Skip to content

Instantly share code, notes, and snippets.

@thcipriani

thcipriani/beaglebone.org

Last active October 24, 2015 16:46
Show Gist options
  • Save thcipriani/6fddf52ef474984f0ad8 to your computer and use it in GitHub Desktop.
Save thcipriani/6fddf52ef474984f0ad8 to your computer and use it in GitHub Desktop.
Download ZIP
Beaglebone Setup
Raw
beaglebone.org

Beaglebone Black Setup from a Debian 8 laptop

Grab the debian image from http://beagleboard.org

  1. Download Debian image [whatever].img.xz to your laptop
  2. unxz bone-debian-7.8-lxde-4gb-armhf-2015-03-01-4gb.img.xz
  3. Insert microSD card and make sure that it is unmounted
    • lsblk
    • fdisk -l
  4. sudo dd bs=4 if=bone-debian-7.8-lxde-4gb-armhf-2015-03-01-4gb.img of=/dev/sdd conv=fsync
  5. put sdcard in BBB and power up

Connect over SSH

  1. Plugin beaglebone to computer via SSH
  2. ssh -l root 192.168.7.2

Wifi Setup

  1. Plugin the wifi adapter
  2. Reboot (unplug it and plug it back in)
  3. vim /etc/network/interfaces 
    auto wlan0
iface wlan0 inet dhcp
    wpa-ssid "network-name"
    wpa-psk "network-password"
  4. ifdown wlan0; ifup wlan0
  5. use ip -o addr show to confirm that you have an ip address

Update debian

#!/usr/bin/env bash
# Debian auto-upgrade script
# https://debian-handbook.info/browse/stable/sect.automatic-upgrades.html

# kill all cached creds
sudo -k

# ask for new creds
sudo -v

export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
yes '' | sudo apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade

Basic security

Make a root password

  • Install pwgen: sudo apt-get install pwgen
  • Generate a root password: pwgen -Bsy 16 1
  • Store that password in your password store—you’ll never remember it
  • Login to beaglebone via ssh, run passwd

Add a privileged non-root user

  • Generate a non-privileged user password: pwgen -Bsy 16 1
  • Save password in password store
  • Add the user 
    sudo groupadd sudo-user
sudo groupadd ssh-user
useradd tyler
mkdir /home/tyler
mkdir /home/tyler/.ssh
touch /home/tyler/.ssh/authorized_keys
chown -R tyler:tyler /home/tyler
chmod 700 /home/tyler/.ssh
chmod 600 /home/tyler/.ssh/authorized_keys
usermod -a -G sudo-user tyler
usermod -a -G ssh-user tyler
usermod --shell /bin/bash tyler
passwd tyler
  • give that user sudo privileges
    • EDITOR=vim visudo -f /etc/sudoers.d/sudo-user
    • Add the line: %sudo-user ALL=(ALL) NOPASSWD:ALL
  • Add your laptop’s key to user’s authorized_keys 
    # This should happen from your local machine: laptop/desktop/whatever
cat ~/.ssh/id_rsa.pub | ssh -l tyler 192.168.7.2 'mkdir -p .ssh && cat >> ~/.ssh/authorized_keys'

Remove demo user

  • userdel -fr debian

Lockdown ssh

  • Generate better hostkeys 
    cd /etc/ssh
rm ssh_host_*key*
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null
  • Modfiy /etc/ssh/sshd_config to make it like below: 
    Ciphers aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
PubkeyAuthentication yes
PermitRootLogin no
PasswordAuthentication no
AllowGroups ssh-user
  • Restart SSH service ssh restart
  • Open a new terminal window and make sure you can still login (you may need to delete and reaccept hostkeys)

Fun Stuff

  • Change ssh banner: 
    sudo apt-get install figlet
awk '$1 !~ /default/' /etc/issue.net > ~/issue.net && sudo mv ~/issue.net /etc/issue.net
sudo sh -c 'figlet BeagleBone >> /etc/issue.net'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment