Makers Blog Archive

Create a trusted connection between PC and controller

fwalde@phoenixcontact.com 22 September 2017 min. read
412 views 0 comments

In this manual it is described how a SCP and SSH connection can be established between a developer machine (Linux, based on How to create a Linux Virtual Machine) and a PLCnext Technology device (like an AXC F 2152).

A few basics about SSH and SCP

The principle of secure (trusted) connections and RSA security algorithms is explained in detail on Wiki pages, in english or german.

Let me explain it as
– every secure connection has a unique pair of keys a private key and a public key
– on one side you use a public key to encrypt a message
– the encrypted message can only be decrypted with the private key

Encrypted messages cannot be read and not be decrypted with the public key
Only with the private key, this makes perfectly clear that the private key has to stay private and is only for you!
So that only you can decrypt and read the messages that are sent to you.

If you ever give away your private key to someone … that one can read all your messages or in the case of PLCnext Technology connect to your controller as he is impersonating you!

Establish a secure connection

To set-up a easy to use trusted connection between your developer machine and your controller take the following steps:

  1. On your developer machine use the command ssh-keygen to generate your private and you public key
    ccax-team-user@ccaxteam-plcnext-vm:/tmp$ ssh-keygen
    Generating public/private rsa key pair.
    the key generator generated an id_rsa file and an id_rsa.pub fileThe .pub is the public key and the id_rsa is the private keyThe keys are in the directory ~/.ssh on my machine the ~/.ssh directory contains:ccax-team-user@ccaxteam-plcnext-vm:~/.ssh$ ls
    config id_rsa_old id_rsa.pub known_hosts.old
    id_rsa id_rsa_old.pub known_hosts
    ccax-team-user@ccaxteam-plcnext-vm:~/.ssh$
  2. Copy the contents of the id_rsa.pub file to the authorized_keys file of the PLC. In this case is the text editor VIM used.

    ccax-team-user@ccaxteam-plcnext-vm:~$ ssh admin@192.168.1.10
    admin@192.168.1.10’s password:
    Last login: Sun Jul 30 06:51:06 2017 from 192.168.1.200
    admin@axcf2152:~# cd .ssh
    admin@axcf2152:~/.ssh# vim authorized_keysSince you are authorized now it is possible to connect to the PLC without entering the password

  3. To make it even more easier you can edit the config file on the developer machine like this
    host plc
    User admin
    HostName 192.168.1.10Where host is the name, some kind of shortcut.
    User is the username of the user on the controller.
    Hostname is the IP address of the controller.

Now, the secure connection can be established by using the following command:

 Ssh plc

For both SSH and SCP No password required to get admin access …

This is why the private key should stay privatewink

Note:

The Makers Blog shows applications and user stories of community members that are not tested or reviewed by Phoenix Contact. Use them at your own risk.

Discussion

Please login/register to comment

Login/Register

Leave a Reply

Newsletter
Never miss a new article
Sign up for the newsletter
Never miss news about PLCnext Technology
Get interesting content via newsletter four times a year
Receive exclusive information before all other users