How to configure and enable the integrated SSH server

This article describes the required steps for the initial configuration and usage of the built-in SSH server.

Note: In the following example, it will be assumed that your device either has a working ADB USB interface or a working network connection with a local IP address

Article overview

Enable ADB connections
Setup key-based authentication
Disable ADB connections
Enable SSH connections

Enable ADB connections

To setup the ADB tools for your PC, please refer to the section SDK Platform Tools in the official documentation.

For devices with support for ADB via USB

  1. Please enable the USB Debugging feature in Settings > Developer options.
  2. Connect the USB cable to your device and make sure it is detected by ADB:
 > adb devices

For devices without support for ADB via USB

  1. Please enable the ADB over Ethernet feature in Settings > Emteria.
  2. Connect to the device using the correct IP address of your device:
 > adb connect

Setup key-based authentication

emteria.OS supports key-based authentication as a secure way to communicate over SSH.

Use generated key pair from device (since v13.3.0)

  1. Change to your .ssh directory and pull the private key from the device:
    > adb shell
    > sushell
    > cp /data/ssh/id_ed25519 /sdcard/
    > exit
    > exit
    > adb pull /sdcard/id_ed25519 my_private_key
    > adb shell rm /sdcard/id_ed25519
  2. The corresponding public key is already set up as an authorized key.

Use self generated key pair 

  1. Generate a pair of SSH keys to be used for the authentication, for example using PuTTYgen or command line. You can also set a password for the private key.
  2. Add the desired public key to the list of keys which will be allowed to establish a remote connection with this device:
    > adb push /sdcard/authorized_keys
    > adb shell
    > sushell
    > cp /sdcard/id_ed25519 /data/ssh/authorized_keys
    > rm /sdcard/id_ed25519
  3. Keep the private key secure in your .ssh folder

Note: When creating a new key pair, make sure to use the OpenSSH format as authorized_keys, which is a one-liner, e.g. ssh-rsa AAAAB...XYZ==

How to convert SSH2 formatted key to OpenSSH format

Disable ADB connections

The ADB must be disabled for devices in production, as it opens the possibility for attackers to control the system remotely. After setting up a secure SSH authentication, the ADB over Ethernet should be deactivated in Settings > Emteria.

Enable SSH connections

  1. Activate the integrated SSH server in Setting > Emteria.
  2. Establish a connection to your device using the correct IP address:
 > ssh -i my_private_key root@
rpi3:/ # id
uid=0(root) gid=0(root) groups=0(root), context=u:r:sshd:s0

Tip: If the connection cannot be established, use -vvv option to see verbose logging