Skip to content

Instantly share code, notes, and snippets.

@thcipriani
Last active October 24, 2015 16:46
Show Gist options
  • Save thcipriani/6fddf52ef474984f0ad8 to your computer and use it in GitHub Desktop.
Save thcipriani/6fddf52ef474984f0ad8 to your computer and use it in GitHub Desktop.
Beaglebone Setup

Beaglebone Black Setup from a Debian 8 laptop

Grab the debian image from http://beagleboard.org

  1. Download Debian image [whatever].img.xz to your laptop
  2. unxz bone-debian-7.8-lxde-4gb-armhf-2015-03-01-4gb.img.xz
  3. Insert microSD card and make sure that it is unmounted
    • lsblk
    • fdisk -l
  4. sudo dd bs=4 if=bone-debian-7.8-lxde-4gb-armhf-2015-03-01-4gb.img of=/dev/sdd conv=fsync
  5. put sdcard in BBB and power up

Connect over SSH

  1. Plugin beaglebone to computer via SSH
  2. ssh -l root 192.168.7.2

Wifi Setup

  1. Plugin the wifi adapter
  2. Reboot (unplug it and plug it back in)
  3. vim /etc/network/interfaces
    auto wlan0
    iface wlan0 inet dhcp
        wpa-ssid "network-name"
        wpa-psk "network-password"
        
  4. ifdown wlan0; ifup wlan0
  5. use ip -o addr show to confirm that you have an ip address

Update debian

#!/usr/bin/env bash
# Debian auto-upgrade script
# https://debian-handbook.info/browse/stable/sect.automatic-upgrades.html

# kill all cached creds
sudo -k

# ask for new creds
sudo -v

export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
yes '' | sudo apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade

Basic security

Make a root password

  • Install pwgen: sudo apt-get install pwgen
  • Generate a root password: pwgen -Bsy 16 1
  • Store that password in your password store—you’ll never remember it
  • Login to beaglebone via ssh, run passwd

Add a privileged non-root user

  • Generate a non-privileged user password: pwgen -Bsy 16 1
  • Save password in password store
  • Add the user
    sudo groupadd sudo-user
    sudo groupadd ssh-user
    useradd tyler
    mkdir /home/tyler
    mkdir /home/tyler/.ssh
    touch /home/tyler/.ssh/authorized_keys
    chown -R tyler:tyler /home/tyler
    chmod 700 /home/tyler/.ssh
    chmod 600 /home/tyler/.ssh/authorized_keys
    usermod -a -G sudo-user tyler
    usermod -a -G ssh-user tyler
    usermod --shell /bin/bash tyler
    passwd tyler
        
  • give that user sudo privileges
    • EDITOR=vim visudo -f /etc/sudoers.d/sudo-user
    • Add the line: %sudo-user ALL=(ALL) NOPASSWD:ALL
  • Add your laptop’s key to user’s authorized_keys
    # This should happen from your local machine: laptop/desktop/whatever
    cat ~/.ssh/id_rsa.pub | ssh -l tyler 192.168.7.2 'mkdir -p .ssh && cat >> ~/.ssh/authorized_keys'
        

Remove demo user

  • userdel -fr debian

Lockdown ssh

  • Generate better hostkeys
    cd /etc/ssh
    rm ssh_host_*key*
    ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null
        
  • Modfiy /etc/ssh/sshd_config to make it like below:
    Ciphers aes256-ctr,aes192-ctr,aes128-ctr
    KexAlgorithms diffie-hellman-group-exchange-sha256
    MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
    Protocol 2
    HostKey /etc/ssh/ssh_host_rsa_key
    PubkeyAuthentication yes
    PermitRootLogin no
    PasswordAuthentication no
    AllowGroups ssh-user
        
  • Restart SSH service ssh restart
  • Open a new terminal window and make sure you can still login (you may need to delete and reaccept hostkeys)

Fun Stuff

  • Change ssh banner:
    sudo apt-get install figlet
    awk '$1 !~ /default/' /etc/issue.net > ~/issue.net && sudo mv ~/issue.net /etc/issue.net
    sudo sh -c 'figlet BeagleBone >> /etc/issue.net'
        
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment