Your Linux Data Center Experts

The StarTech StarView SV1110IPEXT is a great little KVM-over-IP which runs Linux. However, it doesn't have a mechanism to allow SSH public key authentication. I couldn't resist poking it to see if I could make it use SSH public keys for authentication, though. I've reported this to StarTech as an enhancement request, but in the mean time I've found the following works.

First of all, you need to realize that doing the following may void your warranty, and is totally unsupported by either, ltd. or StarTech. If you end up breaking your KVM, you get to keep both parts. This worked for me on the version of the firmware that I have on my box.

The idea here is that you can set up SSH public key authentication on the StarView so that you don't have to use password-based authentication to access the KVM. I use the following command to access the KVM:

vncviewer -bgr233 -via root@kvm localhost:0

With the following lines in my “~/.ssh/config” file on my machine:

Host kvm
   HostName <IP Address of KVM>
   LocalForward 5900

The config above allows me to run a simple command (which I've set up in a shell script in my personal “bin” directory as “kvm”) to gain access to the KVM. This uses SSH to encrypt the VNC connections.

By following the directions below, I'm able to gain access using to the KVM using SSH public key authentication. Note that there's a setting in the StarView about whether to trust SSH tunneled connections, that needs to be on for the above to work.

Here's what you need to do to set up the SSH public key authentication:

ssh root@<kvm IP address>
mount -o remount,rw /dev/mtdblock/4 /setup
mkdir .ssh
cat >.ssh/authorized_keys
<paste in SSH public keys>
chown root . .ssh .ssh/authorized_keys
mount -o remount,ro /dev/mtdblock/4 /setup

On a reboot, the home directory for root will be chowned back to a different user ID, so on a reboot you have to run the following commands:

mount -o remount,rw /dev/mtdblock/4 /setup
chown root .
mount -o remount,ro /dev/mtdblock/4 /setup

You should be able to make it so that on a reboot you don't have to do the chown by adding the above commands to the “/etc/rc” file, but I wanted to be less intrusive so I haven't tested this. If this works, please let me know.

comments powered by Disqus

Join our other satisfied clients. Contact us today.