Raspberry Pi OpenELEC SSH Key login

           

Recently I had the need to have access using SSH for various administrative tasks at home from remote places. The best option I found was to use my Raspberry Pi as SSH server and create a NAT rule in my router to give access to from Internet. At a first glance, this should not be a problem. I have a Raspberry Pi active 24/7 with OpenELEC installed, that I use as home file server and multimedia center, so I went to the OpenELEC services menu and activated SSH.

The problem is that OpenELEC comes with a preconfigured password, and there is no way to change it because it is "hardcoded" in the readonly partition, so if you want to change the default value, you have to recompile a modified image from sources. The other way to authenticate is using SSH keys, so I installed my pubkey in the authorized_keys file at ~/.ssh, disabled password logins and... and...

And it didn't worked at all...

I double checked my keypair files, the key and authorized_keys file permissions, and nothing. After googling a bit, and doing some tests I finally found the problem.

First of all, check that .ssh directory and authorized_keys file have only owner read write permissions

-rw------- 1 root root .ssh
-rw------- 1 root root .ssh/authorized_keys

Next create a link in your .ssh directory called authorized_keys2 pointing to your current authorized keys (this step maybe it is not needed, but usually is a good idea to create this link for compatibility)

# cd ~/.ssh
# ln -s authorized_keys authorized_keys2

All of that checked, we go to the root of the problem: the directory where we have our home directory in OpenELEC has wrong owner and permissions. You only have to execute the following commands in an SSH session:

# chown root.root /storage
# chmod 755 /storage

And that's all. Disable password logins and you should be able to login in your OpenELEC Raspberry Pi using SSH keys.