So I got my dev board earlier this week. I was trying to get started with and have been able to reflash it and my Chromebook is able to see the device when I do a "mdt devices" but when I do an "mdt shell", I get an error. I tried ssh directly and the verbose messages are shown below. My Chromebook was not able to see the devices using the USB-C data connection but then I was able to connect to it via the USB-serial connection and use the nmtui to connect the dev board to WiFi (same network to which the Chromebook is connected). The problem, from what I can read on Stackoverflow and other places is to do with sshd config on the board, needs to either have PAM disabled or password authentication enabled. I was trying to do that but then I see that I (the user mendel) cannot edit the /etc/ssh/sshd_config file because mendel is not in sudoers, which is weird because there is a 99-mendel-sudo in runonce.d which does precisely that (please see https://coral.googlesource.com/mendel-minimal/+/refs/heads/master/etc/runonce.d/99-mendel-sudo, I verified this file exists on my dev board).
So, does anyone know a workaround for this issue (root password?). I read several people talking about ssh issues and all solutions involve editing sshd_config which makes sense, of course. Only thing is that none of those pages (on Medium, Stackoverflow, GitHub) ever mention that something special is needed to first add mendel to /etc/sudoers. Seems like either I am missing something or something is broken regarding adding mendel to sudoers.
Here is my mendel Linux version:
mendel@tuned-eft:~$ uname -a
Linux tuned-eft 4.14.98-imx #1 SMP PREEMPT Fri Jul 17 01:15:45 UTC 2020 aarch64 GNU/Linux
mendel@tuned-eft:~$ cat /etc/mendel_version
5.0
mendel@tuned-eft:~$
Here are the ssh messages from my Chromebook:
amiarora@penguin:~$ ssh -v amiarora@tuned-eft c i eth i
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to tuned-eft [10.55.1.187] port 22.
debug1: Connection established.
debug1: identity file /home/amiarora/.ssh/id_rsa type -1
debug1: identity file /home/amiarora/.ssh/id_rsa-cert type -1
debug1: identity file /home/amiarora/.ssh/id_dsa type -1
debug1: identity file /home/amiarora/.ssh/id_dsa-cert type -1
debug1: identity file /home/amiarora/.ssh/id_ecdsa type -1
debug1: identity file /home/amiarora/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/amiarora/.ssh/id_ed25519 type -1
debug1: identity file /home/amiarora/.ssh/id_ed25519-cert type -1
debug1: identity file /home/amiarora/.ssh/id_xmss type -1
debug1: identity file /home/amiarora/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
debug1: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to tuned-eft:22 as 'amiarora'
debug1: SSH2_MSG_KEXINIT sent
Connection closed by 10.55.1.187 port 22
amiarora@penguin:~$
Output of the groups command on the dev board.
mendel@tuned-eft:~$ groups
mendel adm sudo audio video plugdev staff games users netdev input render i2c systemd-journal bluetooth apex
mendel@tuned-eft:~$ sudo sudosh
>>> /etc/sudoers: syntax error near line 28 <<<
sudo: parse error in /etc/sudoers near line 28
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
mendel@tuned-eft:~$
Any help would be much appreciated.
2
Answers
I recommend still using key-pair authentication, but use the USB-serial connection to set that up.
need to make both .ssh and authorized keys). Copy in your public key.
preferred-device [ip addr] so I don’t need to add the ip address to
commands).
As for the sudoers question, it’s surprising to hear that mendel doesn’t have sudo access. Checking on my board:
Can you verify?
One thing that seems really odd to me is that your
mendel
user doesn’t have sudoer access but it really should be by default. Without that, there isn’t much options to change thesshd_config
or thesudoers
file. My best suggestion is to go ahead and reflash the board using these instructions:https://coral.ai/docs/dev-board/reflash/#flash-the-board
Instead of
mdt reboot-bootloader
, you may have to just reboot the board manually and type anything within the first 3 seconds of it booting up to go into u-boot mode and type this in the u-boot prompt to get into fastboot mode:For reference, this is what my
/etc/sudoer
looks like: