Secure Shell

1. What is Secure Shell?

FreedomBox runs openssh-server server by default allowing remote logins from all interfaces. If your hardware device is connected to a monitor and a keyboard, you may login directly as well. Regular operation of FreedomBox does not require you to use the shell. However, some tasks or identifying a problem may require you to login to a shell.

2. Setting Up A User Account

2.1. Plinth First Log In: Admin Account

When creating an account in Plinth for the first time, this user will automatically have administrator capabilities. Admin users are able to log in using ssh (see Logging In below) and have superuser privileges via sudo.

2.2. Default User Account

The pre-built FreedomBox images have a default user account called "fbx". However the password is not set for this account, so it will not be possible to log in with this account by default.

There is a script included in the freedom-maker program, that will allow you to set the password for this account, if it is needed. To set a password for the "fbx" user:

1. Decompress the image file.

2. Get a copy of freedom-maker from https://salsa.debian.org/freedombox-team/freedom-maker/.

3. Run sudo ./bin/passwd-in-image <image-file> fbx.

4. Copy the image file to SD card and boot device as normal.

The "fbx" user also has superuser privileges via sudo.

3. Logging In

3.1. Local

To login via SSH, to your FreedomBox:

$ ssh fbx@freedombox

Replace fbx with the name of the user you wish to login as. freedombox should be replaced with the hostname or IP address of you FreedomBox device as found in the Quick Start process.

fbx is the default user present on FreedomBox with superuser privileges. Any other user created using Plinth and belonging to the group admin will be able to login. The root account has no password set and will not be able to login. Access will be denied to all other users.

fbx and users in admin group will also be able to login on the terminal directly. Other users will be denied access.

If you repeatedly try to login as a user and fail, you will be blocked from logging in for some time. This is due to libpam-abl package that FreedomBox installs by default. To control this behavior consult libpam-abl documentation.

3.2. SSH over Tor

If in Plinth you have enabled onion services via Tor, you can access your FreedomBox using ssh over Tor. On a GNU/Linux computer, install netcat-openbsd.

$ sudo apt-get install netcat-openbsd

Edit ~/.ssh/config to enable connections over Tor.

$ nano ~/.ssh/config

Add the following:

Host *.onion
  user USERNAME
  port 22
  ProxyCommand nc -X 5 -x 127.0.0.1:9050 %h %p

Replace USERNAME with, e.g., an admin username (see above).

Note that in some cases you may need to replace 9050 with 9150.

Now to connect to the FreedomBox, open a terminal and type:

$ ssh USERNAME@ADDRESS.onion

Replace USERNAME with, e.g., an admin username, and ADDRESS with the onion service address for your FreedomBox.

4. Becoming Superuser

After logging in, if you want to become the superuser for performing administrative activities:

$ sudo su

Make a habit of logging in as root only when you need to. If you aren't logged in as root, you can't accidentally break everything.

5. Changing Password

To change the password of a user managed by Plinth, use the change password page. However, the fbx default user is not managed by Plinth and its password cannot be changed in the web interface.

To change password on the terminal, log in to your FreedomBox as the user whose password you want to change. Then, run the following command:

$ passwd

This will ask you for your current password before giving you the opportunity to set a new one.


Information

Support

Contribute

Reports

Promote

Overview

Hardware

Live Help

Where To Start

Translate

Calls

Talks

Features

Vision

Q&A

Design

To Do

Releases

Press

Download

Manual

Code

Contributors

Blog

FreedomBox for Communities

FreedomBox Developer Manual

HELP & DISCUSSIONS: Discussion Forum - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Saturday, December 14th at 14:00 UTC

Latest news: Announcing Pioneer FreedomBox Kits - 2019-03-26

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox