Got my chip a few days ago. I think I’ll document what I’ve done with it for anybody who needs help. I am a Linux user with moderate knowledge of command line wizardry, so this guide should be helpful to people who are getting a feel for *nix based operating systems.
Disclaimer: Whenever I say “A computer” I mean a computer with a modern unix based operating system. My laptop is a thinkpad running Xubuntu. You should be able to do everything I did on a mac, but with windows you will have to use Cgwin or putty and I can’t make any grantees.
Out of the box
My CHIP arrives at my parents house during Christmas break. Just in time for me to take it back home to my apartment. I grab a micro-usb power cable and take it with me. It comes with a cool headphone jack RCA cable and has an OS preloaded, so all I have to do is plug it into my roommate’s TV. It works right away and soon I’m looking at a cool logo.
The chip needs a micro USB power cable and not much else. If you own a cell phone, you probably have one laying around.
Of course I need a way to control this computer. I plug my USB mouse in and… it dies. The CHIP shuts down. Apparently plugging things into the USB can do that. Fortunately unplugging and re-plugging the power cable brings it back to life. I’ll just have to remember to plug the power cable in last.
This is an issue for the developers to fix, but for now I’d advise any other users to plug the cable in last.
Of mice and manual input
This is where I slap myself. I don’t have any spare keyboards. I had a wireless keyboard at my parents house for controlling the Raspberry Pi, and I could have grabbed it when I got my USB cable, but I forgot. Right now I’ll have to make do with no keyboard input.
I’d suggest the developers include some sort of onscreen keyboard pre-installed. You can install one yourself, but that can be difficult if you don’t already have keyboard input. I can work around this, but I’d sugest any CHIP owner have a spare Bluetooth keyboard. The ones designed for the Rasbery Pi should work perfect with this. Particularly the ones with built in trackpads.
By my bootstraps
I can connect to wifi using my mouse, but only to networks that don’t require passwords. Fortunately my guest network has no password. Unfortunately my guest network has network isolation so I can’t SSH. For those who don’t know, SSH stands for secure shell, and it lets you gain remote command line access to another computer over a network. I use it to connect to the Rasbery Pi at my parents house, and it’s very powerful, you can do anything you could do sitting in front of the computer via SSH. I’d be able to install an onscreen keyboard and do other terminal things, but Unfortunately I can’t connect yet.
I order a Bluetooth keyboard off of amazon with the last of my Xmass giftcard balance, but even next day shipping isn’t fast enough for me right now. (and not everyone can afford to do that) so I’m going to have to find another way.
Where there’s a shell there’s a way
I can’t keyboard and I can’t SSH, but fortunately there is another way to access a shell. The micro USB-power cable can be plugged into a computer and not only will it supply power, it will also allow you to access the CHIP via a terminal.
Pluging the CHIP into the computer will light up the CHIP’s LEDs, but does not generate any particular messages for the user. That does not mean things aren’t happening though.
Open up a terminal emulator and type
dmesg | tail
You should get an output like this
[11069.233332] perf samples too long (2537 > 2500), lowering kernel.perf_event_max_sample_rate to 50000 [12880.986269] usb 2-1.2: new high-speed USB device number 4 using ehci-pci [12881.079065] usb 2-1.2: New USB device found, idVendor=0525, idProduct=a4a7 [12881.079069] usb 2-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [12881.079071] usb 2-1.2: Product: Gadget Serial v2.4 [12881.079072] usb 2-1.2: Manufacturer: Linux 4.3.0 with musb-hdrc [12881.104850] cdc_acm 2-1.2:2.0: This device cannot do calls on its own. It is not a modem. [12881.104933] cdc_acm 2-1.2:2.0: ttyACM0: USB ACM device [12881.106784] usbcore: registered new interface driver cdc_acm [12881.106788] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
dmesg is a command that prints the kernal ring buffer. Among other things, this is a log of things that were plugged into the computer. Because this log would be too long to be useful, we use the
| to redirect or pipe it’s output to another command called
tail. This shows us just the last few lines, there is another command called
head that does the opposite, but that’s less useful.
Most of those messages (all but the first really) are talking about the CHIP I just plugged in. But the important information is on the third to last line.
[12881.104933] cdc_acm 2-1.2:2.0: ttyACM0: USB ACM device
Particularly, I’m looking for
ttyACM0 that tells us where I can access the CHIP from my computer. Specificly, it’s located in
/dev/ttyACM0 I could go there in my file manager if I wanted to, and if you don’t believe me you can see for yourself. In order to access the CHIP, now all we have to do is use the following command.
screen /dev/ttyACM0 Screen is a useful program which I could spend a lot of time describing, but in this case it allows us to access the CHIP’s shell as if it were part of our regular computer. You should be prompted for a username and password. The login is
root and the password is
chip. You won’t see anything when you type the password, but trust me, it’s going through, just type it and press enter when you are done. If everything goes well, you should see something like the following.
Debian GNU/Linux 8 chip ttyGS0 chip login: root Password: Last login: Thu Dec 31 01:32:42 UTC 2015 on ttyGS0 Linux chip 4.3.0 #10 SMP Sat Nov 14 19:10:05 PST 2015 armv7l The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@chip:~#
For security reasons It’s a good idea to disable root login and change the default password, but we’ll do that latter. Logging in as root is very dangerous, you can have access to everything. If you don’t know what you are doing, you can break something, and if a hacker gets access to root, they can do whatever they want.
At this point you’ll probably feel an urge to put on fingerless gloves and mutter “i’m in”, but we have work to do here. First order of business is to connect to the internet. Type
nmtui to open up network manager’s curses based interface.
┌─┤ NetworkManager TUI ├──┐ │ │ │ Please select an option │ │ │ │ Edit a connection │ │ Activate a connection │ │ Set system hostname │ │ │ │ Quit │ │ │ │ <OK> │ │ │ └─────────────────────────┘
Pretty nifty eh? You can move your cursor around with the arrow keys and select with the enter key. Chose
Activate a connection and then select your network from the list. You will then be prompted to enter the password. Exit out of
nmtui and open it back up again, this time selecting edit a connection. You’ll see lots of scary options, but the important ones are at the bottom. Scroll down the whole way using the arrow buttons.
┌───────────────────────────┤ Edit Connection ├───────────────────────────┐ │ ↑│ │ │ Mode <Client> ▒│ │ │ ▒│ │ │ Security <WPA & WPA2 Personal> ▒│ │ │ Password *************___________________________ ▒│ │ │ [ ] Show password ▒│ │ │ ▒│ │ │ BSSID ________________________________________ ▒│ │ │ Cloned MAC address ________________________________________ ▒│ │ │ MTU __________ (default) ▒│ │ └ ▒│ │ ▒│ │ ═ IPv4 CONFIGURATION <Automatic> <Show> ▒│ │ ═ IPv6 CONFIGURATION <Automatic> <Show> ▒│ │ ▒│ │ [X] Automatically connect ▒│ │ [X] Available to all users ▒│ │ ▒│ │ <Cancel> <OK>▮│ │ ↓│ └─────────────────────────────────────────────────────────────────────────┘
the important options are the ones that say
[X] Automatically connect and
[X] Available to all users Make sure both are connected and you are done. The CHIP will automatically connect to the proper network and the password will be saved.
Sudo apt-get Probably one one of the most useful commands you will use.
sudo is how you ask please in *nix. Right now you are logged in as root so it’s not really necessary, but you should get into the habit now. Many commands require elevated permission.With
sudo you will be prompted for your password (once again, the characters in your password will not be displayed as you type them) and if you have the proper authorization, you will be allowed to execute the command.
apt-get is a package manager used by many distributions of Linux, particularly Debian based ones such as Ubuntu or Rasbian. IDK what the CHIP’s distro is called, but it appears to be based off of Rasbian and thus uses apt-get.
apt-get install something is basically telling apt-get to install something (assuming there was a packaged named “something” for it to install, replace that with whatever you want to install.)
apt-get update is telling apt-get to check it’s repositories for a list of available software packages.
Before we install anything, we need to use
sudo apt-get update this will take a while so be patent. Once it’s done, install SSH with
sudo apt-get install ssh
once again this takes a while, sometimes it will ask you if you want to install extra packages that are required as dependencies. Always answer
Once SSH is installed, we can leave, but if you want, you can install other things. Try installing and running a program called
cmatrix to see what it does. If you ever want to un-install something, use
sudo apt-get purge something it’s also a good idea to run
sudo apt-get autoremove from time to time as it removes un-needed dependencies that would otherwise clog your system. Remember you only have 4 gigs of storage space so use it wisely.
Ghost in the shell
Now that you have SSH running, you can close the terminal, disconnect the chip, and hook it back up to wherever it was before. (Sometimes the chip does not like to start up again after being powered off, check the "Not rebooting! section below for help if this happens)
You will be able to connect to it through wifi now. Some routers handle things diffrently, but you should be able to log in with
ssh root@chip' or 'ssh root @chip.local
If neither of those work, go into your router and find the IP address. You can usually connect to it by opening a web browser and typing
192.168.1.1 you will be prompted for a password, but you can usually find the default written on the back of the router, or if the people who made it are idiots, the default login will be
password. Fun fact, this trick can often be used to hack into public wifi-hotspots. Use this power responsibly. What you will find inside depends on the router manufacturer, but usualy there is a place listing all the devices attached. On this list next to your computers and smartphones, you will find an entry labeled chip along with it’s local IP address. Once you have that you can connect to it via
ssh firstname.lastname@example.org If this doesn’t work, your router is probably specifically preventing ssh connections or something shady like that. Complain to your ISP.
Once you have found the proper way to connect, ssh will ask you the following question
The authenticity of host 'chip.local (XXX.XXX.X.X)' can't be established. ECDSA key fingerprint is Xx:XX:xX:Xx:xX:Xx:XX:xx:Xx:XX:xX:XX:XX:XX:XX:xx. Are you sure you want to continue connecting (yes/no)?
This sounds scary, but SSH is just making sure nobody is trying to trick you. Answer
yes. If somebody tries to trick you with a computer that has the same name and ip address as yours, ssh will warn you because it will check to make sure the keys are the same.
Once that’s taken care of, you will be prompted for a password. Unless you changed it, it will still be
chip but you’re smart so you’ll change it to something less obvious won’t you.
Now that you are connected via SSH, you can access it remotely and do anything you could do with a keyboard locally. Your chip dosn’t even need a screen anymore, just a source of electricity. It would be nice if SSH came pre-installed so you could start doing this out of the box, but that’s an issue for the developers. SSH is also a better interface in general compared to using the USB cable. your terminal will now be able to scroll up and down, and display colored text.
If you want the power to access your chip from anywhere in the world, go back into your router and set up port forwarding. Again this is diffrent depending on your router, but there should be an option to set any incoming traffic to be redirected to the chip’s ip address using port 22. This however can be dangerous if you don’t know what you are doing. Your chip will be exposed to the internet, and random botnets will start trying to connect to it. I’d recommend disabling the root login, changing the password to something other than
chip, and setting up fail2ban. I’ll show you how to do that latter on.
Fixing the Locales
While I was setting things up, I noticed a lot of error messages along the lines of
locale: Cannot set LC_CTYPE to default locale: No such file or directory locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory
These aren’t preventing anything from working, but they are annoying and might cause actual problems latter. Assuming you are an american, We fix this by using
sudo locale-gen en_US en_US.UTF-8 and
sudo dpkg-reconfigure locales The latter will present you with another curses menu.
┌──────────────────────────┤ Configuring locales sudo ├──────────────────────────┐ │ Locales are a framework to switch between multiple languages and allow │ │ users to use their language, country, characters, collation order, etc. │ │ │ │ Please choose which locales to generate. UTF-8 locales should be chosen │ │ by default, particularly for new installations. Other character sets may │ │ be useful for backwards compatibility with older systems and software. │ │ │ │ Locales to be generated: │ │ │ │ [ ] en_SG.UTF-8 UTF-8 ↑ │ │ [*] en_US ISO-8859-1 ▮ │ │ [*] en_US.ISO-8859-15 ISO-8859-15 ▒ │ │ [*] en_US.UTF-8 UTF-8 ▒ │ │ [ ] en_ZA ISO-8859-1 ↓ │ │ │ │ │ │ <Ok> <Cancel> │ │ │ └───────────────────────────────────────────────────────────────────────────┘
Assuming you are an English speaking american, select all the ones labeled en_US, otherwise find the ones that apply to your chosen language. You will have the option to select all of them, but that’s not recommended, you only have 4 gigs on this thing.
Once you are finished with that, Reset the chip. You can do this by typing
sudo reboot. once the chip reboots, this problem should be fixed.
Well, it should be fixed, but for me it caused another problem. The chip does not seem to like restarting when it gets hot. IDK why, but when this happens, you just have to let it cool down for a few minutes. Blowing dry air over it can speed this up, but don’t do something stupid like putting it in the refrigerator, computers do not like moisture.
Once the chip has had time to cool down, try plugging it back in. It should work again.
Passwords and security
Now it’s time to start securing things. First to go is root login. We can log in as
chip@chip with the same default password of
chip. Chip has
sudo access so we don’t need root. Even if we did want to be
root we could use
sudo su to temporarily switch accounts.
To do this we must first log in as
chip and enter the following command
sudo passwd -l root
passwd is the command for setting passwords, and setting root’s password to
-l locks it. The password is now an invalid value. Root may be accessed in other ways, but it no longer has a password.
This still isn’t secure enough though, even letting people try to login as root can be dangerous. The next step is to type
sudo nano /etc/ssh/sshd_config nano is a simple text editor program, sshd_config is a file used to store your SSH configurations. You should see a screen like this,
GNU nano 2.2.6 File: /etc/ssh/sshd_config # Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ^G Get Help ^O WriteOut ^R Read File ^Y Prev Page ^K Cut Text ^C Cur Pos ^X Exit ^J Justify ^W Where Is ^V Next Page ^U UnCut Text^T To Spell
There are lots of lines here, but the important part is the line that says
PermitRootLogin yes change that
yes to a
no. When you are done press
Ctrl-X to save and quit. Chose
yes when prompted and then press enter to leave the file-name unchanged. Now any attempt to log in as root via SSH will be refused, and any attempt to log in as root locally using it’s password will also fail. Assuming you are a
sudoer you can still access it by typing
sudo su and then entering YOUR password (not root’s password) but that requires you to already have access.
Once you have done this use
sudo service ssh restart to make sure the changes take effect. Surprisingly this will not log you off. Try logging off now, and logging in as root, and you will not be able. But you will be able to log on as chip, and chip will be able to use
You should probably change chip’s password, and maybe while you are at it, set up some new accounts. But I’ll talk about that latter.