WillMoore

How to get ssh server (dropbear) running on BF609 EZ BOARD using Blackfin ucLinux 2014R1-RC1

Discussion created by WillMoore on Jan 26, 2016
Latest reply on Feb 2, 2016 by Aaronwu

If you follow https://blackfin.uclinux.org/doku.php?id=uclinux-dist:dropbear and are using a BF609 EZ BOARD and the latest Blackfin ucLinux release 2014RC-RC1 you will find problems.  So here is my how to, I hope it helps.  It assumes you have a working 2014R1-RC1 build booting on your BF609 EZ BOARD and that you are familiar enough with rebuilding this and updating your booting image.  Since there are a number of ways this can be done I will not cover that here.

 

Select dropbear in Buildroot:

 

vm@ubuntu:~/blackfin-buildroot$ make menuconfig

 

 

 

 

configuration written to /home/vm/blackfin-buildroot/.config

 

*** End of the configuration.

*** Execute 'make' to start the build or try 'make help'.

Unfortunately when you try to make the dropbear package you will find a problem:

 

vm@ubuntu:~/blackfin-buildroot$ make

--snip--

>>> dropbear 2013.58 Patching package//dropbear

before patching /home/vm/blackfin-buildroot/output/build/dropbear-2013.58 /home/vm/blackfin-buildroot/output/build/dropbear-2013.58

 

Applying dropbear-fix-missing-TIMEVAL_TO_TIMESPEC.patch using patch:

patching file includes.h

 

Applying dropbear-vfork.patch using patch:

can't find file to patch at input line 3

Perhaps you used the wrong -p or --strip option?

The text leading up to this was:

--------------------------

|--- svr-main_orig.c    2013-06-03 18:11:58.526322318 +0800

|+++ svr-main.c    2013-06-03 18:13:09.730322623 +0800

--------------------------

No file to patch.  Skipping patch.

1 out of 1 hunk ignored

Patch failed!  Please fix dropbear-vfork.patch!

make: *** [/home/vm/blackfin-buildroot/output/build/dropbear-2013.58/.stamp_patched] Error 1

 

The problem is the dropbear-vfork,patch shipped as a part of 2014R1-RC1 is broken, (it is not generated to run from the  directory that Buildroot expects) I attach a fixed version, copy this over the package/dropbear/dropbear-vfork,patch and try again:

 

vm@ubuntu:~/blackfin-buildroot$ make

--snip--

cp support/misc/target-dir-warning.txt /home/vm/blackfin-buildroot/output/target/THIS_IS_NOT_YOUR_ROOT_FILESYSTEM

 

Now it builds.  The default is to build to run from inetd.  So we need to adjust inetd.conf.  We will also need to have a password set on the root user.  This requires that we adjust the default busybox configuration that ships with 2014R1-RC1.  We will also need to generate dropbear keys.  Then we will need a way to ensure that the inetd.conf, password, and dropbear keys are all built into the ucLinux on your BF609.  One way to do this is to add them as a rootfs overlay in Buildroot so that each time Buildroot builds the target rootfs it will overlay these files.  To configure a rootfs overlay, set up a rootfs-overlay directory to add files to:

 

vm@ubuntu:~/blackfin-buildroot$ mkdir ./board/AnalogDevices/blackfin/bf609-ezboard

vm@ubuntu:~/blackfin-buildroot$ mkdir ./board/AnalogDevices/blackfin/bf609-ezboard/rootfs-overlay

vm@ubuntu:~/blackfin-buildroot$ mkdir ./board/AnalogDevices/blackfin/bf609-ezboard/rootfs-overlay/etc

vm@ubuntu:~/blackfin-buildroot$ mkdir ./board/AnalogDevices/blackfin/bf609-ezboard/rootfs-overlay/etc/dropbear

vm@ubuntu:~/blackfin-buildroot$ cp ./board/AnalogDevices/blackfin/target_skeleton/etc/inetd.conf ./board/AnalogDevices/blackfin/bf609-ezboard/rootfs-overlay/etc/

 

Now edit the /board/AnalogDevices/blackfin/bf609-ezboard/rootfs-overlay/etc/inetd.conf to add a line:

 

sshstream tcp nowait root /usr/sbin/dropbear dropbear -i

 

I also attach my inetd.conf file which could just be copied into /board/AnalogDevices/blackfin/bf609-ezboard/rootfs-overlay/etc/.

Configure Buildroot to use this rootfs overlay:

 

vm@ubuntu:~/blackfin-buildroot$ make menuconfig

 

 

 

 

 

 

configuration written to /home/vm/blackfin-buildroot/.config

 

*** End of the configuration.

*** Execute 'make' to start the build or try 'make help'.

 

Now we have a rootfs overlay it is easier to add files to the build, just add them to the /board/AnalogDevices/blackfin/bf609-ezboard/rootfs-overlay/ directory.

 

Before we make Buildroot again, adjust the busybox configuration to add the passwd functionality:

 

vm@ubuntu:~/blackfin-buildroot$ make busybox-menuconfig

--snip--

*** End of configuration.

*** Execute 'make' to build the project or try 'make help'.

 

make[1]: Leaving directory `/home/vm/blackfin-buildroot/output/build/busybox-1.21.1'

rm -f /home/vm/blackfin-buildroot/output/build/busybox-1.21.1/.stamp_built

rm -f /home/vm/blackfin-buildroot/output/build/busybox-1.21.1/.stamp_target_installed


Now we can make Buildroot:

 

vm@ubuntu:~/blackfin-buildroot$ make

>>> busybox 1.21.1 Building

--snip--

cp support/misc/target-dir-warning.txt /home/vm/blackfin-buildroot/output/target/THIS_IS_NOT_YOUR_ROOT_FILESYSTEM

 

Transfer this new ucLinux image to your target and boot it.  On the target, ensure your network is set up as per https://blackfin.uclinux.org/doku.php?id=setting_up_the_network.

 

Set up a password:

 

root:/> passwd

 

You can copy the password back to your rootfs-overlay by rcp (assuming your target is configured as IP 192.168.1.2!), on your development host:

 

vm@ubuntu:~/blackfin-buildroot$ rcp root@192.168.1.2:/etc/passwd ./board/AnalogDevices/blackfin/bf609-ezboard/rootfs-overlay/etc/

 

Next time you make Buildroot this will be added to the rootfs so the system will boot with a this root password.

 

Set up dropbear keys on the target:

 

root:/> dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key

Will output 1024 bit dss secret key to '/etc/dropbear/dropbear_dss_host_key'

Generating key, this may take a while...

Public key portion is:

ssh-dss AAAAB3NzaC1kc3MAAACBAIP5s/vfCy0UOXmcWQwpkalgsfi/8QtviFGfAX7EBPEtNQCGyUH1ZrQ+sDAXQhGaS4sgalHKi7a9Cf4pVenyGYiafpHm7vRlPKVIJZIgzHMO5Kojs1QIxnYgaXHfTRjHAbBAD1cOlFUR0J4gwETfrNfzn73VUhbLQX4qKhzK04frAAAAFQDPx8A/N0alvNDLQV2ccDgA1Z6tQQAAAIBkiVJcWfzQX8VcXY4t78K3iVZckHLlFLvdGeI0oS30ssaTZP4P+QKuEOhHySQgfvthS5j2doeCUVtn4hKOcphXI5fkKGiXGmKnh1dbj8mlBNIYV23lsd2KC3YMsZ6gNqPw/Ple/Xejn+22F9qmYry92SX+dCD+6SaMTVpOPqYkKQAAAIAX6IBEUYdc7JBsCmgVeJDwCEDiN4EufclJlLAu9Eiqk5b2UxPkOOBquRkg5X12+iRL3CFTHucWYMKT6CG52h60TBXgKXBsBaIeS9zj5hxqIZJR7rIM5UsyrbuwUEc9I2HkzoU58Fr1pA4+cwCvllB8T/OswkBjJ/4xh7yLSicQGw== root@buildroot

Fingerprint: md5 1b:9b:dc:be:8b:89:40:9f:d5:a0:36:26:7c:78:0e:71

root:/> dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key

Will output 1024 bit rsa secret key to '/etc/dropbear/dropbear_rsa_host_key'

Generating key, this may take a while...

Public key portion is:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwChTXC4jaLN60gzUpTiWKPP9ye5CdtFnC31dEIPGgyIp2rXitb6V6dUjHAEXGFK4ZqQADJzBCZPnykf4X2s/EG0pG7UfCx24U0sKWIOWEGOy2DYgGhwnYU6V8LQWWnFZa1hnoADH8YV+ShsQFoeMl2hr1A9+WPxw0VPRHTLIJNIu0Q7 root@buildroot

Fingerprint: md5 d6:4b:fb:8f:28:07:ac:7e:cb:b8:a3:7f:69:94:28:0f

root:/>

 

You can copy the dropbear keys back to your rootfs-overlay by rcp (assuming your target is configured as IP 192.168.1.2!):

 

vm@ubuntu:~/blackfin-buildroot$ rcp root@192.168.1.2:/etc/dropbear/dropbear_dss_host_key ./board/AnalogDevices/blackfin/bf609-ezboard/rootfs-overlay/etc/dropbear

vm@ubuntu:~/blackfin-buildroot$ rcp root@192.168.1.2:/etc/dropbear/dropbear_rsa_host_key ./board/AnalogDevices/blackfin/bf609-ezboard/rootfs-overlay/etc/dropbear

 

It should be noted that it is bad form from a security point of view to do this sort of thing with passwords and ssh keys and this should not be used for production, but for development to get ssh up and running it is fine :-)

 

You should now be able to ssh into your target, unless I missed something ...

Attachments

Outcomes