Home > Computer, Howto > Howto synchronize Tomboy with custom SSH server

Howto synchronize Tomboy with custom SSH server

This Howto describes a way to set up client and server to let Tomboy synchronize its notes with your SSH-server ‘myserver.com’, and optionally to share these notes across multiple clients. It is written for Linux clients (ubuntu 11.04) and a Linux server (ubuntu 10.04) with root access via ‘ssh’. However, it should work out similarly for other Linux derivates.

The seven easy steps I present here are:

  1. Preliminaries
  2. Create remote user ‘tomboy’
  3. Test new user ‘tomboy’ and create data directory
  4. Create and install private/public key
  5. Configure Tomboy
  6. Disable password-login for user ‘tomboy’ at server
  7. Configure Tomboy on additional clients

And here we go with the details (for user ‘peter’)…

  1. (Preliminaries)
    At the client, the package ‘sshfs’ must be installed to allow Tomboy to connect via ssh at all:

    peter@myclient:~$sudo apt-get install sshfs
  2. (Create remote user ‘tomboy’)
    At the server, create a new user ‘tomboy’ including some home-directory.

    peter@myserver:~$sudo adduser tomboy

    In the interactive dialog, you might choose some silly password (we will disable it later anyway) and use defaults for all other values.

  3. (Test new user ‘tomboy’ and create data directory)
    Test the new user login by logging into the server as ‘tomboy’. Create some directory ‘data’ as root directory for all Tomboy-data:

    peter@myclient:~$ssh tomboy@myserver.com
    tomboy@myserver:~$mkdir data
  4. (Create and install private/public key)
    At the client, create a new private/public key pair by:

    peter@myclient:~$ssh-keygen

    In the interactive dialog, choose as file ‘/home/peter/tomboy@myserver.com’. The password can be left empty, if it is ok that anyone who has the private key file can access the server as tomboy.

    This generates two files: ‘/home/peter/.ssh/tomboy@myserver.com’ and ‘/home/peter/.ssh/tomboy@myserver.com.pub’, corresponding to the private and the public key, respectively. We have to install the public key on the server. We might do this manually (by copy&paste into remote’s ‘~/.ssh/authorized_keys’ or by using the following tool at the client:

    peter@myclient:~$ssh-copy-id -i ~/.ssh/tomboy@myserver.com.pub tomboy@myserver.com

    We use the silly password from above for this step.

  5. (Configure Tomboy)
    Now we can already configure Tomboy (Properties…) to use ssh:

    1. if necessary, activate Add-Ins -> Synchronization -> SSH Sync Server Add-In
    2. at the sync-tab, type the servername (‘myserver.com’), the user (‘tomboy’) and the directory (‘data’)
    3. save the settings. The first sync process should quit successfully
  6. (Disable password-login for user ‘tomboy’ at server)
    Finally (in fact, optionally), we might drop the ability to access ‘tomboy@myserver.com’ via ssh by just a password at all, and require to have the private key installed. Therefore, on the server, edit ‘/etc/ssh/sshd_config’ as root and add to its end (!) the following lines:

    Match User tomboy
        PasswordAuthentication no

    This disables the password authentication for the tomboy user only. Note that this should be placed at the end, because *all lines* started from ‘Match User tomboy’ are ignored for any other user than tomboy.
    Remotely load the changes to the ssh-server by:

    peter@myserver:~$sudo /etc/init.d/ssh reload

    On the client-side, you might have to re-login to let the changes take effect. You can check if a login is still possible, by:

    peter@myclient:~$ssh tomboy@myserver.com

    This should login as tomboy at the server without prompting for a password (if none was set for the private key). Or, just try to sync again with tomboy.

  7. (Configure Tomboy on additional clients)
    If you did not disable the password-login, you can enable Tomboy on additional clients to access your notes by performing the steps 1, 4 and 5 exactly as above. Otherwise, step 4 (creating a new private/public key pair on the additional client and adding its public key to the server for user ‘tomboy’) is no longer possible, since you can no longer login as ‘tomboy’ by password on the server to add the new public key.
    However, instead of step 4, you can just re-use the same private key on all additional clients by placing a copy of both the private key and the public key files ‘~/.ssh/tomboy@myserver.com[.pub]’ in the ‘~/.ssh’ directory of the additional client. You should make sure that the file permissons of the private key copy is still restricted to user-visibility (‘chmod 600 ~/.ssh/tomboy@myserver.com’), since otherwise it is not accepted as a private key. The copy of the public key beside the private key is needed to auto-detect this key on ssh-login.
    If you run into trouble, try manually adding this private key to the ssh-cache by ‘ssh-add ~/.ssh/tomboy@myserver.com’, and check the verbose output of ssh by ‘ssh tomboy@myserver.com -v’.

Final note:
Further, it might be a good idea to backup the ‘/home/tomboy/data’ directory on the server-side once in a while (to a place where user ‘tomboy’ has no privileges) by some cronjob.

Advertisements
Categories: Computer, Howto Tags: , , ,
  1. September 6, 2012 at 3:02 am

    Hi there, is this the same as using Dropbox to share a folder among computers? Also, will this work with the Android app, “tomdroid” (https://launchpad.net/tomdroid)?

    • September 7, 2012 at 6:40 pm

      Well, in fact ‘sshfs’ it is somehow similar (and it even exists for android): it enables you to mount a server-side directory into your local file system (transfer encrypted via ssh), so you can access it just as if it were a local directory, write to it, delete files, etc. All these things are immediately carried out to the remote directory. So, there is no local duplicate of the remote directory (and accessing it needs to be online). As far as I know, dropbox, ubuntu one, etc. maintain a separate local directory, which contains its own files even offline, and which is synchronized here and then against the remote directory.

      So, I think it should be possible to install sshfs on android, let it mount the remote directory into your local file system, and use this local (virtual) directory for your tomdroid. But this would run into trouble, as soon as e.g. the PC and your android access this remote directory at the same time, so this is strictly not recommended in a multi-client system!

      The correct way would be like the tomboy-plugin in ubuntu handles it: your notes are stored locally in some directory on your harddisc. Every 10 minutes or so, the plugin (like dropbox & co) mounts the remote directory, writes some lock-file into it (to ensure that only one client accesses it at a time) and performs the synchronization file transfers.

      Thus, you need the same ssh-plugin for android as there exists for ubuntu, but I don’t know if it exists on android (although it should not be too hard to port it, since all the byte-transfer itself is already implemented by sshs).

      Independently of this ssh-plugin, there is some work on its own ssh-support in tomdroid (according to google search ‘tomdroid ssh’), but it is not yet implemented (?). Hopefully, this plugin organizes the data within the remote directory (e.g. the lock file) in the same way as the original ssh-tomboy-plugin for the pc.

      So, in fact I have a lot of words but no clear answer 🙂

  2. Hubert Toullec
    January 24, 2013 at 9:21 pm

    HI,
    I followed your tutorial : very easy, and it worked on 1st try for the 1st computer client. But I cannot get it to work on a second computer client following your “final notes”. I get the errror message “Timeout connecting to server. Please ensure that your SSH key has been added to a running SSH daemon.”
    I do not clearly understand what that last sentence means !
    Any help ?

    • January 25, 2013 at 7:45 am

      Try ssh’s verbose mode to get more information on the error: ‘ssh tomboy@myserver.com -v’

      I suppose that you increased the file permissions during copying the file. The ssh-client does not accept private key files for authentication if they are visible to other users as well. Thus, run ‘chmod 600 ~/.ssh/tomboy@myserver.com’ on the copied file to decrease its file permissions to user-visibility only.

      But, well, this would not explain the ‘timeout’ error message. Does the timeout message occur directly on logging in, or just after a while? Perhaps it might help to add the line ‘ServerAliveInterval 60’ to the client’s ‘/etc/ssh/ssh_config’, see here: http://ocaoimh.ie/2008/12/10/how-to-fix-ssh-timeout-problems/

      • Hubert Toullec
        January 25, 2013 at 9:03 am

        I finally ound the solution, after carefully reading and re-reading this error message and some SSH docs. It is necessary to add the key to the SSH cache and the following command does the trick : ssh-add ~/.ssh/tomboy@myserver.com (after, as you mention it, a chmod 600 on the key file)
        I suppose that, on the 1st client, the ssh-keygen implies an automatic ssh-add

        • January 25, 2013 at 9:58 am

          Thank you for posting the solution, I will add it to the tutorial!

          • Hubert Toullec
            January 27, 2013 at 5:42 pm

            Seahorse (Gnome) automatically add the key to the cache if *BOTH* key files, public and private, are copied into the ~/.ssh directory of 2nd client and no need after that to do and ‘ssh-add keyfile’ after each reboot !
            In my first attemps, I only copied the private key, hence the problem !!

            • January 30, 2013 at 6:55 am

              Well, thank you again! In fact, I also copied both the private key and the public key (so it worked for me), but I wrongly supposed that copying the private key alone should already work.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: