i made a script for node-js, that can deploy new ssh keys to a defined group of devices. Its a little bit hacky and you need node-js and the balena-cli to run it. But maybe somebody else help that tool or you have some good ideas, how to improve that tool.
To the background. With the balena-sdk i load a list of all devices. Then the tool use the
balena tunnel command to open a proxy tunnel to the device, logs in with ssh and loads the
config.json over the stdout. Unfortunately I was not able to use scp for that. After that the tool add the keys to the local version of the config.json and writes then the config again over stdout back and command the device to reboot.
Disclaimer: The tool modifies the
config.json on your device. That is not without danger. I tested the tool at first with devices, that I can access. A damaged
config.json can lead to a device, that is not able to connect to the VPN again.
It’s nice to see custom tools being developed.
I do want to point out that configizer from the Balena team is a thing that allows safe-ish modifications to
config.json, including SSH keys.
I have not tried it out with
There may be reasons for developing your own tool, but at the very least it’s a good learning experience to look at the way they set up their tool.
Correct me, if i’m wrong, but you can’t use
balena ssh with
openBalena. So the the
configizer, that use that command, won’t work with
But maybe I can adapt parts of that tool. So I will look into it. Or maybe somebody had experience in use that tool for
you can’t use balena ssh with openBalena
You should be able to use balena ssh even if you are using openBalena. What was the error you got when you tried this?
Also, see the instructions for using balena-cli with openBalena
@wolf_karl if you are up for trying out open-balena-admin I recently added functionality where you can use custom SSH keys via the web interface. When you connect to a device via
balena ssh, or using plain old
ssh, just provide the username which you added the keys (ie
ssh username@deviceip -p 22222) and it will pull the custom keys for that user automagically from the balena API. You’ll also need to provide the matching private key to connect.
I can adapt parts of that tool. So I will look into it. Or maybe somebody had experience in use that tool for