Remote access to the TwinCAT/BSD installer via SSH

SSH stands for Secure Shell and is a method used to establish a secure connection between two computers. SSH works by authentication based on a key pair, where the private key is located on a remote server or industrial PC and the corresponding public key is located on a local computer. If the keys match, the user is granted access.

This chapter shows how to establish an SSH connection from a local PC to an industrial PC with a TwinCAT/BSD installer and how to access its shell. This gives you access to a TwinCAT/BSD system that is fully functional, which you can use for repair or data recovery if, for example, a faulty process prevents a system startup or a faulty TwinCAT project causes a boot loop.

Requirements:

Before you can establish a remote connection via SSH, you must ensure that the TwinCAT/BSD installer is set up on the USB stick.
The SSH server must be active. The script "start_ssh_server" is already on the USB stick in the folder /INSTALLER/autorun.

Proceed as follows:

1. Before you can establish an SSH connection, you must generate an SSH key pair on your local PC. This key pair consists of a private and a public key.

Under Windows 10, the SSH key pair can be generated with OpenSSH. Open the Command Prompt as an administrator on your Windows 10 PC and execute the following command:

ssh-keygen -t ed25519

2. You will be prompted to specify a location and to set a password (optional). The generated key pair is stored by default in the directory C:\Users\<your username>\.ssh.

Generating public/private ed25519 key pair.
Enter file in which to save the key (C:\Users\username/.ssh/id_ed25519):

3. Now you have a public and private keys in the specified location. The .pub files are public keys, and files without extension are private keys.

4. Use the command ssh-add to load the private key into the SSH agent. This makes SSH authentication easier and more secure, as the private key is stored encrypted in the SSH agent. To do this, open the command prompt on your local PC and enter the following command:

ssh-add $env:USERPROFILE\.ssh\id_ed25519

5. The content of the public key (\.ssh\id_ed25519.pub) must be stored on the TwinCAT/BSD installer in a file named authorized_keys at \INSTALLER\.ssh.

6. From now on you can connect to the TwinCAT/BSD installer from your local PC or from any client that has the private key. Open the command prompt on your local PC and use the following command:

ssh root@<IP of TwinCAT/BSD installer>

7. The IP address of the TwinCAT/BSD installer is displayed in the graphical user interface after booting. In addition, a fixed IP address for the USB stick can be configured in advance using the shell.

After successful authentication via SSH you have access to the TwinCAT/BSD installer and thus to the shell of the TwinCAT/BSD system installed on it. You can now perform the necessary tasks, such as installing or maintaining the operating system.