This site uses cookies for functional purposes. To continue please read and agree to our Data Privacy.

By closing this message, you consent to our use of cookies on this device.

Create a trusted connection between PC and controller

In this manual it is described how a SCP and SSH connection can be established between a developer machine (Linux, based on How to create a Linux Virtual Machine) and a PLCnext Technology device (like an AXC F 2152).

A few basics about SSH and SCP

The principle of secure (trusted) connections and RSA security algorithms is explained in detail on Wiki pages, in english or german.

Let me explain it as
- every secure connection has a unique pair of keys a private key and a public key
- on one side you use a public key to encrypt a message
- the encrypted message can only be decrypted with the private key

Encrypted messages cannot be read and not be decrypted with the public key
Only with the private key, this makes perfectly clear that the private key has to stay private and is only for you!
So that only you can decrypt and read the messages that are sent to you.

If you ever give away your private key to someone ... that one can read all your messages or in the case of PLCnext Technology connect to your controller as he is impersonating you!

Establish a secure connection

To set-up a easy to use trusted connection between your developer machine and your controller take the following steps:

  1. On your developer machine use the command ssh-keygen to generate your private and you public key
    ccax-team-user@ccaxteam-plcnext-vm:/tmp$ ssh-keygen
    Generating public/private rsa key pair.
    the key generator generated an id_rsa file and an id_rsa.pub file

    The .pub is the public key and the id_rsa is the private key

    The keys are in the directory ~/.ssh on my machine the ~/.ssh directory contains:

    ccax-team-user@ccaxteam-plcnext-vm:~/.ssh$ ls
    config id_rsa_old id_rsa.pub known_hosts.old
    id_rsa id_rsa_old.pub known_hosts
    ccax-team-user@ccaxteam-plcnext-vm:~/.ssh$


  2. Copy the contents of the id_rsa.pub file to the authorized_keys file of the PLC. In this case is the text editor VIM used.

    ccax-team-user@ccaxteam-plcnext-vm:~$ ssh This email address is being protected from spambots. You need JavaScript enabled to view it.
    admin@192.168.1.10's password:
    Last login: Sun Jul 30 06:51:06 2017 from 192.168.1.200
    admin@axcf2152:~# cd .ssh
    admin@axcf2152:~/.ssh# vim authorized_keys
    Since you are authorized now it is possible to connect to the PLC without entering the password


  3. To make it even more easier you can edit the config file on the developer machine like this
    host plc
    User admin
    HostName 192.168.1.10

    Where host is the name, some kind of shortcut.
    User is the username of the user on the controller.
    Hostname is the IP address of the controller.

Now, the secure connection can be established by using the following command:

 Ssh plc

For both SSH and SCP No password required to get admin access …

This is why the private key should stay privatewink

 

We have 39 guests and 2 members online