generate and use new ssh keys
parent
1fab41c5bc
commit
9e991b3c26
47
README.md
47
README.md
|
@ -134,6 +134,53 @@ total 32
|
||||||
-rw-r--r-- 1 root root 563 Feb 4 23:52 ssh_host_rsa_key.pub
|
-rw-r--r-- 1 root root 563 Feb 4 23:52 ssh_host_rsa_key.pub
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Do the install with the `https://openpilot.comma.ai` URL. Make sure
|
||||||
|
you have an active SSH connection to the device before doing the install,
|
||||||
|
or you will lose SSH access. If you do an install and reboot, you lose
|
||||||
|
SSH access.
|
||||||
|
|
||||||
|
|
||||||
|
Note, after OpenPilot is installed, the `/data/params/d/GithubSshKeys`
|
||||||
|
file is gone. This file needs to be recreated before closing any SSH
|
||||||
|
sessions, or you will lose access to the device and have to start over.
|
||||||
|
Instead of using the SHARED ROOT SSH KEY used by the Comma Three, use
|
||||||
|
a unique SSH key. On the laptop:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
user@laptop:~$ ssh-keygen -t ed25519
|
||||||
|
Generating public/private ed25519 key pair.
|
||||||
|
Enter file in which to save the key (/home/user/.ssh/id_ed25519): /home/user/.ssh/id_ed25519-comma
|
||||||
|
Enter passphrase (empty for no passphrase):
|
||||||
|
Enter same passphrase again:
|
||||||
|
Your identification has been saved in /home/user/.ssh/id_ed25519-comma
|
||||||
|
Your public key has been saved in /home/user/.ssh/id_ed25519-comma.pub
|
||||||
|
The key fingerprint is:
|
||||||
|
SHA256:IGVxoSP4EGlmBK4gpCTn8oBlMkoVCN1ENWlfx+RK83c user@laptop
|
||||||
|
The key's randomart image is:
|
||||||
|
+--[ED25519 256]--+
|
||||||
|
|BBOB+.*oo. o. |
|
||||||
|
|XO*o.oo+ ..o |
|
||||||
|
|O=+ o.+. .o.. |
|
||||||
|
|++ o o o.. + |
|
||||||
|
|. . . S . . . E|
|
||||||
|
| . . |
|
||||||
|
| |
|
||||||
|
| |
|
||||||
|
| |
|
||||||
|
+----[SHA256]-----+
|
||||||
|
|
||||||
|
user@laptop:~$ cat ~/.ssh/id_ed25519-comma.pub
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmI1V0P6dSatrpAgkS9rfmkM1Z1ncAVpHJlLlKrgnTw user@laptop
|
||||||
|
```
|
||||||
|
|
||||||
|
Then take that pubkey created above, and recreate the
|
||||||
|
`/data/params/d/GithubSshKeys` file on the device:
|
||||||
|
|
||||||
|
```
|
||||||
|
from="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmI1V0P6dSatrpAgkS9rfmkM1Z1ncAVpHJlLlKrgnTw user@laptop
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
Another way to do this would be to hijack DNS on your own wifi to intercept
|
Another way to do this would be to hijack DNS on your own wifi to intercept
|
||||||
the Comma Three's connection to github, then redirect the connection to
|
the Comma Three's connection to github, then redirect the connection to
|
||||||
|
|
Loading…
Reference in New Issue