Logging into resinOS without internet connection

ssh

#1

I’m trying to log in into raspberry without internet to debug my app’s behaviour when there’s no connection, and I would like to figure out the proper way. The resinOS image is the one generated by resin.io. What I have noticed is resin-rootA/home/root/.ssh/authorized_keys points to /var/lib/dropbear/authorized_keys, but there is no /var/lib/dropbear folder. Am I supposed to created it and put authorized_keys with my public key into it?


#2

Our team had similar requirement as you described, and we decided to install openssh to easily ssh into our devices, with or without internet. https://github.com/resin-io-projects/resin-openssh was a great resourse.


#3

I would like to ssh directly into the host machine, because sshd is already running, it just doesn’t let me in. I wouldn’t like to mess with Dockerfile and run yet another ssh daemon, if it’s possible to do without.

@imrehg, can you please share how did you ssh into raspberry host OS while debugging the issues we were discussing in the other thread?

This is what I get so far:

$ ssh root@51a368b.local -p 22222
Permission denied (publickey).

The bonjour service on my mac claims 51a3868b.local advertises ssh access:

$ dns-sd -B _ssh._tcp .
Browsing for _ssh._tcp
DATE: ---Fri 04 Aug 2017---
 0:57:43.469  ...STARTING...
Timestamp     A/R    Flags  if Domain               Service Type         Instance Name
 0:57:43.471  Add        2   4 local.               _ssh._tcp.           51a368b

I even tried

Host 76138b8.local
  IdentityFile ~/.ssh/id_rsa

in ~/.ssh/config, but with no luck.


#4

I managed to login with https://github.com/resin-io-projects/resin-openssh approach, but I’m still curious how to log in into host OS.


#5

If you are using a .dev machine, that has the SSH port open, so you can just log in with ssh -p 22222 root@<device addres>, no password. This is only for .dev versions of resinOS, and would really recommend using the .dev for troubleshooting

And there is a /var/lib/dropbear/authorized_keys file. The symlink is using absolute path, and when you mount the SD card, then it would point to that path on your computer, obviously do not exist there, but should understood that path as from the mount mount of the SD card. So for example on my machine the card is mounted at /run/media/gergely/resin-rootA, then the file will be at /run/media/gergely/resin-rootA//var/lib/dropbear/authorized_keys.

Please note, that it’s on the host’s roofs, and that partition on production devices is not expected to be modified, thus on resinOS host updates the modifications would be lost (hence our recommendation to use .dev images for development and testing).


#6

Also, on the other thread you linked to, I did not SSH in, I used the serial console, as mentioned, which is available only on .dev devices, and used that because it’s independent of the network. Hope this helps to clear things up!


#7

If I am understanding you correctly. It is possible to do the following:

  1. Add a key to …/authorized_keys
  2. Use that to SSH into the host OS of freshly flashed SD cards
  3. Using command line tools, interface with network manager and setup/update IPs
  4. Update the host OS (assuming the original instal was an outdated version) and remove the ability for people to SSH into our devices?

If so this will actually be perfect for our remarkably specific use case.