SSH: Password-less Access to Remote Linux* Target
Introduction
For some oneAPI applications, you must configure a password-less SSH connection for the root user on the target system; for example:
- IoT applications that use the MRAA/UPM sensor library
- Any application that interacts with system resources that require su, sudo, or root access
- Any tool that requires remote root or sudo access to your target system
When you finish the configuration steps below you will be able to “ssh into” your remote Linux target from your host development system without a password prompt, as a normal (non-root) user or as a root user.
For an introduction to SSH and how SSH keys work, see SSH Essentials: Working with SSH Servers, Clients, and Keys.
NOTE:
Password-less access works only when you connect to your target system from your host development system with a matching private SSH key. Attempting to connect from a different host system will still require a password.
Configure Password-less SSH Access
These instructions apply to:
- Host development system: Linux*, Windows*, or macOS*
- Target system: Linux
Set up an .ssh directory
On your host development system:
- Open a terminal session (CMD window on Windows) and CD to your home directory.
- Enter the following commands to create an .ssh directory, set the proper permissions, and CD into the new .ssh directory.
At a Windows CMD prompt
> %HomeDrive% && cd %HomePath% > mkdir .ssh > cd .ssh
At a Linux terminal (bash) prompt
$ cd ~ $ mkdir -p .ssh $ chmod 700 .ssh $ cd .ssh
Step 3: Generate keys and copy to the target system
NOTE:
From this point forward the instructions apply to all host development systems (Windows, Linux, and macOS).
- To generate a default-named RSA key pair with an empty passphrase (that is, do not provide a passphrase when asked), enter:
$ ssh-keygen -t rsa
- To copy the new public key to your target system's non-root user home folder, enter the following, where:
username = the name used to access the target and target = the IP address or the network hostname of the target
You should be prompted for the non-root user password for your target device.
$ scp id_rsa.pub username@target:id_rsa.pub $ ssh username@target $ cd ~ $ mkdir -p .ssh $ chmod 700 .ssh $ cat ~/id_rsa.pub >>.ssh/authorized_keys $ chmod 600 .ssh/authorized_keys $ exit
Step 4: Confirm that a password is no longer required (non-root)
Follow this step to confirm that a password is no longer required for your non-root user.
- To display the target's system information strings, including the target's hostname as the second field in the output, enter:
ssh username@target uname -a
Step 5: Configure password-less access to root on your target
- To login to the non-root user on the target using SSH and switch to the root user using sudo, enter:
$ ssh username@target $ cd ~ $ sudo -E bash
Note that the sudo command should prompt you for your target system's non-root user password.
- To copy the public key that you transferred to the non-root user account on the target into the root user's authorized keys file, enter:
$ mkdir -p /root/.ssh $ chmod 700 /root/.ssh $ cat ./id_rsa.pub >>/root/.ssh/authorized_keys $ chmod 600 /root/.ssh/authorized_keys
- Exit twice, first from the sudo bash session, second from the ssh connection:
$ exit $ exit
Step 6: [Optional] Check your progress
To test the root connection for your target, enter:
$ ssh root@target ls -a
You should see a directory listing of all files located in the /root folder on your target, without the need for a login prompt.
Next: Create a New Connection and Connect to Your Target
For instructions to create a new connection, view existing connections, and connect to your target, see Connecting to Your Board Using an SSH/TCF Agent Connection.
Notes
- Password-less access works only when you connect to your target system from your host development system with a matching private SSH key. Attempting to connect from a different host system will still require a password.
- Make sure that you have created a project for Linux targets, and that this project is selected in the Project Explorer.
Parent topic: Next Steps