Password for embedded devices in automatic deployment
We are working with commercial embedded devices, where we install our software. Then, they are deployed in different client sites. The embedded devices have an Ethernet port and a console port for debugging and recovery. They are connected to the Internet and we need to access them remotely using ssh.
By default, the devices have a linux user and a password set by the manufacturer. Currently, we change that password manually and use it for ssh access and sudo instructions. Moreover, we set a password for root user to avoid getting locked out in emergency mode. Our clients never access the device, we are the only ones. As a result, there will no to be a user-generated password. Moreover, we want to maintain the option to use the debugging port in case of need.
Now, we are planning to scale. Therefore, we would like to automate the password setting.
I have been reading some other questions about passwords in embedded devices (1, 2) but they deal mostly with how to choose the password and not with how to set it. Also, in the answer to this question, it is suggested to use ssh with public-key cryptography instead of passwords. However, even if we stop using our user password for ssh, we still need to set a password to override the manufacturer's one that can be used in the debugging port.
I have come up with a possible solution for what to do when deploying a new device:
- Generate a password in our server. It will be stored there for us to check it if needed.
- Deploy our setup script in the device and have it reach our server for the password to set.
OR
- Send a text file with the password to the device, to be deleted after initial setup.
What is the best option for step 2?
Is there a better procedure for password management in this scenario?
