Hi guys,

I am facing a problem while implementing the SSH connection to my board and I am just one step away from my goal.

Actually the problem statement is as follows:

I have an embedded development board based on AT91SAM9261 microcontroller. The cross compiled openSSH have been installed in the folder /usr/local/bin and /usr/local/etc.

Following is the snapshot

1. ~ $ ls -l /usr/local/bin/
2. -rwxr-xr-x    1 root     root       157786 Feb 23 23:01 scp
3. -rwxr-xr-x    1 root     root       245720 Feb 24 01:18 sftp
4. -rwxr-xr-x    1 root     root      3074202 Feb 24 01:20 ssh
5. -rwxrwxr-x    1 root     root      2392577 Feb 14  2017 ssh-add
6. -rwxrwxr-x    1 root     root      2290887 Feb 14  2017 ssh-agent
7. -rwxrwxr-x    1 root     root      2551181 Feb 14  2017 ssh-keygen
8. -rwxrwxr-x    1 root     root      2404513 Feb 14  2017 ssh-keyscan
9. -rwxrwxr-x    1 root     root      3250915 Feb 14  2017 sshd

and for /usr/local/etc:

1. ~ $ ls -l /usr/local/etc/
2. -rw-r--r--    1 root     root       242153 Aug 30  2012 moduli
3. -rw-r--r--    1 root     root         1574 Oct  9  2013 ssh_config
4. -rw-------    1 root     root          668 Feb 25 03:09 ssh_host_dsa_key
5. -rw-r--r--    1 root     root          603 Feb 25 03:09 ssh_host_dsa_key.pub
6. -rw-------    1 root     root          227 Feb 25 03:10 ssh_host_ecdsa_key
7. -rw-r--r--    1 root     root          175 Feb 25 03:10 ssh_host_ecdsa_key.pub
8. -rw-------    1 root     root          672 Feb 25 03:15 ssh_host_ed25519_key
9. -rw-r--r--    1 root     root          603 Feb 25 03:15 ssh_host_ed25519_key.pub
10. -rw-------    1 root     root         1679 Feb 25 03:04 ssh_host_rsa_key
11. -rw-r--r--    1 root     root          395 Feb 25 03:04 ssh_host_rsa_key.pub
12. -rw-r--r--    1 root     root         3646 Feb 27 07:06 sshd_config
13. -rw-r--r--    1 root     root         3646 Feb 27 06:56 sshd_config_ori

Here you can see that I have done almost everything.

when I run ssh on my linux development board I get this :

1. ~ $ 
2. ~ $ /usr/local/bin/sshd
3. ~ $ 
4. ~ $ ps | grep ssh
5.   893 root     /usr/local/bin/sshd 
6. ~ $ 
7. ~ $ 

this means the SSH is running on my board.

Now the case is that my embedded linux does not have any login screen and open up into the root screen automatically like this after booting the linux:

1. rtc-rx8025sa 0-0032: setting system clock to 2022-02-27 19:37:04 UTC (1645990624)
2. yaffs: dev is 32505862 name is "mtdblock6"
3. yaffs: passed flags ""
4. yaffs: Attempting MTD mount on 31.6, "mtdblock6"
5. yaffs_read_super: isCheckpointed 0
6. VFS: Mounted root (yaffs2 filesystem).
7. Freeing init memory: 120K
8. running /etc/init.d/rcS
9. starting udevd...
10. cannot open /dev/null
11. eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
12. eeprom initial complete
13. /opt/apache/bin/apachectl start: httpd (pid 864) already running
14. running /etc/profile
15. route: SIOC[ADD|DEL]RT: Network is unreachable
16. eth0: link down
17. ~ $ eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
18. ~ $ 
19. ~ $ 

Now when I try to connect to the linux board from my computer through SSH than it asks for the password for the root of the embedded linux board. But I don't have any and therefore it terminates the SSH session after three trials of password like this.

1. piyush@piyush-System-Product-Name:~$ sudo ssh root@192.168.18.32
2. root@192.168.18.32's password: 
3. Permission denied, please try again.
4. root@192.168.18.32's password: 
5. Permission denied, please try again.
6. root@192.168.18.32's password: 
7. Permission denied (publickey,password,keyboard-interactive).
8. piyush@piyush-System-Product-Name:~$ 

so whenever I try to execute the command passwd to create the password I get following error:

1. ~ $ passwd root
2. /etc/passwd: /etc/passwd: 1: root::0:0:root:/:/bin/sh: not found
3. /etc/passwd: /etc/passwd: 2: bin:*:1:1:bin:/bin:: not found
4. /etc/passwd: /etc/passwd: 3: daemon:*:2:2:daemon:/sbin:: not found
5. /etc/passwd: /etc/passwd: 4: nobody:*:99:99:Nobody:/:: not found
6. /etc/passwd: /etc/passwd: 5: sshd:x:74:74:Priviledge-separated: not found

So I want to know that how can I remove this problem for successful SSH connection establishment.

Hello,

I'm suspecting some problem with the /etc/passwd file. So, could you change the root credential line as root::0:0:root:/root:/bin/sh

Also, make sure the shell (/bin/sh) is working fine.

Thanks,

Mani 

Dear Mani,

Why you want to change the / to /root in the first line , I don't see any reason for doing this.

Anyway I tried your way , but its still asking for the password.

Also see the second column is empty meaning the root password is empty.

The problem is I am getting into the shell without getting the login page and therefore no password authentication.

So how to tell this to SSH connection as in case of other boards like raspberry pi and BeagleBone Black and others you have to go through the login screen first to the shell main screen.

Hi,

Ideally root users home directory should be /root, that's why I told you to change it.

If you're not getting the login screen, then can you please replace the following line with the one in /etc/inittab

null::respawn:/bin/cttyhack /bin/login root

This allows you to specify the login screen via /bin/login.

So, the flow would be like: /sbin/init -> /bin/cttyhack -> /bin/login -> /bin/sh

After logging into the SBC you can set the password using passwd.

Hope it helps!

Thanks,

Mani

so you mean if I activate the login screen than I would be able to change the passwd for the root.

Also the line:

/etc/passwd: 1: root::0:0:root:/:/bin/sh: not found

would be removed if I created the login screen.

I am posting the inittab file content , please tell me where to make changes for getting the login screen:

1. # /etc/inittab init(8) configuration for BusyBox
2. #
3. # Copyright (C) 1999-2004 by Erik Andersen <andersen@codepoet.org>
4. #
5. #
6. # Note, BusyBox init doesn't support runlevels.  The runlevels field is
7. # completely ignored by BusyBox init. If you want runlevels, use sysvinit.
8. #
9. #
10. # Format for each entry: <id>:<runlevels>:<action>:<process>
11. #
12. # <id>: WARNING: This field has a non-traditional meaning for BusyBox init!
13. #
14. #       The id field is used by BusyBox init to specify the controlling tty for
15. #       the specified process to run on.  The contents of this field are
16. #       appended to "/dev/" and used as-is.  There is no need for this field to
17. #       be unique, although if it isn't you may have strange results.  If this
18. #       field is left blank, it is completely ignored.  Also note that if
19. #       BusyBox detects that a serial console is in use, then all entries
20. #       containing non-empty id fields will _not_ be run.  BusyBox init does
21. #       nothing with utmp.  We don't need no stinkin' utmp.
22. #
23. # <runlevels>: The runlevels field is completely ignored.
24. #
25. # <action>: Valid actions include: sysinit, respawn, askfirst, wait, once,
26. #                                  restart, ctrlaltdel, and shutdown.
27. #
28. #       Note: askfirst acts just like respawn, but before running the specified
29. #       process it displays the line "Please press Enter to activate this
30. #       console." and then waits for the user to press enter before starting
31. #       the specified process.
32. #
33. #       Note: unrecognised actions (like initdefault) will cause init to emit
34. #       an error message, and then go along with its business.
35. #
36. # <process>: Specifies the process to be executed and it's command line.
37. #
38. # Note: BusyBox init works just fine without an inittab. If no inittab is
39. # found, it has the following default behavior:
40. #         ::sysinit:/etc/init.d/rcS
41. #         ::askfirst:/bin/sh
42. #         ::ctrlaltdel:/sbin/reboot
43. #         ::shutdown:/sbin/swapoff -a
44. #         ::shutdown:/bin/umount -a -r
45. #         ::restart:/sbin/init
46. #
47. # if it detects that /dev/console is _not_ a serial console, it will
48. # also run:
49. #         tty2::askfirst:/bin/sh
50. #         tty3::askfirst:/bin/sh
51. #         tty4::askfirst:/bin/sh
52. #
53. # Boot-time system configuration/initialization script.
54. # This is run first except when booting in single-user mode.
55. #
56. ::sysinit:/etc/init.d/rcS
57. # /bin/sh invocations on selected ttys
58. #
59. # Note below that we prefix the shell commands with a "-" to indicate to the
60. # shell that it is supposed to be a login shell.  Normally this is handled by
61. # login, but since we are bypassing login in this case, BusyBox lets you do
62. # this yourself...
63. #
64. # Start an "askfirst" shell on the console (whatever that may be)
65. ::respawn:-/bin/sh
66. # Start an "askfirst" shell on /dev/tty2-4
67. tty2::askfirst:-/bin/sh
68. tty3::askfirst:-/bin/sh
69. tty4::askfirst:-/bin/sh
70. # /sbin/getty invocations for selected ttys
71. #tty4::respawn:/sbin/getty 38400 tty5
72. #tty5::respawn:/sbin/getty 38400 tty6
73. # Example of how to put a getty on a serial line (for a terminal)
74. #::respawn:/sbin/getty -L ttyS0 9600 vt100
75. #::respawn:/sbin/getty -L ttyS1 9600 vt100
76. #
77. # Example how to put a getty on a modem line.
78. #::respawn:/sbin/getty 57600 ttyS2
79. # Stuff to do when restarting the init process
80. ::restart:/sbin/init
81. # Stuff to do before rebooting
82. ::ctrlaltdel:/sbin/reboot
83. ::shutdown:/bin/umount -a -r
84. ::shutdown:/sbin/swapoff -a
85. /etc $ 

This is the content of the inittab file in /etc directory.

Is it a good practice to change the inittab like this.

Change line number (65) ::respawn:-/bin/sh

To

null::respawn:/bin/cttyhack /bin/login root

You can modify the RFS according to your need. I guess you've used Busybox for creating the RFS, it's just a skeleton and you can _always_ change it

Create new user with a password. Login ssh with new user. Once ssh connection is ok, login with root.

To make a root login with ssh you have to change the sshd_config file

PermitRootLogin yes

Personally I would start with your .profile. If your variable environment is not set

you will see (not found) until the earth itself dries up. If you could post an echo $PATH here we could at least start at square one. Depending on the initial load of the system variable environment is really bare bones. Then I would jump to /etc/inittab. Usually there is a non declared sub directory missing in most base loads of unix/linux. Which as

unix or linux users we normally expect to be there from user habit.

Hope to see your response.

Thank you very much gillhern, for your kind support to help me out of this trouble.

Actually after following the Mani instruction of this:

null::respawn:/bin/cttyhack /bin/login root

and didn't bother even to check whether there is such file in the /bin directory or not.

and due to which I have ran into more trouble of the system getting stuck into 

bummer : /bin/cttyhack : no such file or directory

So I am unable to get into my linux rootspace and trying to bring system to normal by reflashing the kernel and rootfs to the system.

Thereafter I will start this ssh case again.

till than I hope you would wait ..............

thank you all once again.

Hi gillhern,

Now I have my system up and running and the $PATH is as follows:

1. ~ $ echo $PATH
2. /etc:/opt/apache/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin:/bin:/usr/sbin:/sbin

Also the busybox installed on the system has following utilities installed in it.

1. BusyBox v1.4.2 (2007-06-05 10:52:53 CST) multi-call binary
2. Copyright (C) 1998-2006 � Erik Andersen, Rob Landley, and others.
3. Licensed under GPLv2. � See source distribution for full notice.
4. Usage: busybox [function] [arguments]...
5.    or: [function] [arguments]...
6.         BusyBox is a multi-call binary that combines many common Unix
7.         utilities into a single executable.  Most people will create a
8.         link to busybox for each function they wish to use and BusyBox
9.         will act like whatever it was invoked as!
10. Currently defined functions:
11.         [, [[, adjtimex, ar, arp, arping, ash, awk, basename,
12.         bunzip2, bzcat, cal, cat, catv, chattr, chgrp, chmod,
13.         chown, chpst, chroot, chvt, cksum, clear, cmp, comm, cp,
14.         cpio, crond, crontab, cut, date, dc, dd, deallocvt, devfsd,
15.         df, dhcprelay, diff, dirname, dmesg, dnsd, dos2unix, dpkg,
16.         dpkg-deb, du, dumpkmap, dumpleases, echo, ed, egrep, eject,
17.         env, envdir, envuidgid, ether-wake, expr, fakeidentd,
18.         false, fbset, fdflush, fdformat, fdisk, fgrep, find, fold,
19.         free, freeramdisk, fsck, fsck.minix, ftpget, ftpput, fuser,
20.         getopt, grep, gunzip, gzip, halt, hdparm, head, hexdump,
21.         hostid, hostname, httpd, hush, hwclock, id, ifconfig,
22.         ifdown, ifup, inetd, init, insmod, install, ip, ipaddr,
23.         ipcalc, ipcrm, ipcs, iplink, iproute, iprule, iptunnel,
24.         kill, killall, killall5, klogd, lash, last, length, less,
25.         linux32, linux64, linuxrc, ln, loadfont, loadkmap, logger,
26.         logname, logread, losetup, ls, lsattr, lsmod, lzmacat,
27.         makedevs, md5sum, mdev, mesg, mkdir, mkfifo, mkfs.minix,
28.         mknod, mkswap, mktemp, modprobe, more, mount, mountpoint,
29.         msh, mt, mv, nameif, nc, netstat, nice, nmeter, nohup,
30.         nslookup, od, openvt, patch, pidof, ping, ping6, pipe_progress,
31.         pivot_root, poweroff, printenv, printf, ps, pwd, raidautorun,
32.         rdate, readlink, readprofile, realpath, reboot, renice,
33.         reset, resize, rm, rmdir, rmmod, route, rpm, rpm2cpio,
34.         run-parts, runlevel, runsv, runsvdir, rx, sed, seq, setarch,
35.         setconsole, setkeycodes, setlogcons, setsid, setuidgid,
36.         sh, sha1sum, sleep, softlimit, sort, start-stop-daemon,
37.         stat, strings, stty, sum, sv, svlogd, swapoff, swapon,
38.         switch_root, sync, sysctl, syslogd, tail, tar, taskset,
39.         tee, telnet, telnetd, test, tftp, time, top, touch, tr,
40.         traceroute, true, tty, udhcpc, udhcpd, umount, uname,
41.         uncompress, uniq, unix2dos, unlzma, unzip, uptime, usleep,
42.         uudecode, uuencode, vconfig, vi, watch, watchdog, wc,
43.         wget, which, who, whoami, xargs, yes, zcat, zcip

So now tell me that how can I created the user root or what should I do in order to make the ssh work in my system.

Two things of note, I wanted to clarify, are you remote accessing through windows or linux.   And most boards with Linux do not come with a password set on them.  

You may not have authentication allowed, you can try this:

edit the sshd_config file in /usr/local/etc/sshd_config:

Add a line in the Authentication section of the file that says PermitRootLogin yes. This line may already exist and be commented out with a "#". In this case, remove the "#".

restart the sshd

if this doesnt work it's on to step three debugging login.

Dear Gillhern,

I commented out the # from PermitRootLogin yes and here is the output of the sshd_config file:

1. /usr/local/etc $ cat sshd_config
2. #       $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
3. # This is the sshd server system-wide configuration file.  See
4. # sshd_config(5) for more information.
5. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
6. # The strategy used for options in the default sshd_config shipped with
7. # OpenSSH is to specify options with their default value where
8. # possible, but leave them commented.  Uncommented options override the
9. # default value.
10. #Port 22
11. #AddressFamily any
12. #ListenAddress 0.0.0.0
13. #ListenAddress ::
14. # The default requires explicit activation of protocol 1
15. #Protocol 2
16. # HostKey for protocol version 1
17. #HostKey /etc/ssh/ssh_host_key
18. # HostKeys for protocol version 2
19. #HostKey /etc/ssh/ssh_host_rsa_key
20. #HostKey /etc/ssh/ssh_host_dsa_key
21. #HostKey /etc/ssh/ssh_host_ecdsa_key
22. #HostKey /etc/ssh/ssh_host_ed25519_key
23. # Lifetime and size of ephemeral version 1 server key
24. #KeyRegenerationInterval 1h
25. #ServerKeyBits 1024
26. # Ciphers and keying
27. #RekeyLimit default none
28. # Logging
29. # obsoletes QuietMode and FascistLogging
30. #SyslogFacility AUTH
31. #LogLevel INFO
32. # Authentication:
33. #LoginGraceTime 2m
34. PermitRootLogin yes
35. #StrictModes yes
36. #MaxAuthTries 6
37. #MaxSessions 10
38. #RSAAuthentication yes
39. #PubkeyAuthentication yes
40. # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
41. # but this is overridden so installations will only check .ssh/authorized_keys
42. AuthorizedKeysFile      .ssh/authorized_keys
43. #AuthorizedPrincipalsFile none
44. #AuthorizedKeysCommand none
45. #AuthorizedKeysCommandUser nobody
46. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
47. #RhostsRSAAuthentication no
48. # similar for protocol version 2
49. #HostbasedAuthentication no
50. # Change to yes if you don't trust ~/.ssh/known_hosts for
51. # RhostsRSAAuthentication and HostbasedAuthentication
52. #IgnoreUserKnownHosts no
53. # Don't read the user's ~/.rhosts and ~/.shosts files
54. #IgnoreRhosts yes
55. # To disable tunneled clear text passwords, change to no here!
56. #PasswordAuthentication yes
57. #PermitEmptyPasswords no
58. # Change to no to disable s/key passwords
59. #ChallengeResponseAuthentication yes
60. # Kerberos options
61. #KerberosAuthentication no
62. #KerberosOrLocalPasswd yes
63. #KerberosTicketCleanup yes
64. #KerberosGetAFSToken no
65. # GSSAPI options
66. #GSSAPIAuthentication no
67. #GSSAPICleanupCredentials yes
68. # Set this to 'yes' to enable PAM authentication, account processing,
69. # and session processing. If this is enabled, PAM authentication will
70. # be allowed through the ChallengeResponseAuthentication and
71. # PasswordAuthentication.  Depending on your PAM configuration,
72. # PAM authentication via ChallengeResponseAuthentication may bypass
73. # the setting of "PermitRootLogin without-password".
74. # If you just want the PAM account and session checks to run without
75. # PAM authentication, then enable this but set PasswordAuthentication
76. # and ChallengeResponseAuthentication to 'no'.
77. #UsePAM no
78. #AllowAgentForwarding yes
79. #AllowTcpForwarding yes
80. #GatewayPorts no
81. #X11Forwarding no
82. #X11DisplayOffset 10
83. #X11UseLocalhost yes
84. #PermitTTY yes
85. #PrintMotd yes
86. #PrintLastLog yes
87. #TCPKeepAlive yes
88. #UseLogin no
89. UsePrivilegeSeparation sandbox          # Default for new installations.
90. #PermitUserEnvironment no
91. #Compression delayed
92. #ClientAliveInterval 0
93. #ClientAliveCountMax 3
94. #UseDNS yes
95. #PidFile /var/run/sshd.pid
96. #MaxStartups 10:30:100
97. #PermitTunnel no
98. #ChrootDirectory none
99. #VersionAddendum none
100. # no default banner path
101. #Banner none
102. # override default of no subsystems
103. Subsystem       sftp    /usr/libexec/sftp-server
104. # Example of overriding settings on a per-user basis
105. #Match User anoncvs
106. #       X11Forwarding no
107. #       AllowTcpForwarding no
108. #       PermitTTY no
109. #       ForceCommand cvs server

sshd_config_file_ouput_embest.txt

Now I am getting this output on the console when try to access the development board through ssh:

My Computer IP address is 192.168.18.31 and board IP address is 192.168.18.32

Output is as follows:

1. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2. @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
3. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
4. IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
5. Someone could be eavesdropping on you right now (man-in-the-middle attack)!
6. It is also possible that a host key has just been changed.
7. The fingerprint for the ECDSA key sent by the remote host is
8. SHA256:1EHX9gmLacWgnNz0vrTN6Qi8r4Sngj/yO9MeJrOKoA8.
9. Please contact your system administrator.
10. Add correct host key in /root/.ssh/known_hosts to get rid of this message.
11. Offending ECDSA key in /root/.ssh/known_hosts:2
12.   remove with:
13.   ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.18.32
14. ECDSA host key for 192.168.18.32 has changed and you have requested strict checking.
15. Host key verification failed.

Also I browsed over the internet to get some solution for it and according to the posts by some people I checked out the known_hosts file which is not present on my board as it is giving the following error:

1. ssh-keygen: /.ssh/known_hosts: No such file or directory

But there is a .ssh folder on my PC Computer which is in home folder.

Dear Gillhern,

I removed this problem:

1. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2. @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
3. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
4. IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
5. Someone could be eavesdropping on you right now (man-in-the-middle attack)!
6. It is also possible that a host key has just been changed.
7. The fingerprint for the ECDSA key sent by the remote host is
8. SHA256:1EHX9gmLacWgnNz0vrTN6Qi8r4Sngj/yO9MeJrOKoA8.
9. Please contact your system administrator.
10. Add correct host key in /root/.ssh/known_hosts to get rid of this message.
11. Offending ECDSA key in /root/.ssh/known_hosts:2
12.   remove with:
13.   ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.18.32
14. ECDSA host key for 192.168.18.32 has changed and you have requested strict checking.
15. Host key verification failed.

by running command :

1. ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.18.32

on my system and now when I did the 

$ ssh root@192.168.18.32

I got a message with options yes/no and I typed "yes" and get to the password scree:

root@192.168.18.32's password:

and after three trials time out happened , so now what should I do gillhern.

I also urge other members of this forum to entertain this issue so that I would be able to resolve this issue in quickest time, if anybody else might have faced this sort of problem.

regards