Balena ssh fails with Permission denied (publickey)


#1

open-balena is used in the backend.
I can login and get information about a specific devices using balena-cli :
$ balena device 79a1dd9
== HIDDEN SKY
ID: 8
DEVICE TYPE: imx6ul-var-dart
STATUS: idle
IS ONLINE: true
APPLICATION NAME: imx6ulApp
UUID: 79a1dd9c1bacdc79661d1afd31e7c52b
COMMIT: fc2e2716d8c8913ae434a0f05f9ed713
SUPERVISOR VERSION: 8.6.3
OS VERSION: balenaOS 2.28.0+rev2
DASHBOARD URL: https://dashboard.mydomain.com/devices/79a1dd9c1bacdc79661d1afd31e7c52b/summary

But when try to ssh to host BalenaOS :
$ balena ssh 79a1dd9 -s
Connecting to: 79a1dd9
root@ssh.devices.mydomain.com: Permission denied (publickey).


#2

Hi @rlev

Use the development version, login and take a look at authorized keys on device:

$ vi ~/.ssh/authorized_keys_remote

It will be empty I’m pretty sure. I have this exact same issue and am trying to work what key should be included and at what point it should be created on the open-balena host, and how it is added to device.

I suspect the authorised pub key that needs to be added is from the open balena host but it is unclear if this needs to be generated manually or exists after executing setup script to create certificates etc.

Hopefully open balena team will be back from holidays soon and be able to shed more light on this.

Cheers
Chris


#3

Just a little further background on this. I have tried adding SSH key with:

$ balena key add Main ~/.ssh/id_rsa.pub
BalenaRequestError: Request error: Unauthorized

Also listing keys doesn’t work with:

$ balena keys
BalenaRequestError: Request error: Internal Server Error

Other cli commands for listing devices, viewing logs, and modifying applications are working with this openBalena instance.

This might be a bigger issue than I thought. Can probably work out how to manually add a key to the right spot, will let you know if I work it out @rlev .

In the meantime this will probably have to wait for a patch along with all of the other cli issues when using openBalena instance.

Cheers
Chris


#4

Thanks for your insights @dash.