In this manual it is described how a SCP and SSH connection can be established between a developer machine (Linux, based on How to create a Linux Virtual Machine) and a PLCnext Technology device (like an AXC F 2152).
A few basics about SSH and SCP
The principle of secure (trusted) connections and RSA security algorithms is explained in detail on Wiki pages, in english or german.
Let me explain it as
– every secure connection has a unique pair of keys a private key and a public key
– on one side you use a public key to encrypt a message
– the encrypted message can only be decrypted with the private key
Encrypted messages cannot be read and not be decrypted with the public key
Only with the private key, this makes perfectly clear that the private key has to stay private and is only for you!
So that only you can decrypt and read the messages that are sent to you.
If you ever give away your private key to someone … that one can read all your messages or in the case of PLCnext Technology connect to your controller as he is impersonating you!
Establish a secure connection
To set-up a easy to use trusted connection between your developer machine and your controller take the following steps:
- On your developer machine use the command ssh-keygen to generate your private and you public key
Generating public/private rsa key pair.
the key generator generated an id_rsa file and an id_rsa.pub fileThe .pub is the public key and the id_rsa is the private keyThe keys are in the directory ~/.ssh on my machine the ~/.ssh directory contains:ccax-team-user@ccaxteam-plcnext-vm:~/.ssh$ ls
config id_rsa_old id_rsa.pub known_hosts.old
id_rsa id_rsa_old.pub known_hosts
- Copy the contents of the id_rsa.pub file to the authorized_keys file of the PLC. In this case is the text editor VIM used.
ccax-team-user@ccaxteam-plcnext-vm:~$ ssh email@example.com
Last login: Sun Jul 30 06:51:06 2017 from 192.168.1.200
admin@axcf2152:~# cd .ssh
admin@axcf2152:~/.ssh# vim authorized_keysSince you are authorized now it is possible to connect to the PLC without entering the password
- To make it even more easier you can edit the config file on the developer machine like this
HostName 192.168.1.10Where host is the name, some kind of shortcut.
User is the username of the user on the controller.
Hostname is the IP address of the controller.
Now, the secure connection can be established by using the following command:
For both SSH and SCP No password required to get admin access …
This is why the private key should stay private
Leave a Reply
You must be logged in to post a comment.