ostroproject/ostro-os

Can't connect via SSH on pre-built images

dangpzanco opened this issue · 2 comments

Hello,

I have followed the tutorial Adding Authorized Keys for Remote ssh Access, I have my pair of public and private keys and they work just fine by following the "Build-Time Configuration of Authorized Keys" section.

I've had some problems with building an image and I wanted to try the pre-built ones, but I don't have a serial cable. Instead, I tried adding the public key manually by accessing the SD Card.

By the way my target platform is the Galileo Gen 2.

So, step by step, what I did:

  1. Download the prebuilt image ostro-image-swupd-all-intel-quark.dsk.xz

  2. Burn it to the SD Card

    sudo -E bmaptool copy ostro-image-swupd-all-intel-quark.dsk.xz /dev/mmcblk0

  3. Generate the public/private key pair

    ssh-keygen -t rsa -b 4096 -C daniel@daniel-ubuntu

  4. Copy the public key

    sudo -E cp ~/.ssh/id_rsa.pub /media/daniel/<sd_card_id>/home/root/.ssh/authorized_keys

  5. Boot the Galileo Gen 2 and try connecting via SSH (its IP is fixed on the router), but this happens:

daniel@daniel-ubuntu:~$ ssh root@10.0.0.100
The authenticity of host '10.0.0.100 (10.0.0.100)' can't be established.
RSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.100' (RSA) to the list of known hosts.
root@10.0.0.100's password: 
Permission denied, please try again.
root@10.0.0.100's password: 
Permission denied, please try again.
root@10.0.0.100's password: 
Permission denied (publickey,password).

This doesn't make much sense to me... Is there a way to enable the root password on by modifying some files on the SD Card? Why is my public key being denied? Are there any other users with default passwords which I could try?

Thank you very much for your attention,

Daniel

I guess this is issue with IMA. Touching the .ssh/authorized_keys file content after image creation making it inaccessible.

The workaround is the other way, after booting the image, 'scp' your public key file from your developer machine(assuming that your machine runs ssh server), and add that key to board's '.ssh/authorized_keys'. Now you can ssh to your board.

roor@intel-quark:~# scp user@<developer_machine_ip>:~/.ssh/id_rsa.pub .
roor@intel-quark:~# cat id_rsa.pub >> .ssh/authorized_keys

@dangpzanco if you're doing your own build, try define OSTRO_ROOT_AUTHORIZED_KEYS = "ssh-rsa AAAAB3N ... .." in your local.conf

The other solution is to copy your pubkey to authorized_keys yourself (similar to what @avalluri says) after first boot...

echo "<your-public-key-here>" >> ~/.ssh/authorized_keys