Features
      Back to home
      1. emteria Knowledge Base | Tutorials & Troubleshooting
      2. emteria OS
      3. Features

      How to configure and enable the integrated SSH server

      This article describes the required steps for the initial configuration and usage of the built-in SSH server.

      Note: In the following example, it will be assumed that your device either has a working ADB USB interface or a working network connection with a local IP address 192.168.0.100.

      Article overview

      Enable ADB connections
      Setup key-based authentication
      Disable ADB connections
      Enable SSH connections

      Enable ADB connections

      To setup the ADB tools for your PC, please refer to the section SDK Platform Tools in the official documentation.

      For devices with support for ADB via USB

      1. Please enable the USB Debugging feature in Settings > Developer options.
      2. Connect the USB cable to your device and make sure it is detected by ADB:
       > adb devices

      For devices without support for ADB via USB

      1. Please enable the ADB over Ethernet feature in Settings > Emteria.
      2. Connect to the device using the correct IP address of your device:
       > adb connect 192.168.0.100

      Setup key-based authentication

      emteria.OS supports key-based authentication as a secure way to communicate over SSH.

      Use generated key pair from device (since v13.3.0)

      1. Change to your .ssh directory and pull the private key from the device:
        > adb shell
        > sushell
        > cp /data/ssh/id_ed25519 /sdcard/
        > exit
        > exit
        > adb pull /sdcard/id_ed25519 my_private_key
        > adb shell rm /sdcard/id_ed25519
      2. The corresponding public key is already set up as an authorized key.

      Use self generated key pair 

      1. Generate a pair of SSH keys to be used for the authentication, for example using PuTTYgen or command line. You can also set a password for the private key.
      2. Add the desired public key to the list of keys which will be allowed to establish a remote connection with this device:
        > adb push my_public_key.pub /sdcard/authorized_keys
        > adb shell
        > sushell
        > cp /sdcard/id_ed25519 /data/ssh/authorized_keys
        > rm /sdcard/id_ed25519
      3. Keep the private key secure in your .ssh folder

      Note: When creating a new key pair, make sure to use the OpenSSH format as authorized_keys, which is a one-liner, e.g. ssh-rsa AAAAB...XYZ==

      How to convert SSH2 formatted key to OpenSSH format

      Disable ADB connections

      The ADB must be disabled for devices in production, as it opens the possibility for attackers to control the system remotely. After setting up a secure SSH authentication, the ADB over Ethernet should be deactivated in Settings > Emteria.

      Enable SSH connections

      1. Activate the integrated SSH server in Setting > Emteria.
      2. Establish a connection to your device using the correct IP address:
       > ssh -i my_private_key root@192.168.0.100
       rpi3:/ # id
       uid=0(root) gid=0(root) groups=0(root), context=u:r:sshd:s0

      Tip: If the connection cannot be established, use -vvv option to see verbose logging