User Tools

Site Tools


Venus OS: Root Access

This document explains how to access a GX device via SSH, or straight on the Serial Console, with the root user.

This document is part of the Venus OS developer documentation. The main document is the Venus OS wiki on github.

Warning about modifying the rootfs

Note that additions made to the rootfs are not safe during an update, as the complete rootfs is replaced during an update.

Of course it is always possible to disable automatic firmware updates. Also there is a data partition (/data), which will be left alone in the image updates.

Hooks to install/run own code at boot

Everything, except for information on /data, will be wiped after an update.

Therefor, the trick to make changes & modifications survive an update, is to put files you need on /data, make them be (re-)installed automatically on startup. This section describes how to do that.

If the files /data/rcS.local or /data/rc.local exists, they will be called early (rcS) and late (rc) during startup. These scripts will survive upgrades and can be used by customers to start their own custom software. Implementation details in this commit.

Also if venus-data.{tar.gz,tgz,zip} is found on removable storage (usb stick, sd-card) when booting, it will be unpacked into /data. Implementation details in this commit. Added per Venus v2.30~28.

You can test the 'update' with /opt/victronenergy/swupdate-scripts/ -update -force which will install the same version again, but in the other rootfs.

For details of the used update mechanism, see here:

Available disk space


And see /opt/victronenergy/swupdate/, as explained in this commit. Source file for the script is here.

1. Set access level to Superuser

To set the root password, first set the access level to Superuser:

  1. Go to Settings, General
  2. Set the Access Level to User and installer, the password is ZZZ
  3. Highlight Access Level (don't open the select page!)
  4. Press and hold the right button of the center pad until you see the Access Level change to Superuser. Note: when working from the Remote Console, you need to use the right key on your keyboard. Pressing and holding the right button with your mouse won't work.

Now you have access to the super user features.

2. Create a root password

Go to Settings → General → Set root password. And create a root password.

Note that, for firmware version v2.00 and later, the root password will be reset by a firmware update. The reason is that the passwd file is on the rootfs, which is fully replaced by an update. More info here.

Our advice is to create a root password. But use it to login only the first time, and then install a public ssh key(s). Thereafter login with the keys.

3. Enable sshd and log in

To login via ssh, enable Remote Support (Settings → General). Besides enabling the reverse tunnel it also enables sshd. More info on Remote Support here.

To the login, enter the ip address of the ccgx in a ssh client. Most Linux and Mac users will simply do this from the command line:

ssh root@

And a very commonly used client for Windows is Putty. For more info, look around on the Internet, there is plenty information available.

4. Working with ssh keys

Using a ssh key for authentication, instead of a root password, has the advantage that it isn't lost during a firmware update. The keys are stored on the /data partition/

First set the root password (once), use that to login, and then copy a public ssh key to ~/.ssh/authorized_keys.

sshd works with three authorized keys files:

  • ~/.ssh/authorized_keys ← you can use this freely
  • ~/.ssh/authorized_keys2
  • /usr/share/support-keys/authorized_keys

The third file contains the keys we use for Remote Support login.

5. Play time! Start executing commands

6. Connecting via the console instead of over ssh

First, note that this is only relevant for the CCGX, as the Beagleboards have a uart dedicated to a console function.

See menu item Settings → Services → Console on VE.Direct 1

Enable the Serial Console on VE.Direct Port 1. Serial console is a software developers feature. This will disable VE.Direct 1 functionality on this port.

Settings are 115k2 / 8N1. Note that a normal VE.Direct to USB interface cable won't work, since you need to power the VE.Direct port on the CCGX from the outside. A small mod can be made to the interface cable. More information about the serial console.


ccgx/root_access.txt · Last modified: 2019-12-23 16:30 by mvader