balena account ssh pub key automatically insert into config.json image?

I read some of the posts about people having issues with non balena-cli SSH connections and when trying to connect directly to Host OS with ssh -p 22222 root@device they got permission denied because of public-key not being in the .ssh/authorized_keys file… which can get the key from the config.json file…

I understand that users need to know how to properly set up/configure/generate their id_rsa and key pair, making sure the pub key is in the balena account preferences SSH keys section, and manually inserting this pub key in the resin-boot/config.json file’s sshKeys array by manually creating this section:

	"os": {
		"sshKeys": ["ssh-rsa PUBKEYHERE"]

It works of course, but I am wondering why the process of app/balena image creation doesn’t automatically insert the balena account holders public ssh key(s) into the config.json for you?

I can’t at the moment think of a reason why the public key(s) which is meant to be public of course, isn’t automatically inserted for normal users upon this balena image generation process so that the user doesn’t have to manually edit the config.json file and insert this sshKeys section and all of that, for all the devices the user wants to have SSH access to…
If it’s a security reason, again, the public key is meant to be public so it’s not like it will make any difference if the SD card with the balena image is used outside of your control since the private key for this pub key remains on your computer, no one except the computer with the private key will be able to SSH to it anyway…

Thanks for any input on this.

I personally find this idea quite neat. I imagine it as an option with a checkbox for including it when downloading an image. I am going to pass this for further discussion internally and we will get back to you with more information.

There is an ongoing related feature request ( to which I linked your request. Those will most probably be implemented all at once.

1 Like

Thanks for forwarding internally…
I knew I couldn’t be the only one who thought this would be a neat idea. :slightly_smiling_face:
Is that GitHub issues link public? It’s giving me a 404 error…


Oops! That’s indeed a private repo so you won’t be able to see the github issue! I have internally linked it to this forum thread though - so when we have an update on that we will update this thread as well.