DE1-SoC: Using SSH keys

Joel Bodenmann
Date : August 9, 2015
Categories : Electronics
Tags : Fpga ,Linux

The standard Linux SD-Card images that you can get for the DE1-SoC board from the Terasic website have the SSH daemon enabled by default. Through this SSH connection it is possible to log in from a remote terminal or upload files SCP. However, by default you always have to enter a password. This short guide will show how to configure the systems to use SSH keys so no passwords are needed anymore. Furthermore, we will assign a static IP to the board.

This guide is not really specific to the DE1-SoC board. The same steps can be used on any Linux running an SSH server.

Static IP

Before we start on setting up the SSH keys we want to assign a static IP to the DE1-SoC. This way we don’t have to look up it’s IP every time the IP changes. Assigning a static IP is just a matter of altering the configuration in /etc/network/interface. The DE1-SoC is connected via the ethernet jack to the network. However, the default configuration file also contains configurations for other interfaces such as a second ethernet interface and a WiFi card. We can throw out all configurations but the one for the lo and the eth0 interfaces. The following configuration file sets the IP of the DE1-SoC to 192.168.1.100:

# Internal loopback interface
auto lo
iface lo inet loopback

# Wired or wireless interfaces
auto eth0
iface eth0 inet static
        address 192.168.1.100
        netmask 255.255.255.0
        network 192.168.1.0
        gateway 192.168.1.1

Make sure that you choose the IP range suited to your network configuration.

Setting up the SSH keys

The following guide assumes that your host (desktop computer) is a Unix machine. However, everything works perfectly fine within a Cygwin environment on Windows.

Generating keys

First we have to generate an RSA public and private key pair on our host computer. This is done by using the ssh-keygen program:

ssh-keygen -t rsa

The program will ask for both a key location and a passphrase. Leaving the key location to default and not setting any passphrase will simplify later usage. You also want to make sure that permissions of the SSH keys are set so only your user can access them. This can be done by applying chmod 600 on both the public and the private file.

Uploading the key

The next step is to upload the generated public key to the DE1-SoC. This is done using SCP:

scp ~/.ssh/id_rsa.pub root@192.168.1.100:/home/root

Adding the key

Once the public key is uploaded to the DE1-SoC it is time to log in with through a remote terminal. First, we have to add the key to the autorized_keys file so the SSH server will know our key:

cat id_rsa.pub >> ~/.ssh/authorized_keys

The key has now been added to the SSH configuration and you can remove the uploaded key file from the DE1-SoC.

The last step is to tell the SSH server to use key files. This is done by adding the following entry to /etc/ssh/sshd_config:

EnableSSHKeysign yes

Connecting

Now we are ready to try out the new setup. When connecting via SSH the -2 parameter needs to be passed:

ssh -2 root@192.168.1.100

When using SCP, passing -i will tell SCP to look for the key files. When the keys are not in the standard location the path to the public key needs to be passed after this parameter:

scp -i file.txt root@192.168.1.100:/home/root