Using ssh on WD My Book World Edition Whitelight

Hi Martin,

does the folder '/shares/<REMOTE_USER>n/.ssh' exist on your WDMB? If not please log in with ssh and run 'mkdir .ssh; chmod 700 .ssh'.

If ssh-copy-id still fail you can also do that manually:
cat ~/.ssh/id_rsa.pub | ssh <REMOTE_USER>@<MBWE> 'umask 077; cat >>.ssh/authorized_keys'

Regards,
Germar

Hi Germar

Many thanks! I can't understand the problem I have. Here is what I receive if I try to login with ssh:

martin@martin:~$ ssh martin@192.168.0.7 martin@192.168.0.7's password:

-bash: /etc/profile: Permission denied
-bash-3.2$

I know the pwd is ok because I can use it to log in as this user via the web interface. If I then run

-bash-3.2$ mkdir .ssh
mkdir: Cannot create directory `.ssh': File exists

I am a little lost!

With thanks for any advice, Martin

Please try 'ssh root@192.168.0.7 chmod 644 /etc/profile'

I'm little short on time today. So if this doesn't fix it I'll try to help you tomorrow again.

Regards,
Germar

Hi Martin,

any news from your MyBook? Does it work now? I would appreciate your feedback so I could extend the FAQ.

Regards,
Germar

Hi Germar
Sorry I didn't reply earlier, I had difficulty finding the time. As I have nothing of importance on the drive (yet!) I have started again. I made it through the FAQ without a problem until I reach section (3). When entering 'chmod 700 .ssh' I received the message 'chmod: .ssh: No such file or directory'. Therefore I used 'mkdir .ssh; chmod 700 .ssh' from your post above. This went fine. However, when I try to log in I am still asked for my password and trying 'ssh <REMOTE_USER>@<MBWE> cp --help' produced information on BusyBox.
I would be happy to receive any further advice!
Yours, Martin

Hi Martin,

I wrote that FAQ from memory after I set up my own MyBook. I had already some important stuff on that so I couldn't start again from scratch to test if I missed a steps. So, I'm sorry for you struggling with this. This is just because I missed some thing.

The .ssh folder must exist before running ssh-copy-id. If not, ssh-copy-id couldn't copy your public key. You created that folder already. So please continue again with the ssh-copy-id command and follow the steps.

It looks like the PATH environment is also not correct yet. Please log in with your normal user and post the output of these commands:
env
cat /etc/profile
grep $(whoami) /etc/passwd

Sorry again for your problems and sorry for using you as a beta tester.
Regards,
Germar

Hi Germar

No problem at all - this is a great learning experience for me. Now, when I try:

ssh-copy-id -i ~/.ssh/id_rsa.pub <REMOTE_USER>@<MBWE> #enter password from above

I receive the response:

bash: /shares/martin/.ssh/authorized_keys: Permission denied

With grateful thanks, Martin

Okay, so this is the same as in your first post. Please try again:
ssh root@192.168.0.7 chmod 644 /etc/profile
ssh-copy-id -i ~/.ssh/id_rsa.pub martin@192.168.0.7

And if ssh-copy-id still fails try:
cat ~/.ssh/id_rsa.pub | ssh martin@192.168.0.7 'umask 077; cat >>.ssh/authorized_keys'

Many thanks: ssh-copy-id still fails, and 'cat...' gives the same error message (bash: .ssh/authorized_keys: Permission denied).

Thanks, Martin

Please log in with your normal user and post the output of these commands:
env
cat /etc/profile
grep $(whoami) /etc/passwd
ls -la /shares/martin/
touch /shares/martin/.ssh/authorized_keys

Here we go:

martin@martin:~$ ssh martin@192.168.0.7
martin@192.168.0.7's password:

-bash-3.2$ env
TERM=xterm
SHELL=/opt/bin/bash
SSH_CLIENT=192.168.0.6 36733 22
SSH_TTY=/dev/pts/0
USER=martin
MAIL=/var/mail/martin
PATH=/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/usr/bin:/bin:/usr/sbin:/sbin
PWD=/shares/martin
SHLVL=1
HOME=/shares/martin
LOGNAME=martin
SSH_CONNECTION=192.168.0.6 36733 192.168.0.7 22
_=/opt/bin/env
-bash-3.2$ cat /etc/profile
export PATH=/opt/bin:/opt/sbin:/usr/bin:/bin:/usr/sbin:/sbin
export PATH=/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/usr/bin:/bin:/usr/sbin:/sbin
export PATH=/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/usr/bin:/bin:/usr/sbin:/sbin
export PATH=/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/usr/bin:/bin:/usr/sbin:/sbin
export PATH=/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/opt/bin:/opt/sbin:/usr/bin:/bin:/usr/sbin:/sbin
-bash-3.2$ grep $(whoami) /etc/passwd
martin:x:503:1000:Linux User,,,:/shares/martin:/opt/bin/bash
-bash-3.2$ ls -la /shares/martin/
total 4
drwx------ 3 martin jewab 37 Apr 28 20:40 .
drwxr-xr-x 5 root jewab 4096 Apr 28 17:36 ..
-rw------- 1 martin jewab 0 Apr 28 20:40 .bash_history
drwx------ 2 martin jewab 28 Apr 28 20:57 .ssh
-bash-3.2$ touch /shares/martin/.ssh/authorized_keys
-bash-3.2$

Looks like you've overriden /etc/profile ( two >> add something to a file, one > overrides the file). Here is my /etc/profile:
https://gist.github.com/Germar/17c9dc1eb378f1524fdb

Please replace yours:
ssh root@192.168.0.7 /opt/bin/nano /etc/profile
        delete all, copy and paste from github
        press CTRL+O and CTRL+X

creating a new .ssh/authorized_keys file was successful. Maybe the public key copy will work with an absolute path:
cat ~/.ssh/id_rsa.pub | ssh martin@192.168.0.7 'umask 077; cat >>/shares/martin/.ssh/authorized_keys'

Done... but the cat... bash: /shares/martin/.ssh/authorized_keys: Permission denied

Thanks, Martin

Hmm. Strange. Let's try an other way:
scp ~/.ssh/id_rsa.pub martin@192.168.0.7:/shares/martin/.ssh/authorized_keys
ssh martin@192.168.0.7
chmod 700 .ssh
chmod 600 .ssh/authorized_keys

Hi Germar - Many thanks for your continuing help. Please see transcript of the session, below:

martin@martin:~$ scp ~/.ssh/id_rsa.pub martin@192.168.0.7:/shares/martin/.ssh/authorized_keys
Agent admitted failure to sign using the key.
martin@192.168.0.7's password:
id_rsa.pub 100% 395 0.4KB/s 00:00
martin@martin:~$ ssh martin@192.168.0.7
Agent admitted failure to sign using the key.
martin@192.168.0.7's password:

declare -x DMALLOC_OPTIONS="debug=0x34f47d83,inter=100,log=logfile"
declare -x EDITOR="/bin/vi"
declare -x HISTFILESIZE="1000"
declare -x HISTSIZE="1000"
declare -x HOME="/shares/martin"
declare -x HOSTNAME="MyBookWorld"
declare -x INPUTRC="/etc/inputrc"
declare -x LOGNAME="martin"
declare -x MAIL="/var/mail/martin"
declare -x OLDPWD
declare -x PAGER="/bin/more "
declare -x PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/bin"
declare -x PS1="[\\u@\\h \\W]\\\$ "
declare -x PWD="/shares/martin"
declare -x SHELL="/opt/bin/bash"
declare -x SHLVL="1"
declare -x SSH_CLIENT="192.168.0.6 37267 22"
declare -x SSH_CONNECTION="192.168.0.6 37267 192.168.0.7 22"
declare -x SSH_TTY="/dev/pts/0"
declare -x TERM="xterm"
declare -x USER="martin"
[martin@MyBookWorld ~]$ chmod 700 .ssh
[martin@MyBookWorld ~]$ chmod 600 .ssh/authorized_keys
[martin@MyBookWorld ~]$ exit
logout
Connection to 192.168.0.7 closed.
martin@martin:~$ ssh martin@192.168.0.7
Agent admitted failure to sign using the key.
martin@192.168.0.7's password:

Okay, this looks like we are one step forward :)
I'm a bit confused where these 'declare -x ...' come from but lets ignore them for now.

The 'Agent admitted failure to sign using the key.' can have two reasons:
(1) your private key is not yet managed by ssh-agent. Try 'ssh-add ~/.ssh/id_rsa'

(2) for some reason ssh doesn't like if you have an open SSH-connection and transfer the key in this. The workaround I found for this on google is:
mv ~/.ssh/id_rsa ~/.ssh/id_rsa.bak
mv ~/.ssh/id_rsa.pub ~/.ssh/id_rsa.pub.bak
ssh martin@192.168.0.7
        enter your password
exit

than reboot or logout and login again on your local computer
mv ~/.ssh/id_rsa.bak ~/.ssh/id_rsa
mv ~/.ssh/id_rsa.pub.bak ~/.ssh/id_rsa.pub

ssh martin@192.168.0.7
       this time you shouldn't need a password anymore

If both methodes doesn't help please run 'ssh -vv martin@192.168.0.7' and post the output in here.

Regards,
Germar

Hi Germar

I tried your option (1) and now I can ssh martin@192.168.0.7 without needing a password. However:

martin@martin:~$ ssh martin@192.168.0.7 cp --help
BusyBox v1.1.1 (2009.12.24-08:39+0000) multi-call binary

Usage: cp [OPTION]... SOURCE DEST

Here is the output of ssh -vv martin@192.168.0.7:

martin@martin:~$ ssh -vv martin@192.168.0.7
OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.7 [192.168.0.7] port 22.
debug1: Connection established.
debug1: identity file /home/martin/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/martin/.ssh/id_rsa-cert type -1
debug1: identity file /home/martin/.ssh/id_dsa type -1
debug1: identity file /home/martin/.ssh/id_dsa-cert type -1
debug1: identity file /home/martin/.ssh/id_ecdsa type -1
debug1: identity file /home/martin/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: <email address hidden>,<email address hidden>,ssh-rsa,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<email address hidden>
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<email address hidden>
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 123/256
debug2: bits set: 524/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 3f:04:4f:22:6f:c1:93:1d:e9:22:fa:1b:a4:79:9b:95
debug1: Host '192.168.0.7' is known and matches the RSA host key.
debug1: Found key in /home/martin/.ssh/known_hosts:1
debug2: bits set: 501/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/martin/.ssh/id_rsa (0x7f3d21f0e560)
debug2: key: martin@martin (0x7f3d21f0f1e0)
debug2: key: /home/martin/.ssh/id_dsa ((nil))
debug2: key: /home/martin/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/martin/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp ad:d3:90:f8:fd:9c:1a:4a:ba:77:cb:06:df:ef:92:4c
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.0.7 ([192.168.0.7]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug1: Sending env LANG = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 131072
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0

declare -x DMALLOC_OPTIONS="debug=0x34f47d83,inter=100,log=logfile"
declare -x EDITOR="/bin/vi"
declare -x HISTFILESIZE="1000"
declare -x HISTSIZE="1000"
declare -x HOME="/shares/martin"
declare -x HOSTNAME="MyBookWorld"
declare -x INPUTRC="/etc/inputrc"
declare -x LOGNAME="martin"
declare -x MAIL="/var/mail/martin"
declare -x OLDPWD
declare -x PAGER="/bin/more "
declare -x PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/bin"
declare -x PS1="[\\u@\\h \\W]\\\$ "
declare -x PWD="/shares/martin"
declare -x SHELL="/opt/bin/bash"
declare -x SHLVL="1"
declare -x SSH_CLIENT="192.168.0.6 44782 22"
declare -x SSH_CONNECTION="192.168.0.6 44782 192.168.0.7 22"
declare -x SSH_TTY="/dev/pts/0"
declare -x TERM="xterm"
declare -x USER="martin"
[martin@MyBookWorld ~]$ debug1: client_input_channel_req: channel 0 rtype <email address hidden> reply 1
debug1: client_input_channel_req: channel 0 rtype <email address hidden> reply 1

Thanks! Martin

Great! So that does work now.
It looks like there are still some problems with your /etc/profile. Please double check if you copied correctly the one that posted in #12. Probably there is a line with a single 'export' which causes these 'declare -x ...' and 'export PATH...' line at the bottom is also missing.

Alternative you can download an copy that directly on your MyBook:
ssh root@192.168.0.7
cd /tmp
wget https://gist.github.com/Germar/17c9dc1eb378f1524fdb/download
tar xvzf download
mv gist17c9dc1eb378f1524fdb-aabd033228826c333cf2d8e831f27ed4d6b379e6/etc_profile /etc/profile
chown root:root /etc/profile
chmod 644 /etc/profile

Regards,
Germar

The command 'mv gist..../etc_profile /etc/profile' must be one line. Launchpad wrapped that line.

I am relatively sure that the /etc/profile was copied across but anyway I followed your instructions to successfully copy from yours (I had to use --no-check-certificate on the wget command). For good measure I have rebooted the WhiteLight. However, still

martin@martin:~$ ssh martin@192.168.0.7 cp --help
BusyBox v1.1.1 (2009.12.24-08:39+0000) multi-call binary

Usage: cp [OPTION]... SOURCE DEST

If you want to throw in the towel on my case at this stage please feel free!

Yours, Martin

Not at all. We are close to finish ;-) and I think I found the missing part. Please try:
ssh martin@192.168.0.7
echo "PATH=/opt/bin:/opt/sbin:/usr/bin:/bin:/usr/sbin:/sbin" > /shares/martin/.ssh/environment
chmod 600 .ssh/environment
exit
ssh root@192.168.0.7
/opt/bin/nano /etc/sshd_config
     search for the line '#PermitUserEnvironment yes' and remove the trailing #
     if this is not in there just add 'PermitUserEnvironment yes' at the bottom
     press CTRL+O and CTRL+X
/etc/init.d/S50sshd restart
exit
ssh martin@192.168.0.7 cp --help

Regards,
Germar

Yay! Thank you Germar, that was the final fix! Phew (says you)...

Now I need to test with BIT to see if I can back up - finally! - over ssh (which I'm sure I will be able to do). I have upgraded to Ubuntu 13.04 and there are not yet an appropriate package at https://launchpad.net/~bit-team/+archive/stable

Once I have tested with BIT I will report back to you.

With warm regards, Martin

Yay! Great! :-)
I'll immediately change the FAQ before I forget again what was missing.

That's right. Packages for raring are missing. They'll come with the next release. Till then you can create your own packages with:
sudo apt-get install bzr gettext fakeroot
bzr branch lp:backintime -r 839
cd backintime
rm -f *.deb
fakeroot ./makedeb.sh
sudo dpkg -i backintime-common*.deb backintime-notify*.deb backintime-gnome*.deb #or if you use KDE backintime-kde4*.deb
sudo apt-get install -f

Kind regards,
Germar

Hi Germar

Many thanks - I am now running my first BIT backup over ssh to the WhiteLight. If all goes well I will then test the edited FAQ, or at least the parts I need to use, to set up another user in the house to backup to the drive.

Yours gratefully, Martin