kb:lantime_support:instructions:lantime_ssh_public_key_authentication

LANTIME: Copying SSH Public Keys to Your Time Server

ssh public key authentication provides ssh access without having to enter a password.

With the LANTIME this basically works exactly like with any other Linux system, e.g. you first run the command

ssh-copy-id root@aa.bb.cc.dd

to copy an existing public key to the LANTIME, where it is appended to the file ~/.ssh/authorized_keys.

On normal Linux machines this is sufficient, but the LANTIME's file system is created from scratch at every boot time, so the information would get lost with the next reboot. To save the authorized_keys file and thus the saved public ssh key permanenetly across reboots additional command needs to be run as root on the LANTIME whenever a key has been changed or added.

If the LANTIME runs LTOS V6 or newer you just have to run the following command once in an ssh session on the LANTIME:

sudo saveconfig @

On older LANTIME firmware version you need to do the following steps the authorized_keys file across a reboot. First make the flash disk writeable:

make_flash_writeable

Then copy the current authorized_keys file to the flash disk:

cp ~root/.ssh/authorized_keys /mnt/flash/config/

This has to be done once initially, and repeated whenever a new key has been added to the file.

The saved file needs to be copied from the flash disk to the file system after every reboot. To achieve this we edit the file netconf.cmd to add the required command. That file is also located on the flash disk:

vi /mnt/flash/config/netconf.cmd

In the editor we append the following line:

cp /mnt/flash/config/authorized_keys ~root/.ssh/

and then save the edited file.

If further assistance is required, contact Meinberg Technical Support: https://www.meinbergglobal.com/english/support/tech-support.htm


Manuel Schäfer manuel.schaefer@meinberg.de, last updated 2023-05-16

  • kb/lantime_support/instructions/lantime_ssh_public_key_authentication.txt
  • Last modified: 2023-06-14 09:35
  • by 127.0.0.1