Systemd Unit
Follow these five steps to set up the NoPorts daemon as a systemd unit background service
Last updated
Follow these five steps to set up the NoPorts daemon as a systemd unit background service
Last updated
First, change directories into the unpacked download:
Then run the installer:
This installer must be run as root.
After installing the systemd unit, we must configure it. This requires root privileges.
You'll then be greeted with a file that looks like this:
Replace <username> with the running sshnpd (we suggest creating service account not running as root)
Replace <@device_atsign> with the
Replace <@manager_atsign> with the
Replace <device_name> with your own for this device. You will need this value later, so don't forget it.
Add any additional config to the end of the line where sshnpd is run, some useful flags you should consider adding:
-u : "unhide" the device, sharing the username and making it discoverable by sshnp --list-devices
-s : "ssh-public-key", allow ssh public keys to be shared by sshnp and automatically authorized by sshd, saves you from dealing with ssh public key management. If multiple people use the device, we recommend leaving this off and managing ssh public keys yourself.
To see the rest of the available options run sshnpd to see the usage.
We will now activate the device address, you only need to activate the device address now. The client address will be activated later during the client installation.
Now that you have at_activate installed, you can invoke the command with the name of the address you would like to activate:
The application will pause and wait for the input of a one time pin (OTP) before you can continue. You should receive this pin to the contact information associated with the registration of your noports address (i.e. email or text message).
***If you are using a gmail.com account we have seen that sometimes the OTP gets stuck in the SPAM or PROMOTIONS folder. If you do not see the OTP check those folders.
Once you receive the message, enter the pin into the application and press enter to continue. The application should proceed to create the cryptographic keys and store them at ~/.atsign/keys/@my_noports_device_key.atKeys.
An address can only be activated once, to install this address to future devices, you must copy this file to the device (see 3.b.).
If you have activated the device address before, you must copy the address from another machine where it's been activated.
The address will be located at ~/.atsign/keys/@my_noports_device_key.atKeys. Copy this file from your other machine to the same location on the machine that you are installing sshnpd on.
Using systemctl we can enable and start the sshnpd service.
If you need to verify the status of the service:
If you want to follow the logs of the service you can with
There are a number of fiddly things to get in place for ssh to work. The first is the ~/.ssh/authorized_keysfile of the user being used to run the systemd unit.
The file needs to owned by the user running the systemd unit. Currently there is a bug in the script and this sets the user to root, which needs to be corrected if not running as root. You can do this with the following command substituting debain for your username and group.
The file also needs to be only writable by the owner, else the sshd will not allow logins. This can be checked with ls -l and corrected with the chmod command.
Once complete it should look like this.
If you decided to use the root user in the service setup you have a futher couple of steps.
Then you need to make sure that the root user is allowed to login via sshd. Whist this is not recommended you can get it working by editing the /etc/ssh/sshd_config file and removing the # on this line.
Once removed you will need to restart the sshd daemon. How to do this varies from distribution/OS so check on how to do it or reboot.
If you don't own a pair of noports addresses, please visit before continuing.
Your systemd service is ready to go, you can now proceed to , or if you've already done that, checkout our .
