IoT Bytes

Bits and Bytes of IoT

Configure SSH Server on Tiny Core Linux using openSSH

Pradeep Singh | 18th Aug 2017

ssh_icon

 

Tiny Core (Core) Linux doesn’t come with any default SSH Server, which means you can’t do ssh login if you wish to configure this incredibly sim operating system remotely. If you wish to run Tiny Core on a headless machine and want to configure it remotely over ssh login session, follow this article to configure SSH Server on Tiny Core –

PART – A: Install and Configure SSH

1. Install OpenSSH Package:

Install OpenSSH package using the following command –

tce-load -wi openssh

2. Create SSH Config from Template:

Copy the example configuration file into the ssh_config file using the following commands –

cd /usr/local/etc/ssh/
sudo cp ssh_config.example ssh_config

3. Start the SSH Service:

Start the SSH service using the following command –

sudo /usr/local/etc/init.d/openssh start

4. Change the “tc” User Password:

Change the Password for default “tc” user, so that you can enter this password on ssh user/password prompt. Use the following command to change the password –

passwd

Note: If you want to change the Root Password, you can switch to root using “sudo su” and then use the “passwd” command to change the root password.

5. Check the IP Address:

To ssh into your Tiny Core Machine you need the IP Address assigned to it. You can get hold of IP Address using the following command

ifconfig

I am assuming you are using DHCP server. In case you aren’t, follow this article to assign static IP to your Tiny Core machine – Assign Persistent Static IP Address to Tiny Core Linux

6. Verify SSH Service:

You can grep the “sshd” (ps | grep ssh) process or you can check if your machine is listening on port 22 using the following command –

sudo netstat -anp | grep 22
tc@box:~$ ps | grep ssh
  861 root     /usr/local/sbin/sshd
  868 root     sshd: tc@pts/0
  930 tc       grep ssh
tc@box:~$ 
tc@box:~$ sudo netstat -anp | grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      861/sshd
netstat: /proc/net/tcp6: No such file or directory
netstat: /proc/net/udp6: No such file or directory
netstat: /proc/net/raw6: No such file or directory
tc@box:~$ 

7. SHH from a Client Machine:

From Linux client machine you can use ssh tc@IP_Address” command to login to your Tiny Core instance. On windows machines, you can use something like putty client for SSH login.


PART – B: Make the SSH Config Persistent:

As Tiny Core Linux runs into the system memory (RAM), it looses all the configuration changes if the system reboots. To make the configuration persistent you may follow these steps –

1. Edit the ‘.filetool.lst‘ File:

The text file “/opt/.filetool.lst” lists files and directories to be backed up at power down (manually using ‘filetool.sh -b’ command) and restored (automatically) after reboot. Add Ssh and Password shadow files paths to this file using following 2 commands –

sudo echo '/usr/local/etc/ssh' >> /opt/.filetool.lst 
sudo echo '/etc/shadow' >> /opt/.filetool.lst

Following is the console output for the same, along with the “cat” command output to display the final contents of the “.filetool.lst” file –

tc@box:~$ cat /opt/.filetool.lst
opt
home
/etc/shadow
/usr/local/etc/ssh
tc@box:~$ 

2. Backup Config Files Defined in ‘.filetool.lst‘ File:

Tiny Core includes the ‘filetool‘ utility for saving personal settings and data using the paths defined in ‘/opt/.filetool.lst’. You can trigger the backup using the following command –

filetool.sh -b

Following is the console output for this command –

tc@box:~$ filetool.sh -b
Backing up files to /mnt/sda1/tce/mydata.tgztc@box:~$ 
tc@box:~$ 

3. Edit the Startup File:

To load a library or execute a command every time the computer boots up,  you need to add it into the ‘/opt/bootlocal.sh‘ file. Execute the following command to start the Ssh service automatically after system reboot –

sudo echo '/usr/local/etc/init.d/openssh start &' >> /opt/bootlocal.sh

backup the configuration using the following command –

filetool.sh -b

Following is the console output for the same, along with the “cat” command output to display the final contents of the “bootlocal.sh” file –

tc@box:~$ echo '/usr/local/etc/init.d/openssh start &' >> /opt/bootlocal.sh
tc@box:~$ 
tc@box:~$ cat /opt/bootlocal.sh 
#!/bin/sh
# put other system startup commands here
/usr/local/etc/init.d/openssh start &
tc@box:~$ 

With this, you are ready to reboot the system to test if the SSH still works. If you want you may reboot the system using “sudo reboot” command.


PART – C: Configure SSH to Login without Passwords:

1. Create SSH Keys on the Client Machine:

On the Linux client machine shell, use “ssh-keygen -t rsa” command to generate the SSH RSA Certificate File.

PRADEESI-M-91HZ:~ pradeesi$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/pradeesi/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/pradeesi/.ssh/id_rsa.
Your public key has been saved in /Users/pradeesi/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/0aIulyfS/5PRADEESI-M-91HZ
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|       . .       |
|      o = .      |
|     . o =       |
| . .  ..S. .     |
+----[SHA256]-----+
PRADEESI-M-91HZ:~ pradeesi$ 

Make a note of Public Key name and the path from this console output (For example, my Key’s name and the location is mentioned in this line – “Your public key has been saved in /Users/pradeesi/.ssh/id_rsa.pub.”). You will need it in next step.

2. Upload the Public Key from Client Machine to SSH Server:

From the Linux client machine, you can use sftp command to upload the ssh keys onto the Tiny Core machine (On Windows machine, you can use some tool like FileZilla) –

sftp tc@IP_ADDRESS
put <file name>

Use “tc” user’s password for authentication.

PRADEESI-M-91HZ:.ssh pradeesi$ pwd
/Users/pradeesi/.ssh
PRADEESI-M-91HZ:.ssh pradeesi$ ls
id_rsa id_rsa.pub known_hosts
PRADEESI-M-91HZ:.ssh pradeesi$ 
PRADEESI-M-91HZ:.ssh pradeesi$ sftp tc@192.168.101.108
tc@192.168.101.108's password: 
Connected to 192.168.101.108.
sftp> put id_rsa.pub
Uploading id_rsa.pub to /home/tc/id_rsa.pub
id_rsa.pub                                    100%  406     0.4KB/s   00:00    
sftp> 

3. Move and Rename the Client Public Key on SSH Server:

On MicroCore / Tiny Core machine, move the uploaded ssh keys from the home directory to “.ssh” directory (you may need to create .ssh directory using “mkdir .ssh” command) and rename the key file as “authorized_keys” –

tc@box:~$ pwd
/home/tc
tc@box:~$ ls
id_rsa.pub  ssh_config
tc@box:~$ mkdir .ssh
tc@box:~$ cp id_rsa.pub .ssh/authorized_keys
tc@box:~$ ls .ssh/
authorized_keys
tc@box:~$ 

4. Make the Certificate File Persistent:

Without making the configuration persistent, you will lose all the configuration changes made during the runtime, if the TinyCore machine reboots. Use following commands to make the config persistent –

sudo echo '/home/tc/.ssh/' >> /opt/.filetool.lst
filetool.sh -b

Following is the console output of “.filetool.lst” file –

tc@box:~$ cat /opt/.filetool.lst 
opt
home
/etc/shadow
/usr/local/etc/ssh
/home/tc/.ssh/
tc@box:~$ 

5. Test Password-less SSH Login:

With this, you should be able to login to your Tiny Core instance without password –

PRADEESI-M-91HZ:.ssh pradeesi$ ssh tc@192.168.101.108
   ( '>')
  /) TC (\   Core is distributed with ABSOLUTELY NO WARRANTY.
 (/-_--_-\)           www.tinycorelinux.net
tc@box:~$ 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: