generate and use new ssh keys

main
jebba 2022-02-04 17:35:59 -07:00
parent 1fab41c5bc
commit 9e991b3c26
1 changed files with 47 additions and 0 deletions

View File

@ -134,6 +134,53 @@ total 32
-rw-r--r-- 1 root root 563 Feb 4 23:52 ssh_host_rsa_key.pub
```
Do the install with the `https://openpilot.comma.ai` URL. Make sure
you have an active SSH connection to the device before doing the install,
or you will lose SSH access. If you do an install and reboot, you lose
SSH access.
Note, after OpenPilot is installed, the `/data/params/d/GithubSshKeys`
file is gone. This file needs to be recreated before closing any SSH
sessions, or you will lose access to the device and have to start over.
Instead of using the SHARED ROOT SSH KEY used by the Comma Three, use
a unique SSH key. On the laptop:
```
user@laptop:~$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/user/.ssh/id_ed25519): /home/user/.ssh/id_ed25519-comma
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_ed25519-comma
Your public key has been saved in /home/user/.ssh/id_ed25519-comma.pub
The key fingerprint is:
SHA256:IGVxoSP4EGlmBK4gpCTn8oBlMkoVCN1ENWlfx+RK83c user@laptop
The key's randomart image is:
+--[ED25519 256]--+
|BBOB+.*oo. o. |
|XO*o.oo+ ..o |
|O=+ o.+. .o.. |
|++ o o o.. + |
|. . . S . . . E|
| . . |
| |
| |
| |
+----[SHA256]-----+
user@laptop:~$ cat ~/.ssh/id_ed25519-comma.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmI1V0P6dSatrpAgkS9rfmkM1Z1ncAVpHJlLlKrgnTw user@laptop
```
Then take that pubkey created above, and recreate the
`/data/params/d/GithubSshKeys` file on the device:
```
from="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmI1V0P6dSatrpAgkS9rfmkM1Z1ncAVpHJlLlKrgnTw user@laptop
```
Another way to do this would be to hijack DNS on your own wifi to intercept
the Comma Three's connection to github, then redirect the connection to