Hi guys,
I am currently trying to install the new Venus OS 3.1 (large) on a Raspi.
I have been on 2.9.2 before which refuses to update.
Unlike in the 2.x versions, there is no longer a menu to enable remote login via ssh.
In the "General" menu under "Remote Support" I can only choose between "User & Installer" and "User"; no more "Superuser".
Also, the "set root password" and "enable ssh" menus have disappeared.
What can I do?
Nothing has changed. The Superuser selection is hidden by default and always has been. It's all explained here:
Thanks, Kevin for your answer. I just found it out myself, paying an hour of my lifetime (for the second time) :-(
What the hell is that supposed to be? Security through obscurity? Shame on Victron :-(
Hi @solar noob
I didn’t make the decision, but doing it this way forces people to read the documentation first and hopefully understand the security implications of opening these ports and interfaces.
SSH tunnelling in a power control system can have serious security consequences.
It should be the first hit on a Google search, and linked in the manual, so I don’t think it’s too obscure.
And if any member tags their post with venus the ssh doc will magically appear in the "related documents" section of the page, as it now also does for this topic.
Yes, I read the docs month ago. But as I don't have a photographic rememberance I forgot about that weired move.
If you refer to this page https://www.victronenergy.com/live/ccgx:root_access I cannot see any notes about security implications.
I don't understand how to better understand the security implications by knowing that I have to press a certain button for a couple of seconds? A simple popup-Window would comply with the standards and would do much better.
And btw. No need to read the manual. You can find instructions on youtube, too - also without mentioning security :-)
Obscuring that menu means that anyone who enables it will have to pro-actively seek it out, specifically looking for how to enable SSH access, for some specific and essential reason.
It should be quite a rare case that requires it, custom modification developers basically. The person who does require it needs to do some of their own research beyond that doc for even how to use SSH. With that should come knowledge that they are deliberately enabling very low level remote access to their system, bypassing some of the security hardening that Victron has set up by default for 'normal' use, like the Venus GUI and VRM.
The way it's been set up means it's not possible to accidentally, or unintentionally turn it on. No doubt there is a better way to do it, but it's unlikely to change now, as the Venus developers have a long list of much higher priorities.
