Trinux
Remote Admin

One of the questions I get a lot is whether it is possible to telnet (or ftp) to a Trinux box. The quick answer: no. Trinux does not even contain the basic UNIX utilities needed to login with a password. There is no inetd, telnetd, passwd, or even login. In fact there is only a single user: root.

However, it is possible to login using SSH. SSH is a secure protocol that provides encrypted and authenticated remote logins and is immune to most passive (sniffing) and active (hijacking) attacks--which is not the case for telnet. If you take the following steps, you will be able to remotely login to a Trinux box from either a Windows or UNIX with an SSH client.

Trinux includes the a Linux port of the OpenSSH client/server developed as part of the OpenBSD project.

NOTE: SSH does include strong crypto, so you should visit the Trinux Crypto page before downloading it.

Select the OpenSSH Packages

  • If you are using network package loading, openssh.tgz and opensshd.tgz should already be in the tux\config on the boot floppy. Just be sure the packages are on the web server that you specified in the URL in tux\config\server
  • If you are loading packages from a floppy, just make sure the two openssh packages are included in one of your package disks.

    Select an SSH Client

  • In order to connect to the Trinux ssh server, you need to install an SSH client. UNIX users can use the portable version of OpenSSH. You can also use a commercial version of SSH 1.2.x. Windows users will need to use a version of SSH that supports RSA keys. I reccomend either TTSSH or MindTerm. The latest version of PuTTY appears to support RSA authentication, but I have been unable to get it working.
  • Both of these are available at ftp://ftp.cryptoarchive.net/pub/cryptoarchive/SSH/
  • A complete list of SSH clients for a variety of platforms is available at www.freessh.org

    Generate RSA Keys

  • For better or worse, Trinux does not rely on a usernames or passwords for authentication. You must generate an RSA keypair on your client and copy your public key to the boot floppy, which when then be added to the authorized_keys file when Trinux boots.
  • Download PuTTYgen (available at http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html to generate a keypair
    1. Click on puttygen
    2. Click on generate (the 1024 default keylength should work)
    3. Move your mouse around to generate some entropy
    4. An ascii public key will appear near the top of the screen. This is what you will copy to the Trinux floppy. See below
    5. Save the private key file. Remember where it is so you can use it with TeraTerm (see below.)
  • Another Windows client that allows you to generate and RSA a keypair is MindTerm which is Java based an can actually be run as an Applet within your web browser. Whether or not you ultimately will connect to the Trinux box using Mindterm, you will want complete the following steps to generate an RSA keypair on your Windows system:
    1. Connect to the MindTerm Client signed demo, or install the Mindterm application locally. I used the applet off their web site, myself.
    2. Choose File:Create RSA Identity - use the default (1024) keylength
    3. Enter a passphrase to protect the RSA keypair. You can leave this blank if you want to login without a password. If your private key is stolen, you are out of luck, they are now you :)
    4. Remember where the key pair is saved. Mine was saved to >C:\Program Files\Netscape\Users\mfranz
    5. If you are using MindTerm, you are done on the Win32 side, all that will be left is to copy the public key to the Trinux boot floppy
  • If you are using TeraTerm, you will first install the latest TeraTerm app (there will be Setup program) and then uncompress the TTSSH zipfile the Program Files\Ttermpro directory so that when you exceute ttsh.exe you should see SSH as an option.
  • Next chooose Setup:SSH Authentication and Select "Use RSA Key to log in" and select the private key (which defaults to identity) you generated within MindTerm.
  • UNIX users should execute an ssh-keygen and the keypair will be put in ~/.ssh.

    Copy your Public Key to the Boot Floppy

  • Make a copy of the public key created by mindterm or ssh-keygen (this will most-likely be identity.pub) and rename this file to keys.
  • Copy this file to the \tux\pkg\opensshd\ directory the boot floppy
    NOTE: You can have multiple RSA keys int the keys file. What I typically do is boot Trinux, mount the boot floppy, then scp the identity.pub files from the UNIX boxes I want to connect from to Trinux. Then I append the identity.pub to /.ssh/authorized_keys if I want to be able to login without having to reboot.
  • You can also specify a key file (via URL) in /tux/pkg/opensshd/kserver so you don't have to update floppies. For example I use http://blahblah.cisco.com/tux/sshkeys and then add keys to that file when I want to let another host connect to a trinux box.