How to login directly?


#1

my device is parallela, and i have completed the entire setup via “git push”. and i can see my device on the dash board.

i can see port 48484 and 22222 opened, how to go there directly? port 22222 seemed to be ssh-based…


#2

Hi,

Unfortunately we don’t expose the ability to access the device directly, rather the production image is designed to be accessed via resin.io.

Port 22222 is available for access via our production systems rather than user access, but good spot :smile:

Best, Lorenzo


#3

it is not understandable by me: why is user not able to access it directly from their own internal network, but it is ok to access it from the public network?

problem is security…in all possible sense


#4

Hey,

We use our private key to gain access to the device, so it’s not feasible that a remote attacker could gain access to the device using this port.

You can gain access to the container running on the device using our web terminal, or by running your own ssh server within the container.

Best, Lorenzo


#5

hey @tthtlc, just some further information comments on this (way after the fact, sorry!)

  • the key deployed on the device is for a select group of admins and for the resin proxy service to connect to the device
  • one way you can disable remote access by removing the relevant “authorized_keys” file from the host os partition on the SD card, or replace it with your own. Removing the resin device key will disable the web terminal and resin sync functionality, everything else should work fine.
  • another way is that you are able to do a custom build of the hostOS from our yocto source code (it’s open on our github), and add your own authorized_keys file there for the build, then use that image for deployment. It’s more manual setup in the beginning, but I guess more repeatable than the previous step.

Hope this addresses some of your immediate security concerns, and really happy to talk about the requirements you have. We take these issues very seriously, and aware that the deployment requirements can be quite different between users. The default setup is more a general use case balancing concerns and ease of use, while making it possible for advanced users to deploy exactly the way they’d like it.

Also, the port 22222 is accessing the hostOS system, there’s not much (or anything) that should be adjusted there in general. If you’d like to enable SSH access to the container, check out the resin-openssh or resin-openssh-passwordless projects!


#6

@imrehg what is the password? I temporarily changed the ‘authorized_keys’ file and replaced it with my own. I tried password ‘resin’: Permission denied (publickey,password).


#7

@jdaniellhebert since this reply comes a year after the previous comment, would be good to have some context. Which resinOS version are you using? Is it managed device (connected to resin.io), or is it the open source unmanaged resinOS version? How exactly are you trying to connect to the device? (which commands)