SSH Connection: Password-less Access to a Remote Linux* Target Device

Introduction

For some Intel System Studio applications, you must configure a password-less SSH connection for the root user on the target system; for example:

  • IoT applications that use the MRAA/UPM sensor library
  • Any application that interacts with system resources that require su, sudo, or root access
  • Any tool that requires remote root or sudo access to your target system

When you finish the configuration steps below you will be able to “ssh into” your remote Linux target from your host development system without a password prompt, as a normal (non-root) user or as a root user.

For an introduction to SSH and how SSH keys work, see SSH Essentials: Working with SSH Servers, Clients, and Keys.

Note

Password-less access works only when you connect to your target system from your host development system with a matching private SSH key. Attempting to connect from a different host system will still require a password.

Configure Password-less SSH Access

These instructions apply to:

  • Host development system: Linux*, Windows*, or macOS*
  • Target system: Linux

Step 1: (Windows only)

If you are a Windows user, confirm that you have OpenSSH for Windows or an equivalent version of ssh, scp and ssh-keygen installed on your host development system. Before you continue, see Prerequisite for Windows Hosts Only for instructions.

Step 2: Set up an .ssh directory

On your host development system:

  1. Open a terminal session (CMD window on Windows) and CD to your home directory.
  2. Enter the following commands to create an .ssh directory, set the proper permissions, and CD into the new .ssh directory.

    At a Windows CMD prompt

    > %HomeDrive%  &&  cd %HomePath%
    > mkdir .ssh
    > cd .ssh
    

    At a macOS or Linux terminal (bash) prompt

    $ cd ~
    $ mkdir -p .ssh
    $ chmod 700 .ssh
    $ cd .ssh

Step 3: Generate keys and copy to the target system

Note

From this point forward the instructions apply to all host development systems (Windows, Linux, and macOS).
  1. To generate a default-named RSA key pair with an empty passphrase (that is, do not provide a passphrase when asked), enter:

    $ ssh-keygen -t rsa

  2. To copy the new public key to your target system's non-root user home folder, enter the following, where:

    username = the name used to access the target and target = the IP address or the network hostname of the target

    You should be prompted for the non-root user password for your target device.

    $ scp id_rsa.pub username@target:id_rsa.pub 
    $ ssh username@target
    $ cd ~
    $ mkdir -p .ssh
    $ chmod 700 .ssh
    $ cat ~/id_rsa.pub >>.ssh/authorized_keys
    $ chmod 600 .ssh/authorized_keys
    $ exit
    
Step 4: Confirm that a password is no longer required (non-root)

Follow this step to confirm that a password is no longer required for your non-root user.

  1. To display the target's system information strings, including the target's hostname as the second field in the output, enter:

    ssh username@target uname -a

Step 5: Configure password-less access to root on your target
  1. To login to the non-root user on the target using SSH and switch to the root user using sudo, enter:

    $ ssh username@target
    $ cd ~
    $ sudo -E bash
    

    Note that the sudo command should prompt you for your target system's non-root user password.

  2. To copy the public key that you transferred to the non-root user account on the target (Step 3: Generate keys and copy to the target system) into the root user's authorized keys file, enter:

    $ mkdir -p /root/.ssh 
    $ chmod 700 /root/.ssh 
    $ cat ./id_rsa.pub >>/root/.ssh/authorized_keys 
    $ chmod 600 /root/.ssh/authorized_keys

  3. Exit twice, first from the sudo bash session, second from the ssh connection:

    $ exit
    $ exit
    
    

Step 6: [Optional] Check your progress

To test the root connection for your target, enter:

$ ssh root@target ls -a

You should see a directory listing of all files located in the /root folder on your target, without the need for a login prompt.

Next: Create a New Connection and Connect to Your Target

For instructions to create a new connection, view existing connections, and connect to your target, see Connecting to Your Board Using an SSH/TCF Agent Connection.

Notes

  • Password-less access works only when you connect to your target system from your host development system with a matching private SSH key. Attempting to connect from a different host system will still require a password.
  • Make sure that you have created a project for Linux targets, and that this project is selected in the Project Explorer.

Prerequisite for Windows Hosts Only

Before following the instructions in Configure Password-less SSH Access, you must have OpenSSH for Windows or an equivalent version of ssh, scp and ssh-keygen installed on your Windows system.

The OpenSSH for Windows tool recommended below is a small collection of open-source command- line tools (no GUI).

Note

To avoid having drivers or background services added to your Windows system, install only the Client component, as directed below.
Step 1: Determine if the prerequisites are already installed
  1. To determine if you already have ssh, scp, and ssh-keygen installed, enter the following commands at the Windows CMD prompt:

    > where ssh
    > where scp
    > where ssh-keygen
    

  2. Determine your next step based on the responses to the commands, as summarized below.

    Note that the number of responses and paths can vary.

Response Next Step
INFO: Could not find files for the given pattern(s) Continue to Step 2: Install OpenSSH for Windows below.
> where ssh
C:\Windows\System32\OpenSSH\ssh.exe
C:\Program Files\OpenSSH\bin\ssh.exe
> where scp
C:\Windows\System32\OpenSSH\scp.exe
C:\Program Files\OpenSSH\bin\scp.exe
> where ssh-keygen
C:\Windows\System32\OpenSSH\ssh-keygen.exe
C:\Program Files\OpenSSH\bin\ssh-keygen.exe

The prerequisites are installed .

Follow the instructions in Configure Password-less SSH Access to configure your host and target for SSH access.

Step 2: Install OpenSSH for Windows
  1. Download the installer from the OpenSSH for Windows website. To find the correct installer link on the website, scroll down and look for a table similar to the following example.

    The exact version numbers in the name of the installer may vary from those shown in the example. Download the most recent version that is available on the page.

  2. Install OpenSSH for Windows. During the installation:
    1. On the Choose Components window, clear the Server check box.
    2. Make sure the Client check box is selected.
    3. Accept the remaining defaults.



    4. Click Next.

    The installer automatically adds ssh, scp and ssh-keygen to your Windows path.

  3. When the installation is complete, follow the instructions in Configure Password-less SSH Access to configure your host and target for SSH access.
Para obtener información más completa sobre las optimizaciones del compilador, consulte nuestro Aviso de optimización.