.

   # Create host keys (only needs to be done once).
   $ mkdir -p /mnt/stateful_partition/etc/ssh
   $ ssh-keygen -f /mnt/stateful_partition/etc/ssh/ssh_host_rsa_key -N '' -t rsa
   $ ssh-keygen -f /mnt/stateful_partition/etc/ssh/ssh_host_ed25519_key -N '' -t ed25519

   # Open firewall and start sshd (must be done on every boot).
   $ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
   $ /usr/sbin/sshd \
     -oAuthorizedKeysFile=/usr/share/chromeos-ssh-config/keys/authorized_keys
	Copyright 2015 The Chromium OS Authors. All rights reserved.
	Use of this source code is governed by a BSD-style license that can be
	found in the LICENSE file.

	------------------------------
	Instructions for enabling sshd
	------------------------------

	Normally base images will not automatically start sshd on boot. If sshd is
	needed, below are a few recommended ways to start it, from simplest to most
	complicated.


	1. OOBE debugging features.
	This is the easiest way to enable sshd, but if OOBE has already been bypassed
	the machine will have to be powerwashed first to get back to OOBE.

	Enabling the OOBE debugging features will cause sshd to start automatically
	on each boot, and both password and test key access will be enabled.

	For more information on OOBE debugging features, see
	dev.chromium.org/chromium-os/how-tos-and-troubleshooting/debugging-features.


	2. Run a helper program.
	An executable named dev_features_ssh is available to enable sshd. Rootfs
	verification must be removed first or the helper program will have no effect.

	This will cause sshd to start automatically on each boot with test key
	access. Password access can optionally be enabled after rootfs verification
	has been removed.

	# Remove rootfs verification.
	$ /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification
	$ reboot

	# Install sshd startup files.
	$ /usr/libexec/debugd/helpers/dev_features_ssh

	# Allow password access (optional).
	$ passwd


	3. Manually start sshd.
	This is the least convenient option, but doesn't require OOBE or rootfs
	verification removal, so can be used without changing the system too much.

	Unlike the above methods, this will not auto-start sshd on boot.
	Additionally, password access is not possible without rootfs verification
	removal, so test keys must be used to SSH into the device.

	# Create host keys (only needs to be done once).
	$ mkdir -p /mnt/stateful_partition/etc/ssh
	$ ssh-keygen -f /mnt/stateful_partition/etc/ssh/ssh_host_rsa_key -N '' -t rsa
	$ ssh-keygen -f /mnt/stateful_partition/etc/ssh/ssh_host_ed25519_key -N '' -t ed25519

	# Open firewall and start sshd (must be done on every boot).
	$ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
	$ /usr/sbin/sshd \
	-oAuthorizedKeysFile=/usr/share/chromeos-ssh-config/keys/authorized_keys