For six months now, I have been a bad person. Love can make a person do funny things: to make compromises, to re-evaluate one’s own principles. In my case, it was the love of my Cr-48. It is sleek and lightweight, simple and not fancy. I do not ask for much and in return it gave me the two things I really ever needed in a laptop operating system: a web browser and SSH.
As attractive as the Cr-48 is, it blinded me to a major flaw in its SSH client. It lacked any and all support for SSH keys. I overlooked this flaw and made a compromise; I decided to allow password authentication on my home server, exposing my poor little machine to the evils that lurk in the dark corners of the internet. Fear not, I have since re-disabled passwords. I would like to say that it was because I learned my lesson and repented from my slovenly ways, but I am not disabling password authentication because it is the right thing to do. It is rather that Chrome OS now supports SSH keys.
SSH key support has been available in Chrome OS since at least before May, but it was not until today that I noticed it. There is no SSH agent, and the syntax to use a key while connecting to a host is a little annoying, but these are some freedoms I am willing to give up for security.
From crosh, the Chrome OS terminal, this is how I discovered the ability to use SSH keys:
The next few sections will be a step by step setup guide for using keys on SSH.
Generate a Public/Private Key Pair
I generated the keys on my home server. Your syntax may vary.
Add Public Key to Server
After the keys are generated, the public key needs to be appended to the SSH authorized keys listing.
Add Private Key to Chromebook
I copied the public and private keys from my SD Card to my Downloads directory. To open up the file browser, hit ctrl + m.
Establish SSH Connection
Even though the SSH help mentions a
-i option, I cannot seem to get it to
work, and I am stuck with the following syntax:
Shut Off Password Authentication
Finally, lets secure this sucker.
Set “PasswordAuthentication no”.
(Secure Shell Public/Private Key Pairs)