-
Notifications
You must be signed in to change notification settings - Fork 47
SSH
SSH can be used to remotely log in to the device. If you're familiar with Linux, you'll find the command line offered by thingOS suitable for tweaking the OS, debugging or simply exploring the internals.
If your laptop runs Windows, there's an SSH client called Putty that you may use to connect remotely to your thingOS device.
Another possibly interesting use case is using the SSH client from the thingOS device to connect and run commands or transfer files to remote machines.
By default, root is the only user that is available for login (with its admin alias). At boot, its password is empty. You should make the necessary steps to set a root password as soon as you've booted up your system. See User Accounts for more details.
First, ensure you have your SSH private/public key pair, on your laptop (assuming you run Linux), hitting Enter whenever asked for something:
$ test -f ~/.ssh/id_rsa.pub || ssh-keygen
Then transfer your public key to the device:
$ ssh-copy-id root@yourdevice
The SSH server uses the authorized keys from /data/etc/ssh_authorized_keys file to determine which public keys are authorized to log in to the device. The ssh-copy-id command will create it for you. Alternatively, you can just copy the contents of your laptop's ~/.ssh/id_rsa.pub to the device's /data/etc/ssh_authorized_keys.
If you want to customize your OS to include a fixed, specific set of authorized SSH keys, you can simply replace the board/common/overlay/etc/ssh/authorized_keys symlink with a regular file containing your keys.
The thingOS command line is a regular shell based on bash. Most binaries are however provided by BusyBox, so you may find some incompatibilities/limitations when compared to a fully fledged Linux system.
You can play around with the system but keep in mind that:
- the
rootandbootpartitions are read-only - you can mount the
rootandbootpartitions read-write, but a firmware update will discard any of your changes - you may actually make permanent changes to
/usr,/var/liband/var/log(the mounted overlay filesystems allow you to), but don't do it unless you know what you're doing
See Partitions for more details.
You may want to run remote commands (or transfer files) from your thingOS device using the ssh command, on (to) another machine. You can automate the login process using SSH keys as follows (run these commands on the device):
-
Generate a key pair for your device (hit Enter whenever asked something):
# ssh-keygen -
Copy your device's public key your other machine:
# ssh-copy-id user@otherhostAlternatively, you can manually add it to your other machine's
~user/.ssh/authorized_keys:# cat ~/.ssh/id_rsa.pub -
Test the setup; it should run the
ls -lcommand remotely without asking for a password (will ask you to confirm the authenticity of the remote host once, though):# ssh user@otherhost ls -l
At first boot, the S60sshd init script will create your device's SSH host keys and place them in /data/etc/ssh.
At each boot, the S60sshd init script will create a temporary sshd_config made from merging together the system provided /etc/ssh/sshd_config and the user-provided /data/etc/ssh/sshd_config (see ssh/sshd_config); directives in the latter take precedence.
Practically all editable client & server SSH configuration on your device lives in /data/etc/ssh, since /root/.ssh is a symlink to that location.
Simply create the /data/etc/ssh/sshd_config file and put all your sshd_config directives there (see ssh/sshd_config).
For example, setting a custom port can be achieved by using the Port directive:
Port 22222
If you need to persistently customize your ssh/sftp/scp clients on your thingOS device, it suffices to create a /data/etc/ssh/config config file, where you can place your ssh_config directives (see ssh/config). Your client configuration applies to the root (admin) user, since /root/.ssh points to /data/etc/ssh.
The SFTP functionality is enabled by default in thingOS. Using the correct credentials, an SFTP client will allow you to browse the files on your device:
$ sftp root@yourdevice
Make sure you have set a root (admin) password on your device. It won't work with empty passwords.
- bluetooth.conf
- captive-portal.conf
- cpufreq.conf
- date.conf
- dnsmasq.conf
- docker‐compose.env
- docker‐compose.env.sh
- docker‐compose.yml
- dtoverlays
- dyndns-update.sh
- environment
- firewall.sh
- fstab.user
- hostapd.conf
- ifalias.conf
- localtime
- modprobe.conf
- modules
- mongodb.conf
- netwatch.conf
- ntp.conf
- os.conf
- proftpd.conf
- redis.conf
- smb.conf
- ssh/config
- ssh/sshd_config
- ssl/domain
- ssl/email
- static_ip.conf
- sysctl.conf
- toemmc.conf
- version
- watchdog.conf
- wpa_supplicant.conf