warriorI have a custom layer called meta-mylayer where I wish to make changes to the images that I bring on the hardware. The meta-yogurt layer is provided by Phytec which consists of their apps and other board related software.
Within my Layer I have the following recipe for password:
# meta-mylayer/recipe-images/images/phytec-headless-image.bbappend
inherit extrausers
EXTRA_USERS_PARAMS = "usermod -P yocto2020 root;"
Upon executing bitbake -k phytec-headless-image and connecting the board via Serial Cable I am able to login the board with root:yocto2020 credentials, however upon ssh -l root <StaticIPBoard> I keep getting access denied.
Based on this toradex forum thread I execute the following command in the directory where all my meta layers are:
find . -name "*sshd_config*"
The result is as follows:
./meta-yogurt/recipes-connectivity/openssh/openssh/sshd_config
./poky/meta/recipes-connectivity/openssh/openssh/sshd_config
Hence I copy the sshd_config from the meta-yogurt layer and uncomment the following two lines:
AllowRootLogin Yes
PasswordAuthentication Yes
the structure of the recipe in my layer is as follows:
meta-mylayer/recipes-connectivity/
└── openssh
├── openssh
│ └── sshd_config # uncommented the necessary lines
└── openssh_%.bbappend
the content of the openssh_%.bbappend file is as follows:
FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
the layer is already in the $BUILDDIR/conf/bblayers.conf so I proceed with bitbake -k phytec-headless-image and load the image on the board.
The command ssh -v -l root <STATICIP> throws the following errors:
$ ssh -v -l root 192.168.3.11
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.3.11 [192.168.3.11] port 22.
debug1: Connection established.
debug1: identity file /home/des/.ssh/id_rsa type 1
debug1: identity file /home/des/.ssh/id_rsa-cert type -1
debug1: identity file /home/des/.ssh/id_dsa type -1
debug1: identity file /home/des/.ssh/id_dsa-cert type -1
debug1: identity file /home/des/.ssh/id_ecdsa type -1
debug1: identity file /home/des/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/des/.ssh/id_ed25519 type -1
debug1: identity file /home/des/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9
debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 82:25:3c:5a:49:5e:61:ba:7c:0d:6b:b9:1d:78:9c:7c
debug1: Host '192.168.3.11' is known and matches the ECDSA host key.
debug1: Found key in /home/des/.ssh/known_hosts:46
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/des/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/des/.ssh/id_dsa
debug1: Trying private key: /home/des/.ssh/id_ecdsa
debug1: Trying private key: /home/des/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
root@192.168.3.11's password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
sshd_config fileon the board via the Serial Port I do
cat /etc/ssh/sshd_config | grep -i "rootlogin"
and the AllowRootLogin option is still commented out!
I tried devtool modify openssh and edited the sshd_config and added patches to my layer with SRC_URI_append and the results are still the same.
P.S. in the local.conf EXTRA_IMAGE_FEATURES += "debug-tweaks" is commented out.
What needs to be done in order to reach the board via SSH with a password set of root user in my Yocto Layer?
The problem was EXTRA_IMAGE_FEATURES += "debug-tweaks". I mentioned that it was commented out in the conf/local.conf.
The solution was to uncomment it so that the effects take place.
Before:
conf/local.conf
#EXTRA_IMAGE_FEATURES += "debug-tweaks"
After:
EXTRA_IMAGE_FEATURES += "debug-tweaks"
and then build a new image using bitbake -k phytec-headless-image and ssh -l root <STATICIP> logs in with password