Skip to content

Add SSH key embedding and dev.sh SSH mounting for development#158

Closed
Lemmons wants to merge 1 commit into
paxx12-snapmaker-u1:developfrom
Lemmons:feature/ssh-dev-convenience
Closed

Add SSH key embedding and dev.sh SSH mounting for development#158
Lemmons wants to merge 1 commit into
paxx12-snapmaker-u1:developfrom
Lemmons:feature/ssh-dev-convenience

Conversation

@Lemmons
Copy link
Copy Markdown

@Lemmons Lemmons commented Jan 19, 2026

I don't think this is particularly in the correct place, but I wasn't sure what the best approach was here. While working on the rfid ui I wanted a way to be able to be a little more hands off when updating firmware using the update-firmware script. This is the best I was able to come up with. I assume there is a much better way to do this though (I imagine if we do want to keep the ability bake in ssh keys, it should go in the devel overlays, rather than common). Definitely would like to get feedback on how we can make the iteration process faster when you need to push new versions to a real machine, and will be happy to update this as needed to match what that process might be.

Changes

  • Add overlays/common/04-ssh-authorized-keys/ overlay for embedding SSH public keys
  • Add SSH folder mounting to dev.sh for container development
  • Update .gitignore to exclude personal SSH keys
  • Update upgrade-firmware.sh to remove the ssh host from known hosts, as it will fail due to the firmware upgrade changing the host sha

@Lemmons
Add SSH key embedding and dev.sh SSH mounting for development
f6390a1 
- Add overlays/common/04-ssh-authorized-keys/ overlay for embedding SSH public keys
- Add SSH folder mounting to dev.sh for container development
- Update .gitignore to exclude personal SSH keys
- Update upgrade-firmware.sh to remove the ssh host from known hosts, as it will fail due to the firmware upgrade changing the host sha
mcristina422
mcristina422 reviewed Jan 19, 2026
View reviewed changes
Comment thread scripts/dev/upgrade-firmware.sh
# and will quickly connect to it to allow the user to confirm the new fingerprint
# this avoids any ssh prompts during the build and upgrade process (if the user has an ssh key setup)
# this is inherently unsafe, so should only be used in controlled environments
ssh-keygen -f /root/.ssh/known_hosts -R $SSH_HOST
Copy link
Copy Markdown
Contributor

@mcristina422 mcristina422 Jan 19, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like what you're going for here, I end up doing the same thing manually.
I think long term, we should reconfigure dropbear SSH server to save and reuse it's SSH Host Keys in a persistent mount point, so its not regenerated every upgrade

@paxx12
Copy link
Copy Markdown
Contributor

paxx12 commented Jan 20, 2026

@Lemmons

I get the idea, but until there are fixed credentials on printer this is also not needed. For example this is what I'm doing:

sshpass -p snapmaker ssh-copy-id root@u1eth.home && ./scripts/dev/upgrade-firmware.sh root@u1eth.home extended

@paxx12
Copy link
Copy Markdown
Contributor

paxx12 commented Jan 27, 2026
edited
Loading

@Lemmons

I think all of those could be folded into providing overlays/devel/local-overlay where we would generate the ssh_host_key and ssh_public_keys. Kind of having a space to put whatever local amendments are needed. The script could generate all of those and put it into expected data structure (scripts/dev/generate-dev-keys.sh). So:

overlays/devel/local-overlay/root/etc/ssh/ssh_host_key*
overlays/devel/local-overlay/root/root/.ssh/authorized_keys
overlays/devel/local-overlay/root/root/.ssh/id_{rsa,ecdsa}{,.pub}

Create ssh_config to allow using those generated keys for all operations in dev.sh container, the dev.sh could maybe even generate those keys for the first time.

@paxx12 paxx12 added the development Set of features related to improvement development environment experience label Jan 31, 2026
@paxx12
Copy link
Copy Markdown
Contributor

paxx12 commented Feb 1, 2026
edited
Loading

Replaced by #222 there's also the #208.

@paxx12 paxx12 closed this Feb 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@mcristina422 mcristina422 mcristina422 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

development Set of features related to improvement development environment experience

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Lemmons @paxx12 @mcristina422