I have been configuring my CCGX for password-less (public key) login and I believe that the stock sshd configuration is missing some things, specifically:
1) There are no host keys in /etc/ssh. These can be generated with
ssh-keygen -A
2) In /etc/ssh/sshd_config, the following line(s) should be uncommented or inserted:
HostKey /etc/ssh/ssh_host_xxxx_key
(xxxx being your choice(s) of rsa, dsa, ecdsa, or ed25519 I am using ed25519 which is apparently the most secure).
The above is unfortunately not covered in the documentation here: www.victronenergy.com/live/ccgx:root_access
For security I also set the following options:
PermitEmptyPasswords no ChallengeResponseAuthentication no
I did not however have the courage to disable password login entirely, not wanting to get locked out if something goes south in the future.
Of course sshd must be restarted after changes are made.
I think I understand correctly that such changes won't survive an update, therefore I copied the modified sshd_config and the host key files to a new directory /data/ssh and put the following in /data/rcS.local :
cp /data/ssh/* /etc/ssh/
I will be interested in any comments/ corrections from those more experienced !
