Issue with SSH Access in Development Mode on Balena Devices

mamoen · October 27, 2023, 8:23am

Hi everyone,

We’ve encountered an issue regarding SSH access in development mode. Our setup involves using devices in development mode with SSH keys added in the config.json file. This approach is intended to streamline the transition to production mode while still providing SSH access to non-Balena users on production devices.

Issue Encountered: From our understanding, when a device is in development mode, SSH access should not require SSH keys. However, we’ve found that even in development mode, if an SSH key is specified in the config.json file, the device seems to ignore the developmentMode flag and continues to enforce SSH key authentication.

Questions:

Is this behaviour expected, i.e., does specifying an SSH key in the config.json override the development mode’s typical non-key SSH access?
If this is expected, are there any recommended workarounds to maintain easy SSH access in development mode while still preparing for a seamless switch to production mode?

Thanks!

mpous · October 27, 2023, 9:34am

Hello @mamoen good question!

Yes! this behaviour is expected. By default development mode enables unauthenticated SSH logins unless custom SSH keys are present, in which case SSH key access is enforced.

Also, development mode provides serial console passwordless login as well as an exposed balena engine socket to use in local mode development.

To move to production mode, did you try to change "developmentMode": true to false?

On the other hand, this feature request matches your second question? SSH Key management in BalenaCloud · Balena Roadmap

Let me know if this works!