Loading...
 

Connecting via SSH

 This small tutorial will go over connecting to the board via SSH. Among other things, connecting via SSH is primarily used to obtain access to a command line over a network.

Prerequisites:

  • openssh-server package on server (this package is already installed on your Buildroot file system, however if you are running Ubuntu you need to install it)
  • openssh-client package installed on client (check out install instructions for your Linux distribution)

 

Installing and running OpenSSH server on MACCHIATObin(Ubuntu)


Firstly, connect to the console via serial connection. To connect via SSH, we must install OpenSSH server package. For installing the package on MACCHIATObin running Ubuntu in the console we can issue:

root@localhost:~# apt-get install openssh-server


SSH server configuration is located in /etc/ssh/sshd_config file, and there you can change numerous settings to better secure your SSH connection. You can find out more here.

For initial connection we can change the root password using passwd and entering the wanted password. Then we edit /etc/ssh/sshd_config and there change PermitRootLogin to "yes". Note that the recommended solution is using SSH keys (see section below) instead of passwords.

Connecting


To connect via SSH, we only need to know the IP or hostname of the board.

All of the instructions below work on MACCHIATObin running Buildroot file system as well.

SSH via IP address


Of course, you can use your network router's administration page to find the MACCHIATObin's IP address, or connect via serial and look for the IP address on br0 interface, e.g.:

br0       Link encap:Ethernet  HWaddr f0:ad:4e:03:5f:30  
          inet addr:192.168.22.1  Bcast:192.168.22.255  Mask:255.255.255.0
...


In our case it was the same we setup when initially configuring network on Ubuntu. Once we have it, we simply issue from the client:

~$ ssh root@192.168.22.1
root@192.168.22.1's password: 
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.8-armada-17.02.1-g4271698 aarch64)

 * Documentation:  https://help.ubuntu.com/
Last login: Thu Jan  1 00:00:19 1970
root@localhost:~#


Here we of course insert the password which we have set before using passwd command.

SSH via domain name


If you have configured a static IP for your MACCHIATObin, you can use it and the domain name to connect via SSH. Set the domain name (by default it is set to none) using domainname command, e.g. to mcbin:

domainname mcbin


and add the IP and that domain name on your laptop/PC by adding in the line to /etc/hosts:

192.168.22.1 mcbin


and now you can simply connect by typing:

~$ ssh root@mcbin

 

SSH Keys


Key-based authentication is the most secure of several modes of authentication usable with OpenSSH. Key-based authentication implies two keys, one public key that anyone is allowed to see, and another private key that only the owner is allowed to see. To securely communicate through such a method, one needs to create a key pair, securely store the private key on the computer one wants to log in from, and store the public key on the computer one wants to log in to. Additionally, SSH keys allow authentication betwen two hosts without the need of a password.

On the client (your laptop/PC), first create your public and private SSH keys. If you have not already, create ~/.ssh directory, set permissions for it and generate the key pair (we will name our key pair mcbin):

mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t ed25519 -f ~/.ssh/mcbin


Enter the wanted passphrase (make it a strong one), after which the keys should be generated. Now you should find mcbin.pub public key and mcbin private key in the ~/.ssh directory. Next step is to properly configure the SSH config file. In the ~/.ssh directory modify or create the config file:

~/.ssh$ vim config


and there add the following:

Host x.x.x.x**
        User your_name
        Hostname x.x.x.x
        Port 22
        IdentityFile ~/.ssh/generated_pub_key
        IdentitiesOnly yes
        PubkeyAuthentication yes


so following our above configuration this would look something like:

Host 192.168.22.1
        User root
        Port 22
        Hostname 192.168.22.1
        IdentityFile ~/.ssh/mcbin
        IdentitiesOnly yes
        PubkeyAuthentication yes


Insert MACCHIATObin's IP address or you can use hostname if you have configured it as mentioned in the previous section.

Now what is left is to copy the public key to the MACCHIATObin (acting as SSH server). From the client issue:

cat ~/.ssh/mcbin.pub | ssh root@192.168.22.1 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"


On the MACCHIATObin we now need to make necessary changes in /etc/ssh/sshd_config file (uncomment or add):

PubkeyAuthentication yes
AuthorizedKeysFile      ~/.ssh/authorized_keys
PermitRootLogin without-password


and restart the ssh service with:

service ssh restart


From the client, when you try to ssh into MACCHIATObin now, you should be prompted for the passphrase:

~$ ssh root@192.168.22.1
Enter passphrase for key '/home/akrog/.ssh/mcbin': 
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.8-armada-17.02.1-g4271698 aarch64)

 * Documentation:  https://help.ubuntu.com/
Last login: Thu Jan  1 00:54:55 1970 from 192.168.22.37
root@localhost:~#