ThinLinX Support > ThinLinX Help Desk > Knowledgebase

Search help:

How can I SSH / get root access to a TLXOS device?


For security reasons, no local user account in TLXOS has a password, including the root account, so it is not possible to access to an interactive root shell by any means that involves password entry.  Passwordless sudo access is tightly restricted to operationally essential commands only, so you cannot get a root shell via sudo either.

The only way that you can get root access on a TLXOS device is via SSH key trust.  This means that before you can SSH to a device, you must use TMS (or Tlxconfig, but TMS is more convenient) to install an SSH public key, and then use the corresponding private key when connecting.

To do this on Windows, first download and install PuTTY.  The run PuTTYgen, and do the following:

  1. Select RSA (or anything other than SSH-1, really, but RSA keys are short and easily manageable).
  2. Press the Generate button, then wave your mouse around in the area below the progress bar until key generation completes.
  3. Type a passphrase in the Key passhrase and Confirm passphrase textboxes.  You can omit this, but this means that anyone who has access to your private key will be able to use it, which is not good security practice.
  4. Click the Save private key file to save the private key in PuTTY's own PPK format.
  5. Right-click in the text field labelled Public key for pasting into OpenSSH authorized_keys file and choose Select All.
  6. Run Notepad, and use <Ctrl>v to paste the public key text into the Notepad window.
  7. Use Notepad's File->Save As menu option to save the public key.  It doesn't matter what filenme you use, but something ending in ".pub" is customary.
  8. You can then use TMS' File->Install File option to upload the SSH public key that you have saved to TLXOS clients.

Start PuTTY, go to Connection->SSH->Auth, click Browse and select the PPK file that you saved in step (4).

Now go to Connection->Data and enter "root" in the Auto-login Username field.

Finally, go to Session, enter "tlxos" as the saved session name, and then press Save.

TMS will automatically use a saved session named "tlxos" when you select the SSH option via the right-click menu.  TMS will assume that you are using PuTTY on Windows (in either C:\Program Files\PuTTY or C:\Program Files (x86)\PuTTY) and ssh otherwise.  If you are using Linux or Mac OS rather than Windows, you'd need to create your saved session named "tlxos" in ~/.ssh/config instead.

To avoid having to enter your passphrase all the time, you'll want to use Pageant (or ssh-agent on Linux or Mac OS).  To avoid having to remember to start Pageant, you can run Regedit add a REG_SZ value to HKCU\Software\Microsoft\Windows\CurrentVersion\Run to automatically launch Pageant and load your PPK file (via file type association).  If you don't feel comfortable editing the registry directly, the alternative way to do that is to create a shortcut to your PPK file and place it in C:\Users\<your-username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup.

The Linux equivalent of this is to add an "ssh-add" command to your ~/.bash_profile (your X11 session manager will launch ssh-agent, so there's no need to add that).

The end result of all of this is that you will only ever be prompted for your PPK file passphrase once when you log in, and whenever you use TMS' convenient right-click action to SSH as root to a TLXOS device, it will just log you straight in with no questions asked.

Related articles OpenVPN support limitations
Changing system language / correcting RDP keyboard layout
How can I protect clients from rogue/unauthorized TMS servers?
What is the sudo password?
How can I reconfigure TLXOS while an app is running / what are the keyboard shortcuts?
Article details
Article ID: 7
Category: Frequently Asked Questions
Date added: 2019-05-28 23:41:48
Views: 2913

« Go back