Login Authentication

This topic provides the recommended login authentication credential setup options for Sierra Wireless modules that are using serial console or secure shell interfaces for target device access.

Starting with Legato 16.10.0 (and SWI9X15Y_07.11.18.00 or later), when you access your module using a serial console or SSH shell connection, new login authentication menus will display providing these credential setup options:

It is strongly recommended to setup credentials for remote login.
Please select one of the following options:
1) Setup ssh keys and disable passwords-based authentication via ssh (the most secure)
2) Setup password (better than nothing)
3) Do nothing

Option 1 - Setup SSH Keys

Note
This is the method we strongly recommend!

1. On the target, choose 1 to setup ssh keys.

2. On the host PC, run configtargetssh (ensure you run bin/legs first to set your environment). You can manually setup ssh keys using ssh-keygen, and copy the public key to the target's ssh directory; but configtargetssh will handle this for you.

3. After configtargetssh finishes, choose 1 (Done), and answer the "are you sure" questions. The configure local console menu will then display:

1) Disable console access (the most secure)
2) Disable password-based authentication for root user account
       but leave the console for debug messages (less secure)
       WARNING: This will disable password-based authentication for
       root user account completely (even over ssh).
3) Enable password-based authentication for root user account

4. Choose 1 to done setting up ssh keys. If local access through the serial console isn't needed, it's recommended to completely disable console access.

Option 2 - Setup Password

If you choose 2 Setup password, ensure you use a strong password that can't be easily guessed.

Warning
Please test your ssh keys and/or passwords in a separate terminal before logging off from all terminals to ensure you don't lose access to your target device.