The StarTech StarView SV1110IPEXT is a great little KVM-over-IP which runs Linux. However, it doesn't have a mechanism to allow SSH public key authentication. I couldn't resist poking it to see if I could make it use SSH public keys for authentication, though. I've reported this to StarTech as an enhancement request, but in the mean time I've found the following works.
First of all, you need to realize that doing the following may void your warranty, and is totally unsupported by either tummy.com, ltd. or StarTech. If you end up breaking your KVM, you get to keep both parts. This worked for me on the version of the firmware that I have on my box.
The idea here is that you can set up SSH public key authentication on the StarView so that you don't have to use password-based authentication to access the KVM. I use the following command to access the KVM:
vncviewer -bgr233 -via root@kvm localhost:0
With the following lines in my "~/.ssh/config" file on my machine:
Host kvm HostName <IP Address of KVM> LocalForward 5900 127.0.0.1:5900
The config above allows me to run a simple command (which I've set up in a shell script in my personal "bin" directory as "kvm") to gain access to the KVM. This uses SSH to encrypt the VNC connections.
By following the directions below, I'm able to gain access using to the KVM using SSH public key authentication. Note that there's a setting in the StarView about whether to trust SSH tunneled connections, that needs to be on for the above to work.
Here's what you need to do to set up the SSH public key authentication:
ssh root@<kvm IP address> mount -o remount,rw /dev/mtdblock/4 /setup mkdir .ssh cat >.ssh/authorized_keys <paste in SSH public keys> <Control-D> chown root . .ssh .ssh/authorized_keys mount -o remount,ro /dev/mtdblock/4 /setup exit
On a reboot, the home directory for root will be chowned back to a different user ID, so on a reboot you have to run the following commands:
mount -o remount,rw /dev/mtdblock/4 /setup chown root . mount -o remount,ro /dev/mtdblock/4 /setup exit
You should be able to make it so that on a reboot you don't have to do the chown by adding the above commands to the "/etc/rc" file, but I wanted to be less intrusive so I haven't tested this. If this works, please let me know.comments powered by Disqus