Remove empty password login for root from balenaOS dev image

I know, dumb question, I should use the production image - for a lot of good reasons.
But sometimes you need to deploy fast and then have a hard time redeploying so…
Any idea on how to remove the “login as root via ssh without password?”
I deployed an ssh key within config.json and I can login with that as root, hence I wanted to remove the password based login.

Cheers

Nico

Hi @nmaas87,

Thanks for the feedback! Generally the recommended way to go when developing is to develop your application on an OS dev image, then deploy onto a production OS image. For your case, since you’re trying to access root faster without a password and/or remove the password, here’s a thread which might interest you: How to set up passwordless SSH access for root user - Ask Ubuntu

Also, you mentioned deploying an SSH key within config.json. You can also do so from the dashboard, which might be faster for you. See: SSH access - Balena Documentation

Let us know how it goes!

Regards,
Christina

1 Like

Thank you Christina for your friendly answer, but I did a really bad job asking what I actually wanted.
You’re absolutly right, I should use the production image, but… yeah.
I currently have a dev image rolled out in a local instance (without internet access or balenaCloud), added my ssh key to it and it works perfectly.
However, given the nature of the dev images, you can login with the user root and no password at all - even if you added an ssh key.
Now that I have a working ssh key in it, i want to remove the option to not be able to login with a the empty password for root, but only with root and my ssh key :slight_smile:
Do you have an idea on how to get it working?

I tried following:

# remount to rw
mount -oremount,rw /
# open sshd server config
vi /etc/ssh/sshd_config
# do not allow password auth and do not allow empty passwords
PasswordAuthentication no
PermitEmptyPasswords no
# restart sshd server
systemctl restart system-sshd.slice

this did not help, so I rebooted - and still could access the RPi via ssh on port 22222 with root and no password…

Any ideas :)?