The first association on any Linux machine is the command line, grey (or even green) letters and the black background. This is not so far from the reality – many servers are accessible only through the SSH connection and the command line.
Unlike other major Linux distributions, Tiny Core Linux is built to be small, fast, nomadic and modular. The Dropbear SSH server is well supported. However, you need to manually download and install it. Here is the story how you can do that.
Let’s begin!
I will assume that you have already installed the Microcore version of Tiny Core Linux.
In case that you need to install it, you can download the latest version here. I’m still using 6.4.1 with the 3.16.6 kernel. You can download any other version and this scenario will be the same.
The whole process is divided in a few parts:
- Download and installation
- The first run and generation of the certificates
- Setting account passwords
- Setting automatic start-up
- Making changes persistent
- Reboot and test
Let’s analyse each step in details. Keep in mind that we could only use the command line.
Download and installation
To download and install Dropbear on your Microcore machine, execute the following command:
tc@box:~$ tce-load -wi dropbear Downloading: dropbear.tcz Connecting to repo.tinycorelinux.net (89.22.99.37:80) dropbear.tcz 100% |*******************************| 136k 0:00:00 ETA dropbear.tcz: OK tc@box:~$
The command modifier –wi indicates that we want to download and install extension. That means that this extension will be automatically extracted on every system (re)start.
And that’s it. I just downloaded and installed this module.
The first run and generation of the certificates
We need to run Dropbear for the first time. During the first start, it will generate its private key and certificate that will be used for the SSL encryption.
The Dropbear module is always extracted into the directory named /tmp/tcloop/dropbear/usr/local/etc/init.d/, which is linked also as /usr/local/etc/init.d/. We need to run it as root:
tc@box:~$ sudo /tmp/tcloop/dropbear/usr/local/etc/init.d/dropbear start Generating Dropbear rsa key... Generating key, this may take a while... Public key portion is: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDP3Km6HQuuuSypFZqr+XTelKUAh8outoKhUVmtHd17C0Yiy4N86LNRCzQ4YlQF2HkMcI8aoi612p5iQoG92+NcQbeI3pJvx+IqaOEZeuMhpfFex7KPudMbV60OX7+Vdka8YKnPDAy4eqIALiLj0AwdWtXk2Sc9qXJ9n4uSFmhlySp+9m6YPyPFBYXvGLTjhmd8Kb2JA/RIJy43ooavxwoO02dOFC8dij7QsWhKuBMFbtsyxrjwRf+iiBjEzU+f91x6n8KVdxSyC6LYtNCsjdEEkuMbD8syUh5G6NMLPBWJeJZml1FnOdMDlJgS8rYgHs8YK9EVDwLIQuztsJpmFhWT root@box Fingerprint: md5 7f:ea:51:a6:04:4d:d6:04:cd:00:77:0a:33:31:5f:12 Generating Dropbear dss key... Generating key, this may take a while... Public key portion is: ssh-dss AAAAB3NzaC1kc3MAAACBAKnpQqotcJ8rdw5ndg3NFc8JgTY79mpBrnYsKsc1m9kyXGoBUqc4Z0eDu4ZYapIU9MVwPv0bKCFXaBLv4oyasUR3bs6HHlnePs0FswHpymA+3YRrivmd1Xc5nkQQ7+hoP2WdA4T7TFlg6bsX554LAgSTxG0y8BW5zdIWWK7gGd1PAAAAFQDA7qG1FXmCNqEORlB6QKeTEgcthwAAAIB8sWMhR2aR5sWDGZWRxTSmexruk65q8ei4Ff/nZ0n8qm3Uo3Nj3AXJPb16hSCaDPeT7B9TEq3IC4M/zBpCjvt3sv4Stv36q6VGnDNjNZy+pP7NU1KqSc/otmn1Z3ERCifQk2f3UpS3H0ppumuP2q5fUkUuvlkudLxh/BBDpnHcowAAAIEAghMdvBGsXB71i7tcZsA8nJFatm53G9lUCkOn7uGnfVAS7H5HVkR2Auksj4vibiIB2btTKrw+A3oaTFk9TaQVIgXsa9MSYYvnqPigfs2jFxoQzH8wQpvtvViWxxpVn/Ny4DOJoZlYQi24Wi1g00+xLfYv5cWs3BNiy7bWa2JlxXY= root@box Fingerprint: md5 40:4f:66:d5:8b:e3:b9:01:7c:83:13:d8:2d:4f:a1:12 Starting SSH server: Dropbear... tc@box:~$
You can check if the SSH server running. By default, the SSH service (or daemon, how it’s named in the Linux world) should listen on any address (0.0.0.0) and port 22 TCP. You may execute following command:
tc@box:~$ netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN netstat: /proc/net/tcp6: No such file or directory netstat: /proc/net/udp6: No such file or directory netstat: /proc/net/raw6: No such file or directory Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] SEQPACKET LISTENING 1398 /run/udev/control unix 3 [ ] DGRAM 1407 unix 3 [ ] DGRAM 1408 tc@box:~$
As you can see, the Dropbear SSH server is up and running.
Setting account passwords
Only accounts with passwords can access the system using SSH. If your account doesn’t have password, the SSH access will be blocked. Hereinafter, we need to add password to our account.
By default, Tiny Core Linux has two accounts – tc and root. None of them has the default password, i.e. there is no password.
Additionally, it’s the good practice to don’t allow the root account to use SSH. You should always use your ordinary user account, like tc, for the remote system access. Later, during the session, you could elevate yourself into the root shell.
tc@box:~$ passwd tc Changing password for tc New password: Retype password: Password for tc changed by tc tc@box:~$
By design, you will not see any character on the screen while typing password. You can now try to access you Linux box from the network using SSH. You can use PuTTY for this purpose:
login as: tc Secure login powered by Dropbear SSH server on Core. tc@192.168.2.43's password: ( '>') /) TC (\ Core is distributed with ABSOLUTELY NO WARRANTY. (/-_--_-\) www.tinycorelinux.net tc@box:~$
Setting automatic start-up
To run Dropbear automatically on every start, we need to add its start-up command in the specific boot script:
tc@box:~$ echo "/tmp/tcloop/dropbear/usr/local/etc/init.d/dropbear start" >> /opt/bootlocal.sh
And that’s it! This command is added to the end of the file /opt/bootlocal.sh.
Making changes persistent
We need to backup all changed files and to make all those settings persistent during the reboots.
We will add SSL certificate files into the backup list:
tc@box:~$ echo "usr/local/etc/dropbear/dropbear_dss_host_key" >> /opt/.filetool.lst tc@box:~$ echo "usr/local/etc/dropbear/dropbear_rsa_host_key" >> /opt/.filetool.lst tc@box:~$ filetool.sh -b
Keep in mind that Microcore version will not perform automatic backup during the shutdown process. Always manually execute filetool.sh –b to make the backup.
Now, we will add the password files into the backup list and the backup archive:
tc@box:~$ echo "etc/passwd" >> /opt/.filetool.lst tc@box:~$ echo "etc/shadow" >> /opt/.filetool.lst tc@box:~$ filetool.sh -b
Additionally, you should have these parameters in the boot file (/mnt/sda1/tce/boot/extlinux/extlinux.conf):
restore=sda1 opt=sda1 home=sda1 tce=sda1
Your downloaded TCZ modules will be in the /tce directory and the scripts for the boot sequence are located in /opt. The parameter restore=sda1 indicated to TCL to search disk sda1 for mydata.tgz file. If this file exists, it will be extracted and all existing files in the file system will be overwritten.
Reboot and test
The last step is to reboot the system and try to access it using SSH. If everything is configured properly, TCL will restore your password files, both SSL files related to the server certificate and eventually it will run SSH daemon.
If you can’t connect to the server, your SSH daemon is not running. Check that with netstat command. Even more, check if there is any firewall between your machine and this server. By default, TCL doesn’t run iptables.
If you can access the server, but you can’t login, then your password file is not restored. Check appropriate settings related to persistence.
Now, when we have the network access, we should configure the static IP or we can add other services, like BIND DNS.
Stay tuned.
[…] using the netstat command. I already used that cross-platform command in other articles (Windows or Linux […]
LikeLike
[…] can download files on any machine and then copy them on the server. Bear in mind that Dropbear only supports SCP into the user’s home folder. You will need OpenSSH for SFTP. In my case, I […]
LikeLike
[…] It’s a very convenient to have your DNS server on the static IP address. In addition, this server is the CLI version and you will probably want to have the SSH access. […]
LikeLike