This small tutorial will go over connecting to the board via SSH. Among other things, connecting via SSH is primarily used to obtain access to a command line over a network.
- openssh-server package on server (this package is already installed on your Buildroot file system, however if you are running Ubuntu you need to install it)
- openssh-client package installed on client (check out install instructions for your Linux distribution)
Installing and running OpenSSH server on MACCHIATObin(Ubuntu)
Firstly, connect to the console via serial connection. To connect via SSH, we must install OpenSSH server package. For installing the package on MACCHIATObin running Ubuntu in the console we can issue:
root@localhost:~# apt-get install openssh-server
SSH server configuration is located in /etc/ssh/sshd_config file, and there you can change numerous settings to better secure your SSH connection. You can find out more here.
For initial connection we can change the root password using passwd and entering the wanted password. Then we edit /etc/ssh/sshd_config and there change PermitRootLogin to "yes". Note that the recommended solution is using SSH keys (see section below) instead of passwords.
To connect via SSH, we only need to know the IP or hostname of the board.
All of the instructions below work on MACCHIATObin running Buildroot file system as well.
SSH via IP address
Of course, you can use your network router's administration page to find the MACCHIATObin's IP address, or connect via serial and look for the IP address on br0 interface, e.g.:
br0 Link encap:Ethernet HWaddr f0:ad:4e:03:5f:30 inet addr:192.168.22.1 Bcast:192.168.22.255 Mask:255.255.255.0 ...
In our case it was the same we setup when initially configuring network on Ubuntu. Once we have it, we simply issue from the client:
~$ ssh email@example.com firstname.lastname@example.org's password: Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.8-armada-17.02.1-g4271698 aarch64) * Documentation: https://help.ubuntu.com/ Last login: Thu Jan 1 00:00:19 1970 root@localhost:~#
Here we of course insert the password which we have set before using passwd command.
SSH via domain name
If you have configured a static IP for your MACCHIATObin, you can use it and the domain name to connect via SSH. Set the domain name (by default it is set to none) using domainname command, e.g. to mcbin:
and add the IP and that domain name on your laptop/PC by adding in the line to /etc/hosts:
and now you can simply connect by typing:
~$ ssh root@mcbin
Key-based authentication is the most secure of several modes of authentication usable with OpenSSH. Key-based authentication implies two keys, one public key that anyone is allowed to see, and another private key that only the owner is allowed to see. To securely communicate through such a method, one needs to create a key pair, securely store the private key on the computer one wants to log in from, and store the public key on the computer one wants to log in to. Additionally, SSH keys allow authentication betwen two hosts without the need of a password.
On the client (your laptop/PC), first create your public and private SSH keys. If you have not already, create ~/.ssh directory, set permissions for it and generate the key pair (we will name our key pair mcbin):
mkdir ~/.ssh chmod 700 ~/.ssh ssh-keygen -t ed25519 -f ~/.ssh/mcbin
Enter the wanted passphrase (make it a strong one), after which the keys should be generated. Now you should find mcbin.pub public key and mcbin private key in the ~/.ssh directory. Next step is to properly configure the SSH config file. In the ~/.ssh directory modify or create the config file:
~/.ssh$ vim config
and there add the following:
Host x.x.x.x** User your_name Hostname x.x.x.x Port 22 IdentityFile ~/.ssh/generated_pub_key IdentitiesOnly yes PubkeyAuthentication yes
so following our above configuration this would look something like:
Host 192.168.22.1 User root Port 22 Hostname 192.168.22.1 IdentityFile ~/.ssh/mcbin IdentitiesOnly yes PubkeyAuthentication yes
Insert MACCHIATObin's IP address or you can use hostname if you have configured it as mentioned in the previous section.
Now what is left is to copy the public key to the MACCHIATObin (acting as SSH server). From the client issue:
cat ~/.ssh/mcbin.pub | ssh email@example.com "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
On the MACCHIATObin we now need to make necessary changes in /etc/ssh/sshd_config file (uncomment or add):
PubkeyAuthentication yes AuthorizedKeysFile ~/.ssh/authorized_keys PermitRootLogin without-password
and restart the ssh service with:
service ssh restart
From the client, when you try to ssh into MACCHIATObin now, you should be prompted for the passphrase:
~$ ssh firstname.lastname@example.org Enter passphrase for key '/home/akrog/.ssh/mcbin': Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.8-armada-17.02.1-g4271698 aarch64) * Documentation: https://help.ubuntu.com/ Last login: Thu Jan 1 00:54:55 1970 from 192.168.22.37 root@localhost:~#