SSH subsystem removed in 14.9.0

Two questions about this change :slight_smile:

  • How do I now perform OTA firmware updates on my home network ?
  • How can I connect a terminal over the network to an IEx process ?

Thanks !

@jsimmonds The SSH system was removed for a variety of reasons:

  • The package was retired almost two years ago.
  • The system used a keypair scheme that is losing favor, and which some users had security concerns about. CC: @jebba
  • The workflow that was used in the past no longer reflects how we actually do the development of FBOS in 2021. Generally speaking, FarmBot developers in 2022 use USB serial for remote access and run development builds on x86 systems before finally publishing a firmware image.
  • I am suspicious the number of people who were using the system was in the single digits. We don’t get many users using SSH or live firmware uploads.
  • SSH access was never really a feature we recommend to end-users, and our main focus (given limited resources) is to cater to the needs of end-users.

Because of security concerns, deprecations, low usage, and a lack of developer resources, we made the decision to remove the system without a plan for a replacement. That’s not to say we would be against adding a newer, more secure version back to the stack. If a secure alternative were provided we would be open to incorporating it back in (assuming it uses a more modern keypair scheme and up-to-date hex dependencies).

My recommendation, for now, would be to run development on host and use a USB serial cable for debugging. I realize this is less than ideal for Express development but we simply do not have the resources to modernize the current system and made the security decision to remove it entirely until we have more time to review a modern replacement.

3 Likes

It’s actually super-easy to restore SSH-based services ( including fwup for firmware OTA ) using actively maintained Elixir packages if you’re a keen FBOS programmer / maintainer and familiar with Nerves/Buildroot/Elixir and Raspberry Pi ( like me ).

Just follow the fine software documentation published for the package NervesSSH
(NervesSSH — nerves_ssh v0.4.3)

1 Like