not able to ssh into embedded linux board
Started by 8 years ago●12 replies●latest reply 8 years ago●3101 viewsHi guys,
I am facing a problem while implementing the SSH connection to my board and I am just one step away from my goal.
Actually the problem statement is as follows:
I have an embedded development board based on AT91SAM9261 microcontroller. The cross compiled openSSH have been installed in the folder /usr/local/bin and /usr/local/etc.
Following is the snapshot
- ~ $ ls -l /usr/local/bin/
- -rwxr-xr-x 1 root root 157786 Feb 23 23:01 scp
- -rwxr-xr-x 1 root root 245720 Feb 24 01:18 sftp
- -rwxr-xr-x 1 root root 3074202 Feb 24 01:20 ssh
- -rwxrwxr-x 1 root root 2392577 Feb 14 2017 ssh-add
- -rwxrwxr-x 1 root root 2290887 Feb 14 2017 ssh-agent
- -rwxrwxr-x 1 root root 2551181 Feb 14 2017 ssh-keygen
- -rwxrwxr-x 1 root root 2404513 Feb 14 2017 ssh-keyscan
- -rwxrwxr-x 1 root root 3250915 Feb 14 2017 sshd
and for /usr/local/etc:
- ~ $ ls -l /usr/local/etc/
- -rw-r--r-- 1 root root 242153 Aug 30 2012 moduli
- -rw-r--r-- 1 root root 1574 Oct 9 2013 ssh_config
- -rw------- 1 root root 668 Feb 25 03:09 ssh_host_dsa_key
- -rw-r--r-- 1 root root 603 Feb 25 03:09 ssh_host_dsa_key.pub
- -rw------- 1 root root 227 Feb 25 03:10 ssh_host_ecdsa_key
- -rw-r--r-- 1 root root 175 Feb 25 03:10 ssh_host_ecdsa_key.pub
- -rw------- 1 root root 672 Feb 25 03:15 ssh_host_ed25519_key
- -rw-r--r-- 1 root root 603 Feb 25 03:15 ssh_host_ed25519_key.pub
- -rw------- 1 root root 1679 Feb 25 03:04 ssh_host_rsa_key
- -rw-r--r-- 1 root root 395 Feb 25 03:04 ssh_host_rsa_key.pub
- -rw-r--r-- 1 root root 3646 Feb 27 07:06 sshd_config
- -rw-r--r-- 1 root root 3646 Feb 27 06:56 sshd_config_ori
Here you can see that I have done almost everything.
when I run ssh on my linux development board I get this :
- ~ $
- ~ $ /usr/local/bin/sshd
- ~ $
- ~ $ ps | grep ssh
- 893 root /usr/local/bin/sshd
- ~ $
- ~ $
this means the SSH is running on my board.
Now the case is that my embedded linux does not have any login screen and open up into the root screen automatically like this after booting the linux:
- rtc-rx8025sa 0-0032: setting system clock to 2022-02-27 19:37:04 UTC (1645990624)
- yaffs: dev is 32505862 name is "mtdblock6"
- yaffs: passed flags ""
- yaffs: Attempting MTD mount on 31.6, "mtdblock6"
- yaffs_read_super: isCheckpointed 0
- VFS: Mounted root (yaffs2 filesystem).
- Freeing init memory: 120K
- running /etc/init.d/rcS
- starting udevd...
- cannot open /dev/null
- eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
- eeprom initial complete
- /opt/apache/bin/apachectl start: httpd (pid 864) already running
- running /etc/profile
- route: SIOC[ADD|DEL]RT: Network is unreachable
- eth0: link down
- ~ $ eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
- ~ $
- ~ $
Now when I try to connect to the linux board from my computer through SSH than it asks for the password for the root of the embedded linux board. But I don't have any and therefore it terminates the SSH session after three trials of password like this.
- piyush@piyush-System-Product-Name:~$ sudo ssh root@192.168.18.32
- root@192.168.18.32's password:
- Permission denied, please try again.
- root@192.168.18.32's password:
- Permission denied, please try again.
- root@192.168.18.32's password:
- Permission denied (publickey,password,keyboard-interactive).
- piyush@piyush-System-Product-Name:~$
so whenever I try to execute the command passwd to create the password I get following error:
- ~ $ passwd root
- /etc/passwd: /etc/passwd: 1: root::0:0:root:/:/bin/sh: not found
- /etc/passwd: /etc/passwd: 2: bin:*:1:1:bin:/bin:: not found
- /etc/passwd: /etc/passwd: 3: daemon:*:2:2:daemon:/sbin:: not found
- /etc/passwd: /etc/passwd: 4: nobody:*:99:99:Nobody:/:: not found
- /etc/passwd: /etc/passwd: 5: sshd:x:74:74:Priviledge-separated: not found
So I want to know that how can I remove this problem for successful SSH connection establishment.
Hello,
I'm suspecting some problem with the /etc/passwd file. So, could you change the root credential line as root::0:0:root:/root:/bin/sh
Also, make sure the shell (/bin/sh) is working fine.
Thanks,
Mani
Dear Mani,
Why you want to change the / to /root in the first line , I don't see any reason for doing this.
Anyway I tried your way , but its still asking for the password.
Also see the second column is empty meaning the root password is empty.
The problem is I am getting into the shell without getting the login page and therefore no password authentication.
So how to tell this to SSH connection as in case of other boards like raspberry pi and BeagleBone Black and others you have to go through the login screen first to the shell main screen.
Hi,
Ideally root users home directory should be /root, that's why I told you to change it.
If you're not getting the login screen, then can you please replace the following line with the one in /etc/inittab
null::respawn:/bin/cttyhack /bin/login root
This allows you to specify the login screen via /bin/login.
So, the flow would be like: /sbin/init -> /bin/cttyhack -> /bin/login -> /bin/sh
After logging into the SBC you can set the password using passwd.
Hope it helps!
Thanks,
Mani
so you mean if I activate the login screen than I would be able to change the passwd for the root.
Also the line:
/etc/passwd: 1: root::0:0:root:/:/bin/sh: not found
would be removed if I created the login screen.
I am posting the inittab file content , please tell me where to make changes for getting the login screen:
- # /etc/inittab init(8) configuration for BusyBox
- #
- # Copyright (C) 1999-2004 by Erik Andersen <andersen@codepoet.org>
- #
- #
- # Note, BusyBox init doesn't support runlevels. The runlevels field is
- # completely ignored by BusyBox init. If you want runlevels, use sysvinit.
- #
- #
- # Format for each entry: <id>:<runlevels>:<action>:<process>
- #
- # <id>: WARNING: This field has a non-traditional meaning for BusyBox init!
- #
- # The id field is used by BusyBox init to specify the controlling tty for
- # the specified process to run on. The contents of this field are
- # appended to "/dev/" and used as-is. There is no need for this field to
- # be unique, although if it isn't you may have strange results. If this
- # field is left blank, it is completely ignored. Also note that if
- # BusyBox detects that a serial console is in use, then all entries
- # containing non-empty id fields will _not_ be run. BusyBox init does
- # nothing with utmp. We don't need no stinkin' utmp.
- #
- # <runlevels>: The runlevels field is completely ignored.
- #
- # <action>: Valid actions include: sysinit, respawn, askfirst, wait, once,
- # restart, ctrlaltdel, and shutdown.
- #
- # Note: askfirst acts just like respawn, but before running the specified
- # process it displays the line "Please press Enter to activate this
- # console." and then waits for the user to press enter before starting
- # the specified process.
- #
- # Note: unrecognised actions (like initdefault) will cause init to emit
- # an error message, and then go along with its business.
- #
- # <process>: Specifies the process to be executed and it's command line.
- #
- # Note: BusyBox init works just fine without an inittab. If no inittab is
- # found, it has the following default behavior:
- # ::sysinit:/etc/init.d/rcS
- # ::askfirst:/bin/sh
- # ::ctrlaltdel:/sbin/reboot
- # ::shutdown:/sbin/swapoff -a
- # ::shutdown:/bin/umount -a -r
- # ::restart:/sbin/init
- #
- # if it detects that /dev/console is _not_ a serial console, it will
- # also run:
- # tty2::askfirst:/bin/sh
- # tty3::askfirst:/bin/sh
- # tty4::askfirst:/bin/sh
- #
- # Boot-time system configuration/initialization script.
- # This is run first except when booting in single-user mode.
- #
- ::sysinit:/etc/init.d/rcS
- # /bin/sh invocations on selected ttys
- #
- # Note below that we prefix the shell commands with a "-" to indicate to the
- # shell that it is supposed to be a login shell. Normally this is handled by
- # login, but since we are bypassing login in this case, BusyBox lets you do
- # this yourself...
- #
- # Start an "askfirst" shell on the console (whatever that may be)
- ::respawn:-/bin/sh
- # Start an "askfirst" shell on /dev/tty2-4
- tty2::askfirst:-/bin/sh
- tty3::askfirst:-/bin/sh
- tty4::askfirst:-/bin/sh
- # /sbin/getty invocations for selected ttys
- #tty4::respawn:/sbin/getty 38400 tty5
- #tty5::respawn:/sbin/getty 38400 tty6
- # Example of how to put a getty on a serial line (for a terminal)
- #::respawn:/sbin/getty -L ttyS0 9600 vt100
- #::respawn:/sbin/getty -L ttyS1 9600 vt100
- #
- # Example how to put a getty on a modem line.
- #::respawn:/sbin/getty 57600 ttyS2
- # Stuff to do when restarting the init process
- ::restart:/sbin/init
- # Stuff to do before rebooting
- ::ctrlaltdel:/sbin/reboot
- ::shutdown:/bin/umount -a -r
- ::shutdown:/sbin/swapoff -a
- /etc $
This is the content of the inittab file in /etc directory.
Is it a good practice to change the inittab like this.
Change line number (65) ::respawn:-/bin/sh
To
null::respawn:/bin/cttyhack /bin/login root
You can modify the RFS according to your need. I guess you've used Busybox for creating the RFS, it's just a skeleton and you can _always_ change it
Create new user with a password. Login ssh with new user. Once ssh connection is ok, login with root.
To make a root login with ssh you have to change the sshd_config file
PermitRootLogin yes
Personally I would start with your .profile. If your variable environment is not set
you will see (not found) until the earth itself dries up. If you could post an echo $PATH here we could at least start at square one. Depending on the initial load of the system variable environment is really bare bones. Then I would jump to /etc/inittab. Usually there is a non declared sub directory missing in most base loads of unix/linux. Which as
unix or linux users we normally expect to be there from user habit.
Hope to see your response.
Thank you very much gillhern, for your kind support to help me out of this trouble.
Actually after following the Mani instruction of this:
null::respawn:/bin/cttyhack /bin/login root
and didn't bother even to check whether there is such file in the /bin directory or not.
and due to which I have ran into more trouble of the system getting stuck into
bummer : /bin/cttyhack : no such file or directory
So I am unable to get into my linux rootspace and trying to bring system to normal by reflashing the kernel and rootfs to the system.
Thereafter I will start this ssh case again.
till than I hope you would wait ..............
thank you all once again.
Hi gillhern,
Now I have my system up and running and the $PATH is as follows:
- ~ $ echo $PATH
- /etc:/opt/apache/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin:/bin:/usr/sbin:/sbin
Also the busybox installed on the system has following utilities installed in it.
- BusyBox v1.4.2 (2007-06-05 10:52:53 CST) multi-call binary
- Copyright (C) 1998-2006 � Erik Andersen, Rob Landley, and others.
- Licensed under GPLv2. � See source distribution for full notice.
- Usage: busybox [function] [arguments]...
- or: [function] [arguments]...
- BusyBox is a multi-call binary that combines many common Unix
- utilities into a single executable. Most people will create a
- link to busybox for each function they wish to use and BusyBox
- will act like whatever it was invoked as!
- Currently defined functions:
- [, [[, adjtimex, ar, arp, arping, ash, awk, basename,
- bunzip2, bzcat, cal, cat, catv, chattr, chgrp, chmod,
- chown, chpst, chroot, chvt, cksum, clear, cmp, comm, cp,
- cpio, crond, crontab, cut, date, dc, dd, deallocvt, devfsd,
- df, dhcprelay, diff, dirname, dmesg, dnsd, dos2unix, dpkg,
- dpkg-deb, du, dumpkmap, dumpleases, echo, ed, egrep, eject,
- env, envdir, envuidgid, ether-wake, expr, fakeidentd,
- false, fbset, fdflush, fdformat, fdisk, fgrep, find, fold,
- free, freeramdisk, fsck, fsck.minix, ftpget, ftpput, fuser,
- getopt, grep, gunzip, gzip, halt, hdparm, head, hexdump,
- hostid, hostname, httpd, hush, hwclock, id, ifconfig,
- ifdown, ifup, inetd, init, insmod, install, ip, ipaddr,
- ipcalc, ipcrm, ipcs, iplink, iproute, iprule, iptunnel,
- kill, killall, killall5, klogd, lash, last, length, less,
- linux32, linux64, linuxrc, ln, loadfont, loadkmap, logger,
- logname, logread, losetup, ls, lsattr, lsmod, lzmacat,
- makedevs, md5sum, mdev, mesg, mkdir, mkfifo, mkfs.minix,
- mknod, mkswap, mktemp, modprobe, more, mount, mountpoint,
- msh, mt, mv, nameif, nc, netstat, nice, nmeter, nohup,
- nslookup, od, openvt, patch, pidof, ping, ping6, pipe_progress,
- pivot_root, poweroff, printenv, printf, ps, pwd, raidautorun,
- rdate, readlink, readprofile, realpath, reboot, renice,
- reset, resize, rm, rmdir, rmmod, route, rpm, rpm2cpio,
- run-parts, runlevel, runsv, runsvdir, rx, sed, seq, setarch,
- setconsole, setkeycodes, setlogcons, setsid, setuidgid,
- sh, sha1sum, sleep, softlimit, sort, start-stop-daemon,
- stat, strings, stty, sum, sv, svlogd, swapoff, swapon,
- switch_root, sync, sysctl, syslogd, tail, tar, taskset,
- tee, telnet, telnetd, test, tftp, time, top, touch, tr,
- traceroute, true, tty, udhcpc, udhcpd, umount, uname,
- uncompress, uniq, unix2dos, unlzma, unzip, uptime, usleep,
- uudecode, uuencode, vconfig, vi, watch, watchdog, wc,
- wget, which, who, whoami, xargs, yes, zcat, zcip
So now tell me that how can I created the user root or what should I do in order to make the ssh work in my system.
Two things of note, I wanted to clarify, are you remote accessing through windows or linux. And most boards with Linux do not come with a password set on them.
You may not have authentication allowed, you can try this:
edit the sshd_config file in /usr/local/etc/sshd_config
:
Add a line in the Authentication section of the file that says PermitRootLogin yes
. This line may already exist and be commented out with a "#". In this case, remove the "#".
restart the sshd
if this doesnt work it's on to step three debugging login.
Dear Gillhern,
I commented out the # from PermitRootLogin yes and here is the output of the sshd_config file:
- /usr/local/etc $ cat sshd_config
- # $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
- # This is the sshd server system-wide configuration file. See
- # sshd_config(5) for more information.
- # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
- # The strategy used for options in the default sshd_config shipped with
- # OpenSSH is to specify options with their default value where
- # possible, but leave them commented. Uncommented options override the
- # default value.
- #Port 22
- #AddressFamily any
- #ListenAddress 0.0.0.0
- #ListenAddress ::
- # The default requires explicit activation of protocol 1
- #Protocol 2
- # HostKey for protocol version 1
- #HostKey /etc/ssh/ssh_host_key
- # HostKeys for protocol version 2
- #HostKey /etc/ssh/ssh_host_rsa_key
- #HostKey /etc/ssh/ssh_host_dsa_key
- #HostKey /etc/ssh/ssh_host_ecdsa_key
- #HostKey /etc/ssh/ssh_host_ed25519_key
- # Lifetime and size of ephemeral version 1 server key
- #KeyRegenerationInterval 1h
- #ServerKeyBits 1024
- # Ciphers and keying
- #RekeyLimit default none
- # Logging
- # obsoletes QuietMode and FascistLogging
- #SyslogFacility AUTH
- #LogLevel INFO
- # Authentication:
- #LoginGraceTime 2m
- PermitRootLogin yes
- #StrictModes yes
- #MaxAuthTries 6
- #MaxSessions 10
- #RSAAuthentication yes
- #PubkeyAuthentication yes
- # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
- # but this is overridden so installations will only check .ssh/authorized_keys
- AuthorizedKeysFile .ssh/authorized_keys
- #AuthorizedPrincipalsFile none
- #AuthorizedKeysCommand none
- #AuthorizedKeysCommandUser nobody
- # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
- #RhostsRSAAuthentication no
- # similar for protocol version 2
- #HostbasedAuthentication no
- # Change to yes if you don't trust ~/.ssh/known_hosts for
- # RhostsRSAAuthentication and HostbasedAuthentication
- #IgnoreUserKnownHosts no
- # Don't read the user's ~/.rhosts and ~/.shosts files
- #IgnoreRhosts yes
- # To disable tunneled clear text passwords, change to no here!
- #PasswordAuthentication yes
- #PermitEmptyPasswords no
- # Change to no to disable s/key passwords
- #ChallengeResponseAuthentication yes
- # Kerberos options
- #KerberosAuthentication no
- #KerberosOrLocalPasswd yes
- #KerberosTicketCleanup yes
- #KerberosGetAFSToken no
- # GSSAPI options
- #GSSAPIAuthentication no
- #GSSAPICleanupCredentials yes
- # Set this to 'yes' to enable PAM authentication, account processing,
- # and session processing. If this is enabled, PAM authentication will
- # be allowed through the ChallengeResponseAuthentication and
- # PasswordAuthentication. Depending on your PAM configuration,
- # PAM authentication via ChallengeResponseAuthentication may bypass
- # the setting of "PermitRootLogin without-password".
- # If you just want the PAM account and session checks to run without
- # PAM authentication, then enable this but set PasswordAuthentication
- # and ChallengeResponseAuthentication to 'no'.
- #UsePAM no
- #AllowAgentForwarding yes
- #AllowTcpForwarding yes
- #GatewayPorts no
- #X11Forwarding no
- #X11DisplayOffset 10
- #X11UseLocalhost yes
- #PermitTTY yes
- #PrintMotd yes
- #PrintLastLog yes
- #TCPKeepAlive yes
- #UseLogin no
- UsePrivilegeSeparation sandbox # Default for new installations.
- #PermitUserEnvironment no
- #Compression delayed
- #ClientAliveInterval 0
- #ClientAliveCountMax 3
- #UseDNS yes
- #PidFile /var/run/sshd.pid
- #MaxStartups 10:30:100
- #PermitTunnel no
- #ChrootDirectory none
- #VersionAddendum none
- # no default banner path
- #Banner none
- # override default of no subsystems
- Subsystem sftp /usr/libexec/sftp-server
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
- # AllowTcpForwarding no
- # PermitTTY no
- # ForceCommand cvs server
sshd_config_file_ouput_embest.txt
Now I am getting this output on the console when try to access the development board through ssh:
My Computer IP address is 192.168.18.31 and board IP address is 192.168.18.32
Output is as follows:
- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
- @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
- IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
- Someone could be eavesdropping on you right now (man-in-the-middle attack)!
- It is also possible that a host key has just been changed.
- The fingerprint for the ECDSA key sent by the remote host is
- SHA256:1EHX9gmLacWgnNz0vrTN6Qi8r4Sngj/yO9MeJrOKoA8.
- Please contact your system administrator.
- Add correct host key in /root/.ssh/known_hosts to get rid of this message.
- Offending ECDSA key in /root/.ssh/known_hosts:2
- remove with:
- ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.18.32
- ECDSA host key for 192.168.18.32 has changed and you have requested strict checking.
- Host key verification failed.
Also I browsed over the internet to get some solution for it and according to the posts by some people I checked out the known_hosts file which is not present on my board as it is giving the following error:
- ssh-keygen: /.ssh/known_hosts: No such file or directory
But there is a .ssh folder on my PC Computer which is in home folder.
Dear Gillhern,
I removed this problem:
- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
- @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
- IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
- Someone could be eavesdropping on you right now (man-in-the-middle attack)!
- It is also possible that a host key has just been changed.
- The fingerprint for the ECDSA key sent by the remote host is
- SHA256:1EHX9gmLacWgnNz0vrTN6Qi8r4Sngj/yO9MeJrOKoA8.
- Please contact your system administrator.
- Add correct host key in /root/.ssh/known_hosts to get rid of this message.
- Offending ECDSA key in /root/.ssh/known_hosts:2
- remove with:
- ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.18.32
- ECDSA host key for 192.168.18.32 has changed and you have requested strict checking.
- Host key verification failed.
by running command :
- ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.18.32
on my system and now when I did the
$ ssh root@192.168.18.32
I got a message with options yes/no and I typed "yes" and get to the password scree:
root@192.168.18.32's password:
and after three trials time out happened , so now what should I do gillhern.
I also urge other members of this forum to entertain this issue so that I would be able to resolve this issue in quickest time, if anybody else might have faced this sort of problem.
regards