Knowledgebase
ThinLinX Support > ThinLinX Help Desk > Knowledgebase

Search help:


How can I SSH / get root access to a TLXOS device?

Solution

For security reasons, no local user account in TLXOS has a password, including the root account, so it is not possible to access to an interactive root shell by any means that involves password entry.  Passwordless sudo access is tightly restricted to operationally essential commands only, so you cannot get a root shell via sudo either.

The only way that you can get root access on a TLXOS device is via SSH key trust.  This means that before you can SSH to a device, you must use TMS (or Tlxconfig, but TMS is more convenient) to install an SSH public key, and then use the corresponding private key when connecting.

To do this on Windows, first download and install PuTTY.  The run PuTTYgen, and do the following:

  1. Select RSA (or anything other than SSH-1, really, but RSA keys are short and easily manageable).
  2. Press the Generate button, then wave your mouse around in the area below the progress bar until key generation completes.
  3. Type a passphrase in the Key passhrase and Confirm passphrase textboxes.  You can omit this, but this means that anyone who has access to your private key will be able to use it, which is not good security practice.
  4. Click the Save private key file to save the private key in PuTTY's own PPK format.
  5. Right-click in the text field labelled Public key for pasting into OpenSSH authorized_keys file and choose Select All.
  6. Run Notepad, and use <Ctrl>v to paste the public key text into the Notepad window.
  7. Use Notepad's File->Save As menu option to save the public key.  It doesn't matter what filenme you use, but something ending in ".pub" is customary.
  8. You can then use TMS' File->Install File option to upload the SSH public key that you have saved to TLXOS clients.

You'll then need to configure PuTTY to use the PPK file that you saved in step (4) and the username "root".  I haven't yet finished detailed instructions with screenshots for doing that, sorry.

For convenience, you can right mouse click on a device row in the TMS display and use the provided "SSH to Device" option.  TMS looks for PuTTY (Windows) or SSH in standard locations, and if present will launch it using a profile named "tlxos", so you should create a "tlxos" profile (in PuTTY or ~/.ssh/config) that is associated with the private key that you intend to use and that uses username "root".

To avoid having to constantly re-enter your SSH private key pass phrase, you should also configure Pageant/ssh-agent to load the private key when you log in to the TMS server.  On Windows, you can do this by either creating a shortcut to your PPK file and placing it in C:\Users\<your-username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, or by adding a REG_SZ entry to the HLKM\Software\Microsoft\Windows\CurrentVersion\Run key with the full pathname to your PPK file as its value; either of these will load the key into Pageant.exe via file type association - and prompt you for the pass-phrase, once only - at logon.

Related articles OpenVPN support limitations
Changing system language / correcting RDP keyboard layout
How can I reconfigure TLXOS while an app is running / what are the keyboard shortcuts?
Article details
Article ID: 7
Category: Frequently Asked Questions
Date added: 2019-05-28 23:41:48
Views: 1839

 
« Go back