How to build a girlfriend-approved download box with a BBB – part 1

Ever since the move to our appartment, we did not have a Network Attached Storage device that could handle files and downloads for all computers. Devon kindly donated me a Beagle Bone Black that would form the perfect basis for a low power system. Though, low power wasn’t the only requirement. Living together means updating the recuirements somewhat:

The living room: Final destination for the box

  • Low power
  • Silent (it would be installed in the living/study room) & not visible or good looking
  • Secure, but remotely accessible
  • Easy to use
  • Works in a Windows environment
  • Can download (torrent) files
  • Has sufficient storage to make backups

It took me a couple of months to have the entire set of requirements checked, but today (november 2016) I can tell you that the system has been running for almost 20 days rocksolid! Because there’s quite some material to cover, I’ll split it up into multiple parts. Let’s look at the basics first.

Setting up your BBB

 

Beagle Bone Black image

A picture of the Beagle Bone Black (borrowed from https://beagleboard.org/black)

There are a lot of different options to get a (Linux) operating system running on your BBB. For one, the BBB has on board flash memory so you can either choose to put the entire image on board, or leave it on an SD card and run from there. For my setup I put the image on the internal flash of the BBB.

For this I got a ready-made Ubuntu binary and followed the instructions to first place this on the SD card, then boot the beaglebone black from the SD card. This will start a script that will copy the entire image. Once finished the board should boot. If you didn’t attach any other peripherals, then there’s a very good chance you only see LEDs blinking.

I connected the board via ethernet straight to my PC and configured a static IP (192.168.7.1). By using putty I could then SSH into the BBB (ip = 192.168.7.2, but do check if they ever change this) and start configuring the board.

Step 0: get vim

As much as I’m incapable of using vim properly, I’ve gotten used to the basic key strokes to control the editor. Therefore, I always install vim first! You’re free to use your own editor of course.

phalox@bbb $ sudo apt-get install vim

Step 1: configure the network

By default the BBB will have a static IP on its network interface, but it will also generate a network interface over USB (which for some reason I never got to work properly on Windows). For my application, this is almost good! I don’t need anything over USB but I want to set the IP that’s compatible in my home network. Be careful to choose an address that will not collide with your DHCP server. My DHCP server does not distribute addresses below 99.

phalox@bbb $ sudo vim /etc/network/interfaces

In this file, modify the settings for your home network, like this:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.0.10
        netmask 255.255.255.0
        gateway 192.168.0.1
        dns-nameservers 8.8.8.8 8.8.4.4

# Example to keep MAC address between reboots
#hwaddress ether DE:AD:BE:EF:CA:FE

# The secondary network interface
#auto eth1
#iface eth1 inet dhcp

# WiFi Example
#auto wlan0
#iface wlan0 inet dhcp
#    wpa-ssid "essid"
#    wpa-psk  "password"

# Ethernet/RNDIS gadget (g_ether)
# Used by: /opt/scripts/boot/autoconfigure_usb0.sh
#iface usb0 inet static
#    address 192.168.7.2
#    netmask 255.255.255.252
#    network 192.168.7.0
#    gateway 192.168.7.1

Save the file, shut down your system (sudo shutdown -h now) and attach it to your home network. From now on you should be able to access your device from your home network!

Step 2: Configure SSHD

To make my life easier, but also to secure the BBB, we’ll tweak the SSH daemon in a couple of ways

First: Make sure that nobody can log in like root easily

PermitRootLogin  without-password

Second: Turn off authentication by username/password. This only leaves the option to log in with certificates (which we’ll check shortly) Note: There’s a chance that you’ll make a mistake, so first set up certificate authentication, and only then set this line to no. Otherwise you might get stuck.

PasswordAuthentication no

Lastly: If you ever loose your certificates, you would be pretty stuck. Therefore, let’s loosen the security a bit for local systems trying to connect via SSH. Please mind, this should be at the END of the file! (don’t forget to change the ip range to yours)

# Has to be at the end of the file, otherwise it fails
### Enable password authentication for local IPs
Match Address 192.168.0.*
    PasswordAuthentication yes

Finally we will have to do some certificate magic. On your own PC, you will have to generate a certificate pair (public and private) that your PC will be using when setting up an SSH connection. The BBB will have to know your public key. By using this feature, you will be able to log in without your usual user credentials.

There are many ways to do this, so I’m going to refer to different websites:
On linux hosts
On windows hosts (with putty)

Important to note: the public certificate that will be placed on the BBB should be placed in the correct user’s folder. Otherwise you’ll login as a different user. This also means that you really have to set up correct users for your system.

If you didn’t make any mistakes, you can now reboot (or just restart sshd – sudo service ssh restart) and you should be rocking with certificates!

The end of part 1. Subscribe now to get instant updates of future parts!

Name
Email *

Share this post
Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn1
Leave a comment

2 Comments

  1. Hey Toon!

    Cool project 🙂
    I am looking fwd to part 2!

    By the way, can you put your website in your word press profile? (So I can go from my blog via your profile directly to you website!)

    Reply
    • admin

       /  January 1, 2017

      Thanks! I’ll try to put part 2 together soon 🙂

      I’m not sure if the changes in my profile worked. This is a self-hosted wordpress, so it might not.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe now
Name
Email *