I read some of the posts about people having issues with non balena-cli SSH connections and when trying to connect directly to Host OS with ssh -p 22222 root@device they got permission denied because of public-key not being in the .ssh/authorized_keys file… which can get the key from the config.json file…
I understand that users need to know how to properly set up/configure/generate their id_rsa and id_rsa.pub key pair, making sure the pub key is in the balena account preferences SSH keys section, and manually inserting this pub key in the resin-boot/config.json file’s sshKeys array by manually creating this section:
"os": {
"sshKeys": ["ssh-rsa PUBKEYHERE"]
}
It works of course, but I am wondering why the process of app/balena image creation doesn’t automatically insert the balena account holders public ssh key(s) into the config.json for you?
I can’t at the moment think of a reason why the public key(s) which is meant to be public of course, isn’t automatically inserted for normal users upon this balena image generation process so that the user doesn’t have to manually edit the config.json file and insert this sshKeys section and all of that, for all the devices the user wants to have SSH access to…
If it’s a security reason, again, the public key is meant to be public so it’s not like it will make any difference if the SD card with the balena image is used outside of your control since the private key for this pub key remains on your computer, no one except the computer with the private key will be able to SSH to it anyway…
Thanks for any input on this.
