Passwords - best practice?

edpgcooper · February 11, 2022, 5:05pm

Our system runs on a Raspberry Pi 3B+ with Raspberry OS Lite. At the moment we have a production process where a unique password is generated for each device and logged securely, this allows an engineer to access the device over ssh on site locally as needed.

As I understand it when using mender.io it’s not possible to define a unique password for each device? I’m considering the following

Create a very secure password for the pi user thats used on all our future images.
Generate an ssh key pair for deployment - keep these secure.
Disable ssh password login

In future engineers would just need the ssh key to login on site. We could presumably push out new keys and delete old ones via mender.io updates?

eystein · February 16, 2022, 7:13pm

Hello @edpgcooper ,

If you need to have remote access, then you might want to use the Troubleshoot add-on, and it’s Remote terminal, File transfer features in particular (instead of SSH): Remote Terminal | Mender documentation. Then you can manage user access on the Mender server instead of having passwords on the devices.

Though the unique configuration case is covered by another add-on: Configure. Configure | Mender documentation. Presently it does not encrypt the value strings, so this is something you can consider to do for credentials (and then decrypt them on the device).

Let us know your thoughts, hope it helps!

Topic		Replies	Views
Mender-connect local ssh General Discussions	5	896	September 24, 2021
Autoprovision multiple existing devices without board integration General Discussions mender-client , preauthorization	6	330	January 31, 2023
How to generate TenantToken for Production Mender Server General Discussions	4	611	July 31, 2019
Securing IoT software deployments with Mender and NXP EdgeLock™ SE050 Mender nxp	1	3894	June 8, 2022
Understanding Device Auth General Discussions	4	465	November 22, 2019

Passwords - best practice?

Related Topics