[OE-core] how to *securely* do a remote install of an OE image?

Robert P. J. Day rpjday at crashcourse.ca
Tue Feb 28 15:20:02 UTC 2017


On Tue, 28 Feb 2017, Patrick Ohly wrote:

> For ssh keys, there's rootfsdebugfiles.bbclass. In local.conf:
>
> INHERIT += "rootfsdebugfiles"
> ROOTFS_DEBUG_FILES += "/home/pohly/.ssh/id_rsa.pub ${IMAGE_ROOTFS}/home/root/.ssh/authorized_keys ;"
>
> This copies my id_rsa.pub into authorized_keys and thus let's me log
> into images that I create via ssh.

  this has definite potential, but i'm about to check whether the
person/entity that builds the image vs. the person/entity that does
the install vs. the person that eventually logs into the new system to
finish setting up could potentially be different.

  there's a *possibility* that remote installation might be done by a
distributor, after which someone else might need to do the first
login to finish the setup, which would complicate things immensely.

  i don't know that this is what will happen, but i'm about to run off
and ask about possibilities.

rday

-- 

========================================================================
Robert P. J. Day                                 Ottawa, Ontario, CANADA
                        http://crashcourse.ca

Twitter:                                       http://twitter.com/rpjday
LinkedIn:                               http://ca.linkedin.com/in/rpjday
========================================================================




More information about the Openembedded-core mailing list