Hoping for a bit of command-line-ish advice:

I have succeeded in sshing and scping to my Organelle, except that as configured the music account has a password but not a private key, which means I have to type a password every time I run one of those commands (or I have to get all grotty and simulate typing). It’d be great if, instead, I could store a private key with the music account (or set up an entirely separate account), and use that to authenticate. Unfortunately, /home/music is mounted on /dev/root, which is read-only.

Is there a reasonable way to get that set up? I am reluctant to try to modify the root FS, which I figure is RO for a good reason! (I’m comfortable navigating Posix-ish systems in general, I just don’t know enough about how the Organelle’s build works / is intended to work to be confident in not messing things up.)

If this isn’t straightforward today, then — to the Organelle devs — please consider this a feature request, e.g. maybe have a way to configure this via the web interface or something like that.

Just to be clear, I’d only ever use a purpose-made SSH key for this, because the Organelle isn’t exactly security-hardened!

Thanks for whatever help y’all can provide.

sudo ~/fw_dir/scripts/remount-rw.sh 
... create your private key
sync
sudo  ~/fw_dir/scripts/remount-ro.sh

I don’t think ssh keys are particular easy to handle for non-linux users, users tend to understand passwords easier - I think trying to explain private/public keys would be a support nightmare.
as you say, really there is little reason for organelle to be ‘secure’, its not like we are storing personal data on it… are we?

First and foremost, thanks for the quick answer!

really there is little reason for organelle to be ‘secure’

Just don’t take one to DEF CON and turn on wi-fi…

(Less glibly: I understand the tactical tradeoffs necessary to get a product out the door, but I would still have preferred a bit more security by default.)