Unable to SSH locally into Raspberry Pi

Hi there. I can see that a similar question has been asked, but I’m not sure that I understand the respones.
So, I have a Raspberry Pi3B+ locally, it has the balenaOS 2.83.21+rev1 installed and is managed via the console. So far so good.

But what I want to be able to do is to SSH into the Pi locally.
If I try standard ssh on the Mac, nothing happens (because it’s not listening on port 22).
If I change it to ssh -p 22222 [local-ip-address], I get:

The authenticity of host ‘[local-ip-address]:22222 ([local-ip-address]:22222)’ can’t be established.
ECDSA key fingerprint is SHA256:[Key removed].
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added ‘[local-ip-address]:22222’ (ECDSA) to the list of known hosts.

I say yes, and I can see that the key has been added to the hosts.
If I try to ssh, (seems it only responds if I use sudo), I see this:
root@local-ip-address: Permission denied (publickey).

I don’t have an SSH key (other than what was added automatically into /Users/user/.ssh/known_hosts

Does anyone have any idea where I’m going wrong?


Hey @mattanorak, did you flash your device with a production or development image? Currently only development images have local root SSH access with no password.

If it’s a production image you’ll need an SSH key generated, and added to your balenaCloud account. You can follow the instructions here, that further direct you to the Github instructions for key generation.

Once you have an SSH key generated and added to balenaCloud, you can SSH into a production device with your balenaCloud username.

ssh -p 22222 <balenaCloud username>@<local-device-ip>

Do NOT use root/sudo for these commands, as your SSH key will be generated under your username and sudo/root will not see those keys.

The easiest method to get SSH access is by installing the balena CLI: balena CLI Documentation - Balena Documentation

Thanks, @klutchell - I’ll give that a try tonight and let you know how I get on (Yes, I flashed with a Production image).


Hmm, I must have done something wrong. I followed all the steps, then imported from Github and I can see the imported key in my Balena Cloud console, but when I try to ssh to the device from my Mac, using:

ssh -p 22222 <mybalenacloudusername@mydomain.com>@<local-device-ip>

I get:

mybalenacloudusername@mydomain.com@local-device-ip: Permission denied (publickey).

(I am, of course replacing mybalenacloudusername@mydomain.com and local-device-ip with the real values :slight_smile:

Hi, could you try to explicitely point ssh to the correct private key to use, like:

ssh -p 22222 -i </path/to/private/key> <mybalenacloudusername@mydomain.com>@<local-device-ip> 

It might be it is trying to use the keys from a mybalenacloudusername user.

Thanks, Alex. I get the same thing with this:
mybalenacloudusername@mydomain.com @ local-device-ip : Permission denied (publickey).

I can ssh using:
balena ssh <instance_id> main
but I suspect that’s not local.

Hey @mattanorak, you are correct that balena ssh UUID main is not local and it’s tunnelled via our proxy, but at least you’ve confirmed your keys are registered correctly in the dashboard!

Can you try the local command again, but make sure to use your balena Dashboard username? It should be visible when clicking on your profile photo in the top right. If you created your account using your existing Github credentials your username should start with gh_. For example my username is gh_klutchell.

# for example, if my device is at and my username is gh_klutchell
ssh -p 22222 gh_klutchell@

Thanks, @klutchell - that did the trick - once I realised that my user name is the system generated user name that I can’t change!

All sorted. Thank you!