When flashing balenaOS to a device, it’s possible to add an SSH key to be able to SSH or tunnel into production devices, which is awesome. But I have some doubts about the security of this and maybe you guys can help me out.
We’re looking at the ability to add an SSH key after flashing the device. When a device is provisioned with cloudBalena/openBalena and the software is downloaded, the first thing it does is register itself with our server. So the device gets registered to our server, gets a serialnumber and sets the name of that device to that serialnumber on cloudBalena/openBalena. It also recieves a public and private key for communicating to our server. So far so good.
Now we want to generate an SSH key for that device and add that to the OS. Using 1 SSH key for all of our devices isn’t something that I see as very secure. Once that SSH key is compromised, someone can get into all of our devices using SSH. That’s the reason we want to generate an unique SSH key per device. For us, it’s more work to SSH into a device, because we have to locate the SSH key and use that for communication, but I think that’s better than just using 1 SSH key. But I’m here to learn, so if anyone can convince me that it’s not more secure, I’m all ears!
And the reason why we’re not generating the SSH key beforehand and also provisioning our device beforehand (like changing the config.json for the flash file)? That’s because we want to flash our devices with just 1 image. Creating an image per device is time consuming and not very efficient for our production process. And because we’d like to use the EtcherPro when it’s released!
Thanks in advance!