Get Started with the Intel® oneAPI IoT Toolkit for Linux*

ID 766883
Date 12/16/2022
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

SSH: Password-less Access to Remote Linux* Target

Introduction

For some oneAPI applications, you must configure a password-less SSH connection for the root user on the target system; for example:

  • IoT applications that use the MRAA/UPM sensor library
  • Any application that interacts with system resources that require su, sudo, or root access
  • Any tool that requires remote root or sudo access to your target system

When you finish the configuration steps below you will be able to “ssh into” your remote Linux target from your host development system without a password prompt, as a normal (non-root) user or as a root user.

For an introduction to SSH and how SSH keys work, see SSH Essentials: Working with SSH Servers, Clients, and Keys.

NOTE:
Password-less access works only when you connect to your target system from your host development system with a matching private SSH key. Attempting to connect from a different host system will still require a password.

Configure Password-less SSH Access

These instructions apply to:

  • Host development system: Linux*, Windows*, or macOS*
  • Target system: Linux

Set up an .ssh directory

On your host development system:

  1. Open a terminal session (CMD window on Windows) and CD to your home directory.
  2. Enter the following commands to create an .ssh directory, set the proper permissions, and CD into the new .ssh directory.

    At a Windows CMD prompt

    > %HomeDrive%  &&  cd %HomePath%
    > mkdir .ssh
    > cd .ssh
    

    At a Linux terminal (bash) prompt

    $ cd ~
    $ mkdir -p .ssh
    $ chmod 700 .ssh
    $ cd .ssh

Step 3: Generate keys and copy to the target system
NOTE:
From this point forward the instructions apply to all host development systems (Windows, Linux, and macOS).
  1. To generate a default-named RSA key pair with an empty passphrase (that is, do not provide a passphrase when asked), enter:

    $ ssh-keygen -t rsa

  2. To copy the new public key to your target system's non-root user home folder, enter the following, where:

    username = the name used to access the target and target = the IP address or the network hostname of the target

    You should be prompted for the non-root user password for your target device.

    $ scp id_rsa.pub username@target:id_rsa.pub 
    $ ssh username@target
    $ cd ~
    $ mkdir -p .ssh
    $ chmod 700 .ssh
    $ cat ~/id_rsa.pub >>.ssh/authorized_keys
    $ chmod 600 .ssh/authorized_keys
    $ exit
    
Step 4: Confirm that a password is no longer required (non-root)

Follow this step to confirm that a password is no longer required for your non-root user.

  1. To display the target's system information strings, including the target's hostname as the second field in the output, enter:

    ssh username@target uname -a

Step 5: Configure password-less access to root on your target
  1. To login to the non-root user on the target using SSH and switch to the root user using sudo, enter:

    $ ssh username@target
    $ cd ~
    $ sudo -E bash
    

    Note that the sudo command should prompt you for your target system's non-root user password.

  2. To copy the public key that you transferred to the non-root user account on the target into the root user's authorized keys file, enter:

    $ mkdir -p /root/.ssh 
    $ chmod 700 /root/.ssh 
    $ cat ./id_rsa.pub >>/root/.ssh/authorized_keys 
    $ chmod 600 /root/.ssh/authorized_keys

  3. Exit twice, first from the sudo bash session, second from the ssh connection:

    $ exit
    $ exit
    
    

Step 6: [Optional] Check your progress

To test the root connection for your target, enter:

$ ssh root@target ls -a

You should see a directory listing of all files located in the /root folder on your target, without the need for a login prompt.

Next: Create a New Connection and Connect to Your Target

For instructions to create a new connection, view existing connections, and connect to your target, see Connecting to Your Board Using an SSH/TCF Agent Connection.

Notes

  • Password-less access works only when you connect to your target system from your host development system with a matching private SSH key. Attempting to connect from a different host system will still require a password.
  • Make sure that you have created a project for Linux targets, and that this project is selected in the Project Explorer.