SSH access is disabled by default. Once enabled, you should always log in with the user
base that has sudo privileges. The user password corresponds to the one set in the BitBoxApp setup wizard.
There are multiple ways to gain access, some usable for production, others only suitable to be used for development:
SSH keys: if SSH keys are present in
/home/base/.ssh/authorized_keys, SSH login is possible over regular IP address, the mDNS domain (e.g.
ssh firstname.lastname@example.org) or even a Tor hidden service (if enabled).
Currently, the keys need to be added manually, either by logging in locally or after login in with a password (see next option). We plan to allow users to add SSH keys from the BitBoxApp.
Password login: this authentication method is not secure and should not be enabled for longer periods on a production device.
It can be enabled in the BitBoxApp node management under “Advanced options”. Alternatively, you can run
sudo bbb-config.sh enable sshpwlogindirectly on the command line. After enabling, you can log in with the user
baseusing the password set in the Setup wizard.
Root login: SSH access for the
rootuser is disabled by default. For development, it can be enabled from the command line, e.g. to copy updated scripts directly into system folders that require root access. On the BitBoxBase, logged in with user
sudo bbb-config.sh enable rootlogin.
If you build the BitBoxBase image yourself, you can configure the options
BASE_LOGINPW (initial login password, overwritten by the Setup Wizard) and
BASE_SSH_PASSWORD_LOGIN in build.conf.
If logging in as user
base, you might find the following
alias helpful that are defined in
.bashrc-custom and maintained as a template:
bcli: shortcut for
bitcoin-cliwith the necessary credentials and arguments
blog: follow the Bitcoin Core log output in the system journal
lcli: shortcut for
lightning-cliwith the necessary credentials and arguments
llog: follow the c-lightning log output in the system journal
j: follow the system journal
elog: follow the Electrs log
slog: follow the Supervisor log
mlog: follow the Middleware log