sshd_config 不会通过 Yocto 元层被覆盖,因此无法连接到电路板

sshd_config does not get overwritten via Yocto meta-layer and hence cannot connect to board

系统

初始步骤

  1. 我有一个名为 meta-mylayer 的自定义层,我希望在其中更改我在硬件上带来的图像。 meta-yogurt 层由 Phytec 提供,由其应用程序和其他电路板相关软件组成。

  2. 在我的图层中,我有以下密码配方:

    # meta-mylayer/recipe-images/images/phytec-headless-image.bbappend
    inherit extrausers
    EXTRA_USERS_PARAMS = "usermod -P yocto2020 root;"
    

执行 bitbake -k phytec-headless-image 并通过串行电缆连接电路板后,我可以使用 root:yocto2020 凭据登录电路板,但是在 ssh -l root <StaticIPBoard> 之后,我一直被拒绝访问。

基于此toradex forum thread我在我所有元层所在的目录中执行以下命令:

find . -name "*sshd_config*"

结果如下:

./meta-yogurt/recipes-connectivity/openssh/openssh/sshd_config
./poky/meta/recipes-connectivity/openssh/openssh/sshd_config

因此我从 meta-yogurt 层复制 sshd_config 并取消注释以下两行:

AllowRootLogin Yes
PasswordAuthentication Yes

我层的recipe结构如下:

meta-mylayer/recipes-connectivity/
└── openssh
    ├── openssh
    │   └── sshd_config # uncommented the necessary lines
    └── openssh_%.bbappend

openssh_%.bbappend文件内容如下:

FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"

图层已经在 $BUILDDIR/conf/bblayers.conf 中,所以我继续 bitbake -k phytec-headless-image 并将图像加载到板上。

命令 ssh -v -l root <STATICIP> 抛出以下错误:

$ ssh -v -l root 192.168.3.11
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.3.11 [192.168.3.11] port 22.
debug1: Connection established.
debug1: identity file /home/des/.ssh/id_rsa type 1
debug1: identity file /home/des/.ssh/id_rsa-cert type -1
debug1: identity file /home/des/.ssh/id_dsa type -1
debug1: identity file /home/des/.ssh/id_dsa-cert type -1
debug1: identity file /home/des/.ssh/id_ecdsa type -1
debug1: identity file /home/des/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/des/.ssh/id_ed25519 type -1
debug1: identity file /home/des/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9
debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 82:25:3c:5a:49:5e:61:ba:7c:0d:6b:b9:1d:78:9c:7c
debug1: Host '192.168.3.11' is known and matches the ECDSA host key.
debug1: Found key in /home/des/.ssh/known_hosts:46
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/des/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/des/.ssh/id_dsa
debug1: Trying private key: /home/des/.ssh/id_ecdsa
debug1: Trying private key: /home/des/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
root@192.168.3.11's password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.

sshd_config 文件

在板子上通过我做的串口

cat /etc/ssh/sshd_config | grep -i "rootlogin"

并且 AllowRootLogin 选项仍然被注释掉了!

其他选择

我尝试了 devtool modify openssh 并编辑了 sshd_config 并使用 SRC_URI_append 向我的图层添加了补丁,结果仍然相同。

P.S.中的local.conf被注释掉EXTRA_IMAGE_FEATURES += "debug-tweaks".

问题

在我的 Yocto Layer 中使用 root 用户密码集通过 SSH 访问开发板需要做什么?

问题是 EXTRA_IMAGE_FEATURES += "debug-tweaks"。我提到它在 conf/local.conf.

中被注释掉了

解决方案是取消注释,以便产生效果。

之前:

conf/local.conf


#EXTRA_IMAGE_FEATURES += "debug-tweaks"

之后:

EXTRA_IMAGE_FEATURES += "debug-tweaks"

然后使用 bitbake -k phytec-headless-image 构建一个新镜像,然后 ssh -l root <STATICIP> 使用密码登录