Skip to main content

Connecting with Public Key Authentication

SSH allows for a connection to the controller that is secure, encrypted, and authenticated. This allows you to perform remote management of the controller in a safeguarded context.

Authentication can be done by providing access data (user name and password). You can also choose a more powerful method by using key-based authentication (public key authentication). The user uses a key to log on to the controller. A key consists of a public and a private key. This kind of key pair is much harder to compromise than a password.

The logging operation checks whether the public key of the controller matches the private key of the development system. When this is the case, access is granted without using a password.

You create the SSH keys used in CODESYS on the Windows-based development system. You can optionally specify a passphrase so that the security of public key authentication is increased even more. You can copy the public key to one or even multiple controllers, which may be desirable, for example, on a machine that consists of multiple controllers. The private key always remains on the development system and must never be shared under any circumstances.

Important

Never share the private key.

Creating an SSH key

First create an SSH key in Windows consisting of a private and a public key.

  1. Install the open source "PuTTY" tool.

    Different applications are located in C:\Program Files (x86)\PuTTY.

  2. Open the "PuTTYgen" tool.

    The following dialog opens.

    _sl_img_puttygen_generator.png

  3. Select the RSA option and click the Generate button.

    The creation of the key begins.

  4. In the meantime, move the mouse in the free space below the progress bar until the key is created.

    The following dialog opens:

    _sl_img_puttygen_generated_key.png

  5. If needed, you can designate a secure and unique passphrase in Key passphrase and Confirm passphrase.

    _sl_img_puttygen_passphrase.png

    If you have assigned a passphrase, then the keys are also secured. You will need the passphrase every time you use a key to log in to your controller in CODESYS. Keep the passphrase secret so that only authorized persons know it.

  6. Click the Save private key button and specify a file name (example: serviceuser.ppk).

    _sl_img_puttygen_serviceuser.png

  7. Click Save.

    The private PPK key is created.

  8. Click the ConversionsExport OpenSSH key command.

  9. Specify a file name (example: serviceuser.openssh).

    The private OPENSSH key is created.

  10. In the Public key for pasting into OpenSSH authorized_keys file text field, now select the entire string.

    _sl_img_public_key_generated.png

  11. In the context menu, click Copy to copy the string to the clipboard and paste it into a text file. Name the text file (example: serviceuser.pub).

    The private PUB key is created.

  12. Move the keys to a suitable, perhaps even hidden, location on the development computer. Or save the files on a USB stick which stays with the development system.

    For example, the private and public keys are now located in the D:\PLCs\BeagleBone\Keys directory.

    Note

    Make sure that the private key always remains on the development system. The private key must never be shared.

Copying the public key to the controller

Copy the public key (example: serviceuser.pub) to the controller. Pay attention to the vendor information.

Linking private keys in CODESYS

  1. Open CODESYS and click the ToolsDeploy Control SL command.

  2. On the Communication tab, expand the Key Based Login section.

  3. Click the Add Keyfile button.

    A file selection dialog opens.

  4. Select the desired private key (OPENSSH file).

    Example: serviceuser.openssh

    _sl_img_options_runtime_deploy_toll.png

  5. Click OK to confirm the dialog.

    The dialog closes. Now CODESYS has the private key.

Tip

You can also link the private key in the options, in the Runtime Deploy Tool category.

Key-based login with an SSH key

Log in to the controller with the SSH key.

  1. Click the ToolsDeploy Control SL command.

    The Runtime Deploy Tool opens.

  2. Select the SSH login based on key option.

    A list box provides all keys known in CODESYS.

  3. Select the desired key serviceuser.openssh.

  4. Specify the user name and if necessary the passphrase in the respective input fields.

  5. Click the Scan button.

    The network is scanned for matching controllers. The result of the search is displayed.

  6. Select the desired one from the list of controllers.

  7. For example, click System info.

    The SSH server on the controller checks whether or not the private key matches the public key. When this is the case, you are authenticated and logged in. After that, the command is executed and the system information of the controller is displayed in CODESYS.

: