Ever since the move to our apartment, we did not have a Network Attached Storage device that could handle files and downloads for all computers. Devon kindly donated me a Beagle Bone Black (BBB in short) that would form the perfect basis for a low power system. In this 3 part series you can read the journey from inception to completion. When you’re finished here, continue with part 2 and part 3.
Living together with your partner meant that I needed to put in some consideration:
- Low power
- Silent (it would be installed in the living/study room) & not visible or good looking
- Secure, but remotely accessible
- Easy to use
- Works in a Windows environment
- Can download (torrent) files
- Has sufficient storage to make backups
It took me a couple of months to have the entire set of requirements checked, but today (November 2016) I can tell you that the system has been running for almost 20 days rock solid! Because there’s quite some material to cover, I’ll split it up into multiple parts. Let’s look at the basics first.
Setting up your BBB
There are a lot of different options to get a (Linux) operating system running on your BBB. For one, the BBB has on board flash memory so you can either choose to put the entire image on board, or leave it on an SD card and run from there. For my setup I put the image on the internal flash of the BBB.
For this I got a ready-made Ubuntu binary and followed the instructions to first place this on the SD card, then boot the beaglebone black from the SD card. This will start a script that will copy the entire image. Once finished the board should boot. If you didn’t attach any other peripherals, then there’s a very good chance you only see LEDs blinking.
I connected the board via ethernet straight to my PC and configured a static IP (192.168.7.1). By using putty I could then SSH into the BBB (ip = 192.168.7.2, but do check if they ever change this) and start configuring the board.
Step 0: get vim
As much as I’m incapable of using vim properly, I’ve gotten used to the basic key strokes to control the editor. Therefore, I always install vim first! You’re free to use your own editor of course.
phalox@bbb $ sudo apt-get install vim
Step 1: configure the network
By default the BBB will have a static IP on its network interface, but it will also generate a network interface over USB (which for some reason I never got to work properly on Windows). For my application, this is almost good! I don’t need anything over USB but I want to set the IP that’s compatible in my home network. Be careful to choose an address that will not collide with your DHCP server. My DHCP server does not distribute addresses below 99.
phalox@bbb $ sudo vim /etc/network/interfaces
In this file, modify the settings for your home network, like this:
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.0.10 netmask 255.255.255.0 gateway 192.168.0.1 dns-nameservers 18.104.22.168 22.214.171.124 # Example to keep MAC address between reboots #hwaddress ether DE:AD:BE:EF:CA:FE # The secondary network interface #auto eth1 #iface eth1 inet dhcp # WiFi Example #auto wlan0 #iface wlan0 inet dhcp # wpa-ssid "essid" # wpa-psk "password" # Ethernet/RNDIS gadget (g_ether) # Used by: /opt/scripts/boot/autoconfigure_usb0.sh #iface usb0 inet static # address 192.168.7.2 # netmask 255.255.255.252 # network 192.168.7.0 # gateway 192.168.7.1
Save the file, shut down your system (sudo shutdown -h now) and attach it to your home network. From now on you should be able to access your device from your home network!
Step 2: Configure SSHD
To make my life easier, but also to secure the BBB, we’ll tweak the SSH daemon in a couple of ways
phalox@bbb $ sudo vim /etc/ssh/sshd_config
First: Make sure that nobody can log in like root easily
Second: Turn off authentication by username/password. This only leaves the option to log in with certificates (which we’ll check shortly) Note: There’s a chance that you’ll make a mistake, so first set up certificate authentication, and only then set this line to no. Otherwise you might get stuck.
Lastly: If you ever loose your certificates, you would be pretty stuck. Therefore, let’s loosen the security a bit for local systems trying to connect via SSH. Please mind, this should be at the END of the file! (don’t forget to change the ip range to yours)
# Has to be at the end of the file, otherwise it fails ### Enable password authentication for local IPs Match Address 192.168.0.* PasswordAuthentication yes
Finally we will have to do some certificate magic. On your own PC, you will have to generate a certificate pair (public and private) that your PC will be using when setting up an SSH connection. The BBB will have to know your public key. By using this feature, you will be able to log in without your usual user credentials.
Important to note: the public certificate that will be placed on the BBB should be placed in the correct user’s folder. Otherwise you’ll login as a different user. This also means that you really have to set up correct users for your system.
If you didn’t make any mistakes, you can now reboot (or just restart sshd – sudo service ssh restart) and you should be rocking with certificates!