-
Notifications
You must be signed in to change notification settings - Fork 131
Enabling SSH access on the Aaeon ACP Douros
Note: Lamassu provides support to machine operators for the default installation of our software on supported environments. We do not offer assistance for installation of the lamassu-machine or lamassu-server software on custom environments, or for their custom development. The notes below are provided as a courtesy and do not come with support.
Warning: By enabling remote SSH access you are opening a port and thus creating a potential for remote exploits. Proceed with caution and understanding the risks.
Add a text file on a flashdrive named authorized_keys containing your public SSH key (or multiple public keys, one per line).
You can get your public SSH key on Linux, Mac, or Windows (PowerShell) by running:
cat ~/.ssh/id_rsa.pub
On the machine's tablet, log in:
sudo su
Enter the root password.
Copy over the keys:
mkdir /root/.ssh
cp /media/iva/FLASH-DRIVE-NAME/authorized_keys /root/.ssh/
Install/update OpenSSH:
apt update
apt install -y openssh-client openssh-server
Edit the SSH configuration file, changing the fourth line of text from Port 22 to Port 30034:
nano /etc/ssh/sshd_config
Save with Ctrl+X, then Y then Enter.
Open port 30034 (and block connections from IP addresses that make more than 6 unsuccessful connection attempts):
ufw allow 30034/tcp
ufw limit 30034/tcp
Get the local IP address of this machine, and make a note of it:
hostname –I
Get the external IP address of this machine, and make a note of it:
dig +short myip.opendns.com @resolver1.opendns.com
Restart the machine for changes to take effect:
shutdown -r now
Important: Log into the connected router's admin portal, choose 'Port Forwarding', then add a rule forwarding external port 30034 to this machine's local IP address, via TCP, routing it locally also to 30034.
On your computer which has your private SSH key, now attempt to log into the remote machine, replacing 1.2.3.4 below with the public, external IP address of the machine's network (not its internal IP):
ssh [email protected] -p 30034