Skip to content

ssh-setup.md

Latest commit

 

History

History
135 lines (88 loc) · 3.36 KB

ssh-setup.md

File metadata and controls

135 lines (88 loc) · 3.36 KB

SSH Server Setup for Fleet Members

Enable SSH on remote machines so they can be registered with register_member.

Windows

Windows is the most involved. Run all commands in PowerShell as Administrator.

1. Install OpenSSH Server

# Check if already installed
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH.Server*'

# Install it
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Or: Settings > Apps > Optional Features > Add a feature > OpenSSH Server.

2. Start sshd and enable on boot

Start-Service sshd
Set-Service -Name sshd -StartupType Automatic

3. Firewall rule

The installer usually creates this, but verify:

# Check
Get-NetFirewallRule -Name *ssh*

# Create if missing
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

4. Admin user gotcha

If your user is in the Administrators group, SSH ignores ~/.ssh/authorized_keys. Keys must go in:

C:\ProgramData\ssh\administrators_authorized_keys

And the file needs restricted permissions:

# Add your public key
Add-Content C:\ProgramData\ssh\administrators_authorized_keys "ssh-ed25519 AAAA... you@host"

# Fix permissions (must be owned by SYSTEM/Administrators only)
icacls C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r /grant "SYSTEM:(F)" /grant "Administrators:(F)"

5. Verify

From another machine:

ssh user@windows-host "echo ok"

macOS

1. Enable Remote Login

System Settings > General > Sharing > Remote Login (toggle on).

Or via terminal:

sudo systemsetup -setremotelogin on

2. Verify

ssh user@mac-host "echo ok"

Linux (Ubuntu/Debian)

1. Install and start

sudo apt install openssh-server
sudo systemctl enable --now ssh

2. Verify

ssh user@linux-host "echo ok"

Jetson / Embedded Linux

Usually pre-installed. Just confirm it's running:

sudo systemctl status sshd

If not running:

sudo systemctl enable --now sshd

Troubleshooting

Symptom Cause Fix
Connection refused sshd not running Start the service (see above)
Permission denied Wrong password or key not deployed Check ~/.ssh/authorized_keys on target; on Windows admin users, check administrators_authorized_keys (see above)
Connection timed out Firewall blocking port 22 Add inbound rule for TCP/22
Windows: key auth not working for admin user Keys in ~/.ssh/authorized_keys are ignored for admin accounts Move keys to C:\ProgramData\ssh\administrators_authorized_keys and fix permissions
Host key verification failed Host key changed (reinstall, new machine) ssh-keygen -R <host> to clear old key