Skip to main content

How do I connect to the BB-400 using SSH Keys?

Connecting securely without a password to BB-400 over SSH on Windows, Mac OSX and Linux

As a follow up to the previous article on 'connecting to SSH using a username, hostname and password', this article will cover connecting over SSH using SSH Keys.

SSH keys are a public key with a matching private key. The private key is stored on the computer from which the connection originates, (i.e. your computer, the client) and the matching public key is stored on one or more BB-400s (the servers) which are to be connected to. When a connection is initialised, an encrypted channel is established over which the client proves to the server its identity using the private key to encode information, which the server can decode with the public key.

This mechanism is much more secure than SSH with a password, as public and private keys are extremely difficult to guess compared to user-generated passwords. It is also more convenient than using a password, as the SSH client will automatically use the private key to login to a server, rather than request a password on each login.

Before using any method detailed below you will need to know 3 pieces of information about the BB-400:

  • Host name: by default bb400-aaaa where aaaa are the last 4 characters of the MAC address
  • User name: by default bb
  • Password: by default aaaa where aaaa are the same last 4 characters of the MAC address. This will only be required once. On Windows a graphical user interface (GUI) will be used to demonstrate SSH with SSH keys. On Mac OSX and Linux the terminal will be used.

Connecting to BB-400 using SSH Keys on Windows

  1. Download WinSCP from the official website: https://winscp.net/eng/download.php, and follow the installation steps.
  2. Download the Windows Installer version of PuTTY from the official website: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html, and follow the installation steps.

Setup SSH keys in Windows

  1. Open WinSCP from the Windows Start Menu, click Tools and Run PuTTYgen: WinSCP Login dialog with Tools menu open and Run PuTTYgen option highlighted
  2. In PuTTyGen, click Generate: PuTTY Key Generator window with the Generate button highlighted to create a new RSA 2048-bit key pair
  3. Move the mouse around the PuTTyGen window to aide random number generation: PuTTY Key Generator showing green progress bar during random key generation from mouse movement
  4. A public and private SSH key pair has been generated in PuTTyGen. Copy the public key into your BB-400 by opening a web browser, logging into the BB-400 admin webpage, and accessing the webpage>users>bb webpage. Click the + button next to Authorized Public SSH Keys. Copy the public key from the highlighted section of PuTTYgen, and paste it into the highlighted section of BB-400 web admin, and click Add Key:PuTTYgen public key copied into BB-400 web admin Add Public Key dialog, with COPY and PASTE annotations highlighted
  5. Confirm the public key has been copied by reviewing it in the BB-400 web interface: BB-400 web admin user account page showing the authorized public SSH key successfully added for user bb
  6. From PuTTyGen save the public and private key to a local folder on the Windows machine: PuTTYgen Save Public Key button highlighted with Windows Save dialog open to save id_rsa.pub file PuTTYgen Save Private Key button highlighted with Windows Save dialog open to save id_rsa.ppk file
  7. Exit PuTTYgen. In WinSCP, add the BB-400 hostname and username. Click on Advanced, then SSH>Authentication and put the path to the private key file in the box highlighted below: WinSCP Login with hostname bb400-76ca and username bb highlighted, Advanced Site Settings open to SSH Authentication with private key file path highlighted

Exit Advanced and save the WinSCP site setup.

Use SSH keys in Windows to BB-400

  1. Login to the BB-400 using WinSCP with SSH-keys: WinSCP Login dialog with saved BB-400 site bb@bb400-76ca selected and Login button highlighted
  2. WinSCP will open the connection to the BB-400, and from there, a terminal can be opened to the command line with PuTTY by clicking on the highlighted icon.WinSCP file browser connected to BB-400 with PuTTY terminal open showing successful SSH key login to bb400-76ca

The set up is now complete! It is now possible to login to the BB-400 over SSH using WinSCP or PuTTY without a password. Other methods of SSH communication are available in Windows, for example by using PowerShell or Linux Subsystem for Windows.

Connecting to BB-400 using SSH Keys on Mac OSX and Linux

This section will cover connecting to a BB-400 using Mac OSX and Linux. Both typically have SSH on their command lines without the need to install any additional software. The commands for both systems are the same, with one exception, on Mac OSX the suffix .local must be added to the hostname of the BB-400 for the device to be found on the network.

Setup SSH keys in Linux and Mac OSX

Open a terminal:

  • In Mac OSX, go to: Applications > Utilities > Terminal.app
  • In Linux, open your favourite terminal application. On the command line, type: ssh-keygen
LinuxMac OSX
Linux terminal running ssh-keygen command, generating RSA 2048-bit key pair with randomart image outputMac OSX Terminal running ssh-keygen command, generating RSA 2048-bit key pair with randomart image output

Agree to the default settings for the key generation, and if required, add a passphrase. A pair of SSH keys have now been generated and saved to their default location in your user folder:

LinuxMac OSX
Linux terminal showing ssh-keygen output and ssh-add confirming identity added from ~/.ssh/id_rsaMac OSX Terminal showing ssh-keygen output and ssh-add confirming identity added from ~/.ssh/id_rsa

Type ssh-add to ensure the SSH keys have been added to your machine user identity:

LinuxMac OSX
Linux terminal running ssh-copy-id bb@bb400-76ca, showing 2 keys added successfully to the BB-400Mac OSX Terminal running ssh-copy-id bb@bb400-76ca.local, showing 1 key added successfully to the BB-400

Copy the SSH public key over to the BB-400 by typing into the command line ssh-copy-id bb@bb400-aaaa (Where 'aaaa' represents the last 4 characters of the BB-400 Mac Address found on the back panel). The shell will ask for a password (as the key has not been copied yet).

Use SSH keys in Linux and Mac OSX

To test the setup type ssh bb@bb400-aaaa to initiate an SSH session with the BB-400:

LinuxMac OSX
Linux terminal showing successful passwordless SSH login to BB-400 via ssh-copy-id, displaying Debian GNU/Linux welcome messageMac OSX Terminal showing successful passwordless SSH login to BB-400 via ssh bb@bb400-76ca.local, displaying Debian GNU/Linux welcome message

The setup is now complete. The computer will always use SSH keys to login, and never request a password from now on.

This article has demonstrated how to set up and configure SSH keys in Windows, Linux and Mac OSX, allowing you to login to a BB-400 without the need to type in a password. This method is both more secure, and more convenient. It also allows command line applications to be scripted that automatically login to a BB-400 to complete a task, e.g. updating with the latest software over a local network.

In high risk environments it may be good practice to disable the typed-in password and only allow SSH keys for login. However the trade off is the key must be kept securely, and possibly backed up, so there is reduced risk of losing access to the device.