NetBurner 3.5.8
PDF Version
SSH Server with User Key

Example Path: examples/SSH/SshServerUserKey

SSH Server with User Key Example

Overview

This NetBurner application demonstrates how to create an SSH server that supports multiple key sources and provides a web-based interface for key management. The application showcases secure SSH connections with user-uploadable keys while maintaining fallback security through default keys.

Additional pdf documentation is located in the example directory

Features

  • SSH Server: Accepts secure SSH connections on port 22
  • Multiple Key Sources:
    • NetBurner SSH library default keys
    • Application compiled-in keys
    • User-uploaded keys via web interface
  • Web Interface: Upload and manage SSH keys through a browser
  • Key Types Supported: RSA and ECC (Elliptic Curve Cryptography)
  • File System: EFFS-STD on-chip flash for persistent key storage. On the RT modules (SOMRT1061, MODRT1171) the keys are stored on the system file system the platform mounts at boot; on the other modules the application creates its own EFFS-STD file system (see "File System by Platform" below)
  • NTP Time Sync: Automatic time synchronization for accurate timestamps
  • Serial Debug Interface: Command-line interface for system diagnostics

Key Management Hierarchy

The application uses a three-tier key priority system:

  1. User-Uploaded Keys (Highest Priority): Keys uploaded via web interface
  2. Application Default Keys (Medium Priority): Keys compiled into the application
  3. Library Default Keys (Lowest Priority): NetBurner SSH library fallback keys

This ensures the device always has a valid key for SSH connections.

Hardware Requirements

  • A supported NetBurner module: MOD5441X, NANO54415, SB800EX (ColdFire), MODM7AE70, SBE70LC (SAME70), or SOMRT1061, MODRT1171 (i.MX RT). The module's on-chip flash holds the file system; no external memory is required.
  • Network connection
  • Optional: Serial connection (115200 8N1) for the debug interface

Software Requirements

  • NetBurner Development Kit
  • NetBurner SSH/SSL Encryption software (optional add-on)
  • Compatible platforms: MOD5441X, NANO54415, SB800EX, MODM7AE70, SBE70LC, SOMRT1061, MODRT1171

File System by Platform

This example stores its SSH keys (and other settings) in the on-chip flash file system. How that file system comes to exist differs by platform, and it is the main thing to understand before building. The example makefile already applies the correct settings for each supported platform; you do not normally need to change them by hand.

RT modules (SOMRT1061, MODRT1171) – system file system

These modules boot with a system file system already created and mounted by the platform before UserMain() runs. It holds the device configuration, certificates, and the application image. This example does not create a file system on these modules – it uses the existing one (main.cpp skips fs_main() on RT and simply selects drive 0). The SSH keys are written to it:

  • rsa.key and ecc.key at the root of the file system (drive 0), and
  • the key metadata and device settings in the system area under /sys/files/usrparam.

Because the application image lives in this same file system, formatting is disabled on the RT modules (the serial [4] Format command and the FTP _format command both no-op there).

Note
The Memory Configuration below does NOT apply to the RT modules. There is no COMPCODEFLAGS / linker memory reservation and no separate file-system library to link on the SOMRT1061 or MODRT1171 – the EFFS-STD file system is part of the platform. The makefile already excludes the RT modules from those settings; nothing needs to be configured for them.

ColdFire / SAME70 modules – application-created file system

On the MOD5441X, NANO54415, SB800EX (ColdFire) and MODM7AE70, SBE70LC (SAME70) modules there is no system file system. The application reserves a region of flash for an EFFS-STD file system and creates/mounts it itself (main.cpp calls fs_main()). This is where the Memory Configuration matters, and the makefile sets it per platform:

  • ColdFire (MOD5441X, NANO54415, SB800EX): a COMPCODEFLAGS range caps the application region so the top of flash is reserved for the file system.
  • SAME70 (MODM7AE70, SBE70LC): -cflag C:3 disables application relocation; the file-system region is reserved dynamically.

The makefile also links the EFFS-STD library (libStdFFile.a) for these platforms – and, again, excludes it for the RT modules. In short: for any supported platform you do not need to edit COMPCODEFLAGS by hand; the makefile sets the right value for each, and the RT modules need none.

Usage Instructions

Initial Setup

  1. Select your target platform when building – the makefile applies the correct memory and file-system settings automatically (the RT modules need none; see "File System by Platform")
  2. Build and deploy the application to your NetBurner device
  3. Use IPSetup to determine the device's IP address
  4. Connect to the serial port (115200 baud) for debug output

Web Interface

  1. Open a web browser and navigate to the device's IP address
  2. View current key status and sources
  3. Upload new RSA or ECC keys using the file upload form
  4. Reset keys to factory defaults if needed
  5. Display public keys for SSH client configuration

SSH Connection

  1. Use an SSH client (such as PuTTY) to connect to the device
  2. Connect to the device's IP address on port 22
  3. Any username/password combination is accepted (for demonstration purposes)
  4. The connection timeout is set to 120 seconds

Serial Commands

Access the debug menu via serial connection:

  • [1] - EFFS Read/Write Test
  • [2] - Display Directory
  • [3] - Display TestFile.txt
  • [4] - Format Flash (WARNING: Data loss; disabled on the RT modules)
  • [5] - Display EFFS Space Usage
  • [6] - Display System Time
  • [7] - Reset to Factory Defaults

Key Requirements

RSA Keys

  • Minimum size: 512 bits
  • Maximum size: 4096 bits
  • Format: OpenSSH/OpenSSL PEM format
  • Must be unencrypted (no passphrase)

ECC Keys

  • Minimum size: 192 bits
  • Maximum size: 256 bits (384, 521, and ED25519 available with additional defines)
  • Format: OpenSSH/OpenSSL PEM format
  • Must be unencrypted (no passphrase)

File Structure

Core Application Files

  • main.cpp - Main application thread and system initialization
  • sshuser.cpp/h - SSH authentication and key management functions
  • web.cpp - Web server interface for key upload and display
  • nvsettings.cpp/h - Non-volatile settings management

Key Files

  • permanentkeyrsa.h - Default RSA key compiled into application
  • permanentkeyecc.h - Default ECC key compiled into application
  • openSsh*.key - Example key files for testing

Web Interface

  • index.html - Key management page: shows the installed RSA/ECC key sources and provides the key upload and reset forms
  • rsakey.html - Displays the active RSA public key for SSH client configuration
  • ecckey.html - Displays the active ECC public key for SSH client configuration
  • style.css - Self-contained stylesheet for the web pages (plain CSS, no framework or CDN)
  • logo.png - NetBurner logo used in the page header

File System Support

  • FileSystemUtils.cpp/h - EFFS-STD file system utilities
  • fs_main.cpp/h - File system initialization
  • effs_time.cpp/h - File timestamps and NTP support

Security Considerations

  • The example uses simple authentication (any username/password where they don't match)
  • In production, implement proper user authentication
  • The web interface is unencrypted HTTP - consider HTTPS for production use
  • Private keys are stored in flash memory - ensure physical security of devices
  • Default keys are compiled into the application - replace with your own keys for production

Troubleshooting

Common Issues

  1. Flash Corruption (ColdFire/SAME70 only): usually caused by incorrect COMPCODEFLAGS / reservation settings. Does not apply to the RT modules, which use the platform's system file system.
  2. Key Upload Failures: Verify key format and encryption status
  3. Connection Timeouts: Check network configuration and firewall settings
  4. File System Errors: May require formatting the EFFS partition (not available on the RT modules, where the file system also holds the application image)

Debug Output

The serial interface provides detailed debug information including:

  • SSH connection status
  • Key validation results
  • File system operations
  • Network configuration
  • System diagnostics

Development Notes

This example demonstrates several NetBurner development concepts:

  • EFFS-STD flash file system usage
  • Multi-part form handling in web applications
  • SSH server implementation
  • Non-volatile parameter storage
  • Task creation and management
  • Network service integration