Article for advanced usersInformation on this page is intended for users with advanced technical knowledge.
Treon Gateway - Change the standard SSH key
Jan 27, 2023 · 2 minutes to read
NOTE: There is no point of changing our standard key, please DO NOT do that.
Instead, if you want to replace our maintenance connection with your own:
Copy /usr/sbin/reverse-ssh-daemon e.g. to /usr/sbin/ifm-reverse-ssh-daemon
Create your own ssh port number and ssh keys and write them to /mnt/identity e.g. ifm_rssh_port, ifm_id_rssh and ifm_id_rssh.pub
Modify /usr/sbin/ifm-reverse-ssh-daemon so that you change definitions of RSSH_PORT_FILE, RSSH_KEY_FILE and RSSH_SERVER
Modify /etc/init.d/gw-reverse-ssh by setting DAEMON_NAME= ifm-reverse-ssh-daemon
Option for 4): Create a new init script for your maintenance backend by copying gw-reverse-ssh to ifm-gw-reverse-ssh and modifying it. You must also activate you new init script by command
update-rc.d ifm-gw-reverse-ssh defaults 94’. You must be root for doing this (sudo -i`).
The ‘option for 4)’ gives you the setup where these is maintenance link to both Treon and IFM backends. You can remove Treon access by deactivating our ssh daemon by ‘update-rc.d ifm-gw-reverse-ssh remove .’ And later activate it if needed.
IMPORTANT NOTE! As these changes are done to OS partition they need to be ‘protected’ against SW update. When the gateway software is updated, the whole OS partition is overwritten by a new SW image. Files and folders on the OS partition can protected by ‘persisting’ them.
This can be done be adding a definition file in /etc/persist.user.d/. In you case the definition file could be eg: /etc/persist.user.d/10ifm_ssh: persist_move /etc/init.d/ ifm-gw-reverse-ssh
In addition to this you need to re-activate the init script. This can be done by placing a shell script in /etc/updatehooks.user.d which runs
update-rc.d ifm-gw-reverse-ssh defaults 94
You can use this mechanism to run also any other initialization you might want to do after an image update.