1. Manuals
  2. Brands
  3. GARZ&FRICKE Manuals
  4. Industrial PC
  5. GUF-Yocto-34.0-r5756-0-VINCELL
  6. User manual

Telnet Service - GARZ&FRICKE GUF-Yocto-34.0-r5756-0-VINCELL User Manual

Embedded computer systems
Hide thumbs
Table of Contents

Advertisement

generating ssh ED25519 key...
Restarting OpenBSD Secure Shell server: sshdstopped /usr/sbin/sshd (pid 1108)
root@gufboardll:~# ll /etc/ssh/ * key *
-rw-------
1 root
!
-rw-r--r--
1 root
pub
,
-rw-------
1 root
!
-rw-r--r--
1 root
pub
,
!
-rw-------
1 root
ssh_host_ed25519_key
,
!
-rw-r--r--
1 root
ssh_host_ed25519_key.pub
,
-rw-------
1 root
!
-rw-r--r--
1 root
pub
,
root@gufboardll:~#
For more information see the official OpenSSH documentation. The ssh keys can also be used as replacement
for the password authentication of the remote user. Please see the official documention for this feature.
SFTP only with restricted folder visibility
log files or change config files in one specific folder. To reduce the security risk of a open remote service, it is
possible to restrict the ssh service access to the SFTP feature, locking the user into for example his home folder.
Folowing steps are needed for setup:
Create the user:
root@vincell:~# adduser service
Change the owner of his home directory to root (needed by sftp changeroot):
root@vincell:~# chown -R root:service
Edit the ssh config:
root@vincell:~# /etc/ssh/sshd_config
In the config file, change the sftp subsystem:
# override default of no subsystems
# Subsystem
sftp
Subsystem sftp internal-sftp
And append the following to the configuration:
Match User service
ChrootDirectory /home/service
ForceCommand internal-sftp
AllowTCPForwarding no
X11Forwarding no
Now it is possible to use for example filezilla to access the device with the new user and its password but the root
folder shown in filezilla is the home folder on the device.
Note: By default the user is also able to login using telnet or the serial console with access to the
complete root filesystem. If this is not desired, further configuration steps are needed.

4.1.4 Telnet service

The
service allows the user to log in on the target system.
telnet
root
668 Sep 23 13:06 /etc/ssh/ssh_host_dsa_key
root
607 Sep 23 13:06 /etc/ssh/ssh_host_dsa_key.
root
227 Sep 23 13:06 /etc/ssh/ssh_host_ecdsa_key
root
179 Sep 23 13:06 /etc/ssh/ssh_host_ecdsa_key.
root
411 Sep 23 13:06 /etc/ssh/
root
99 Sep 23 13:06 /etc/ssh/
root
1675 Sep 23 13:06 /etc/ssh/ssh_host_rsa_key
root
399 Sep 23 13:06 /etc/ssh/ssh_host_rsa_key.
Sometimes it is enough, when a remote user is able to download
/home/service
/usr/lib/openssh/sftp-server
GUF-Yocto-34.0-r5756-0
VINCELL
User Manual
¡
¡
15

Advertisement

Table of Contents
loading

Table of Contents