Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update ssh key instructions #1540

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update ssh key instructions #1540

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions shared/general/container-ssh.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,14 @@ You may either import an existing SSH key from GitHub or manually enter the publ

If you do not have an existing key, you can follow [GitHub's documentation][github-ssh], skipping the step about adding the key to your GitHub account, and instead adding the key to your {{ $names.cloud.lower }} account.

Once you have added a key your your account, you should also add an entry for `ssh.balena-devices.com` to your `~/.ssh/config` file so that the `balena ssh` command knows to use this key:
Copy link
Contributor

@pdcastro pdcastro Jan 20, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let me start with: Thank you for the contribution! 👍

you should also add an entry for ssh.balena-devices.com to your ~/.ssh/config file

Hmm, this is not usually necessary though. I am considering two possibilities:

  1. You meant to have a simple / standard setup with a single key for all hostnames, but balena ssh didn't work for you until you added ssh.balena-devices.com to ~/.ssh/config. In this case, we should debug what went wrong and fix it, so that it works without extra configuration in ~/.ssh/config, and we might then document "watch out for xxx"...

  2. You have a complex setup with separate ssh keys for multiple hostnames, and deliberately chose to use a different key for balena / ssh.balena-devices.com. I understand that ssh key configuration is a step that many users struggle with even in the simple scenario of a single ssh key for all hostnames, so I'd be wary of documenting extra setup steps that would become extra opportunity of misconfiguration and failure. If the intention was to document the steps for this complex setup case, then I would suggest adding a separate section in this document that had a title such as:

## Using a separate ssh key for balena (advanced and optional)

If you need to use a separate ssh key for balena than the ssh key(s) you use for
other services, ...

By the way, in this second scenario, we should keep in mind that balena ssh supports Windows as well, with shells like PowerShell or cmd.exe, and the built-in ssh client provided by Microsoft. Does the ~/.ssh notation even works in cmd.exe? Maybe it does, but it's something that needs confirmation before we document this configuration.

Copy link
Author

@imron imron Jan 21, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the second setup. I have separate ssh keys for separate services, and without the entry in the .ssh/config file it doesn't use the correct key.

The windows version of ssh provided by Microsoft supports the ~/.ssh notation, with ~ being mapped to %USERPROFILE%.

I'll update shortly with a separate section.


```shell
Host ssh.balena-devices.com
User <USER>
IdentityFile ~/.ssh/<PRIVATE_KEY>
```

## Using a standalone SSH client

If you prefer to use a standalone SSH client to connect to the device, the SSH server on a device listens on TCP port `22222`. While development images have passwordless root access enabled, production images require an SSH key to be added to the `config.json` file.
Expand Down