sshd_config 不会通过 Yocto 元层被覆盖,因此无法连接到电路板
sshd_config does not get overwritten via Yocto meta-layer and hence cannot connect to board
系统
- 硬件:PHYTEC PHYBOARD-Mira板
- 处理器:NXP i.MX6 四核
- Yocto/OE 分支机构:
warrior
初始步骤
我有一个名为 meta-mylayer 的自定义层,我希望在其中更改我在硬件上带来的图像。 meta-yogurt 层由 Phytec 提供,由其应用程序和其他电路板相关软件组成。
在我的图层中,我有以下密码配方:
# meta-mylayer/recipe-images/images/phytec-headless-image.bbappend
inherit extrausers
EXTRA_USERS_PARAMS = "usermod -P yocto2020 root;"
执行 bitbake -k phytec-headless-image 并通过串行电缆连接电路板后,我可以使用 root:yocto2020 凭据登录电路板,但是在 ssh -l root <StaticIPBoard> 之后,我一直被拒绝访问。
基于此toradex forum thread我在我所有元层所在的目录中执行以下命令:
find . -name "*sshd_config*"
结果如下:
./meta-yogurt/recipes-connectivity/openssh/openssh/sshd_config
./poky/meta/recipes-connectivity/openssh/openssh/sshd_config
因此我从 meta-yogurt 层复制 sshd_config 并取消注释以下两行:
AllowRootLogin Yes
PasswordAuthentication Yes
我层的recipe结构如下:
meta-mylayer/recipes-connectivity/
└── openssh
├── openssh
│ └── sshd_config # uncommented the necessary lines
└── openssh_%.bbappend
openssh_%.bbappend文件内容如下:
FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
图层已经在 $BUILDDIR/conf/bblayers.conf 中,所以我继续 bitbake -k phytec-headless-image 并将图像加载到板上。
命令 ssh -v -l root <STATICIP> 抛出以下错误:
$ ssh -v -l root 192.168.3.11
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.3.11 [192.168.3.11] port 22.
debug1: Connection established.
debug1: identity file /home/des/.ssh/id_rsa type 1
debug1: identity file /home/des/.ssh/id_rsa-cert type -1
debug1: identity file /home/des/.ssh/id_dsa type -1
debug1: identity file /home/des/.ssh/id_dsa-cert type -1
debug1: identity file /home/des/.ssh/id_ecdsa type -1
debug1: identity file /home/des/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/des/.ssh/id_ed25519 type -1
debug1: identity file /home/des/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9
debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 82:25:3c:5a:49:5e:61:ba:7c:0d:6b:b9:1d:78:9c:7c
debug1: Host '192.168.3.11' is known and matches the ECDSA host key.
debug1: Found key in /home/des/.ssh/known_hosts:46
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/des/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/des/.ssh/id_dsa
debug1: Trying private key: /home/des/.ssh/id_ecdsa
debug1: Trying private key: /home/des/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
root@192.168.3.11's password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
sshd_config 文件
在板子上通过我做的串口
cat /etc/ssh/sshd_config | grep -i "rootlogin"
并且 AllowRootLogin 选项仍然被注释掉了!
其他选择
我尝试了 devtool modify openssh 并编辑了 sshd_config 并使用 SRC_URI_append 向我的图层添加了补丁,结果仍然相同。
P.S.中的local.conf被注释掉EXTRA_IMAGE_FEATURES += "debug-tweaks".
问题
在我的 Yocto Layer 中使用 root 用户密码集通过 SSH 访问开发板需要做什么?
问题是 EXTRA_IMAGE_FEATURES += "debug-tweaks"。我提到它在 conf/local.conf.
中被注释掉了
解决方案是取消注释,以便产生效果。
之前:
conf/local.conf
#EXTRA_IMAGE_FEATURES += "debug-tweaks"
之后:
EXTRA_IMAGE_FEATURES += "debug-tweaks"
然后使用 bitbake -k phytec-headless-image 构建一个新镜像,然后 ssh -l root <STATICIP> 使用密码登录
系统
- 硬件:PHYTEC PHYBOARD-Mira板
- 处理器:NXP i.MX6 四核
- Yocto/OE 分支机构:
warrior
初始步骤
我有一个名为
meta-mylayer的自定义层,我希望在其中更改我在硬件上带来的图像。meta-yogurt层由 Phytec 提供,由其应用程序和其他电路板相关软件组成。在我的图层中,我有以下密码配方:
# meta-mylayer/recipe-images/images/phytec-headless-image.bbappend inherit extrausers EXTRA_USERS_PARAMS = "usermod -P yocto2020 root;"
执行 bitbake -k phytec-headless-image 并通过串行电缆连接电路板后,我可以使用 root:yocto2020 凭据登录电路板,但是在 ssh -l root <StaticIPBoard> 之后,我一直被拒绝访问。
基于此toradex forum thread我在我所有元层所在的目录中执行以下命令:
find . -name "*sshd_config*"
结果如下:
./meta-yogurt/recipes-connectivity/openssh/openssh/sshd_config
./poky/meta/recipes-connectivity/openssh/openssh/sshd_config
因此我从 meta-yogurt 层复制 sshd_config 并取消注释以下两行:
AllowRootLogin Yes
PasswordAuthentication Yes
我层的recipe结构如下:
meta-mylayer/recipes-connectivity/
└── openssh
├── openssh
│ └── sshd_config # uncommented the necessary lines
└── openssh_%.bbappend
openssh_%.bbappend文件内容如下:
FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
图层已经在 $BUILDDIR/conf/bblayers.conf 中,所以我继续 bitbake -k phytec-headless-image 并将图像加载到板上。
命令 ssh -v -l root <STATICIP> 抛出以下错误:
$ ssh -v -l root 192.168.3.11
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.3.11 [192.168.3.11] port 22.
debug1: Connection established.
debug1: identity file /home/des/.ssh/id_rsa type 1
debug1: identity file /home/des/.ssh/id_rsa-cert type -1
debug1: identity file /home/des/.ssh/id_dsa type -1
debug1: identity file /home/des/.ssh/id_dsa-cert type -1
debug1: identity file /home/des/.ssh/id_ecdsa type -1
debug1: identity file /home/des/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/des/.ssh/id_ed25519 type -1
debug1: identity file /home/des/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9
debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 82:25:3c:5a:49:5e:61:ba:7c:0d:6b:b9:1d:78:9c:7c
debug1: Host '192.168.3.11' is known and matches the ECDSA host key.
debug1: Found key in /home/des/.ssh/known_hosts:46
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/des/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/des/.ssh/id_dsa
debug1: Trying private key: /home/des/.ssh/id_ecdsa
debug1: Trying private key: /home/des/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
root@192.168.3.11's password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
sshd_config 文件
在板子上通过我做的串口
cat /etc/ssh/sshd_config | grep -i "rootlogin"
并且 AllowRootLogin 选项仍然被注释掉了!
其他选择
我尝试了 devtool modify openssh 并编辑了 sshd_config 并使用 SRC_URI_append 向我的图层添加了补丁,结果仍然相同。
P.S.中的local.conf被注释掉EXTRA_IMAGE_FEATURES += "debug-tweaks".
问题
在我的 Yocto Layer 中使用 root 用户密码集通过 SSH 访问开发板需要做什么?
问题是 EXTRA_IMAGE_FEATURES += "debug-tweaks"。我提到它在 conf/local.conf.
解决方案是取消注释,以便产生效果。
之前:
conf/local.conf
#EXTRA_IMAGE_FEATURES += "debug-tweaks"
之后:
EXTRA_IMAGE_FEATURES += "debug-tweaks"
然后使用 bitbake -k phytec-headless-image 构建一个新镜像,然后 ssh -l root <STATICIP> 使用密码登录