Using key pair to ssh into FX30

is there a way to use a keypair to ssh into the FX30?
We would also like to remove the auto-login feature, this is to prevent people from logging in and copying our app.
What is the best way to do so?

Hi @claudio.baldini ,

We have the similar topic matching with your request. Please refer to below for detail.

Thanks,

cheers @Donald we would also need to completely eliminate the possibility of logging to the device without the key-pair, so no user or root should be able to get into to device and to see/read/copy the binary.

I have also seen a possible problem and requirement to switch back to a different user before a firmware update:
IMPORTANT: Since the owner of /home/root is ‘appfwupdateService’ by default, for safety reasons you shoud switch back to this user and default permissions (755) before doing a firmware update.

We would need to remotely download the firmware and this may not be possible/easy to achieve…

Hi @claudio.baldini ,
You can disable user logins by changing the dropbear configuration in /etc/default/dropbear

I recommend you build your own yocto image with the change applied within your workspace. If you manually modify the file, it will be present in the overlay and subject to being deleted upon factory reset via the pushbutton.

BR,
Chris

ok, we are using the system build with legato, so possibly I can modify it manually (/etc/default/dropbear), backup the file and then to implement it into my system to be downloaded to the target when I download the app to it?

It’s not clear from your statement how to plan to implement the change.

Some options are:

  1. Add a recipe into a yocto workspace and build the full image, including your application
  2. Add the dropbear configuration within you Legato app (make sure you also restart dropbear)
  3. Manually perform the change which is subject to factory reset

BR,
Chris