This documentation describes the SSH Server (Secure Shell) of the @CHIP-RTOS-LNX. The goal of SSH is to replace the earlier Telnet protocol, which did not provide strong authentication or guarantee confidentiality.
- SSH-2 protocol
- dropbear compatible key format
- Shell command to generate SSH key on the IPC@CHIP®.
- Password and public key user authentication (compatible with OpenSSH ~/.ssh/authorized_keys public key authentication)
- Local and Remote TCP Forwarding support
- Support for scp
By default the SSH server is enabled with a built-in RSA key. The fingerprint for this key is:
The default user name and password is: ssh.
The user can configure the server with some SSH CHIP.INI entries.
NOTE: It is highly recommended to set own SSH server keys. The preinstalled key is only present for getting a SSH connection to the IPC@CHIP® out-of-the-box for a convenient development start-up. For key generation the internal shell command sshkeygen can be used.
Create the server key for server authentication:
Create a user, password:
- Specify a user name inside the USERx entry.
- Specify a password inside the PASSWORDx entry.
- Convert the cleartext password to a hash with the passhash command.
Create key for user public key authentication:
- For clientkey generation we suggest to use PuTTY.
- Open 'puttygen.exe'.
- Select SSH-2 RSA or SSH-2 DSA from the parameters field.
- Click the generate button.
- Save the private key.
- Copy the text from the dialog 'Public key for pasting into OpenSSH authorized_keys file'.
- Past the text into a new text file.
- Get sure that there are no line breaks.
- If you like you can add other keys to this file. Each key must be in his own line.
- Transfer this file to the IPC@CHIP®.
- Specify the filename in the USERx_KEYFILE entry.
- Specify the private key filename inside your SSH client configuration.
Enable TCP Port Forwarding:
- By default the port forwarding option is disabled.
- You have to enable LOCAL_FORWARD, if you want to tunnel incomming TCP connections to a server located on the IPC@CHIP®.
- You have to enable REMOTE_FORWARD, if you want to tunnel outgoing TCP connections to a server outside the IPC@CHIP®.