Setting up CHIP as a headless server with minimal tools


#1

Got my chip a few days ago. I think I’ll document what I’ve done with it for anybody who needs help. I am a Linux user with moderate knowledge of command line wizardry, so this guide should be helpful to people who are getting a feel for *nix based operating systems.

Disclaimer: Whenever I say “A computer” I mean a computer with a modern unix based operating system. My laptop is a thinkpad running Xubuntu. You should be able to do everything I did on a mac, but with windows you will have to use Cgwin or putty and I can’t make any grantees.

Out of the box

My CHIP arrives at my parents house during Christmas break. Just in time for me to take it back home to my apartment. I grab a micro-usb power cable and take it with me. It comes with a cool headphone jack RCA cable and has an OS preloaded, so all I have to do is plug it into my roommate’s TV. It works right away and soon I’m looking at a cool logo.

The chip needs a micro USB power cable and not much else. If you own a cell phone, you probably have one laying around.

First problem

Of course I need a way to control this computer. I plug my USB mouse in and… it dies. The CHIP shuts down. Apparently plugging things into the USB can do that. Fortunately unplugging and re-plugging the power cable brings it back to life. I’ll just have to remember to plug the power cable in last.

This is an issue for the developers to fix, but for now I’d advise any other users to plug the cable in last.

Of mice and manual input

This is where I slap myself. I don’t have any spare keyboards. I had a wireless keyboard at my parents house for controlling the Raspberry Pi, and I could have grabbed it when I got my USB cable, but I forgot. Right now I’ll have to make do with no keyboard input.

I’d suggest the developers include some sort of onscreen keyboard pre-installed. You can install one yourself, but that can be difficult if you don’t already have keyboard input. I can work around this, but I’d sugest any CHIP owner have a spare Bluetooth keyboard. The ones designed for the Rasbery Pi should work perfect with this. Particularly the ones with built in trackpads.

By my bootstraps

I can connect to wifi using my mouse, but only to networks that don’t require passwords. Fortunately my guest network has no password. Unfortunately my guest network has network isolation so I can’t SSH. For those who don’t know, SSH stands for secure shell, and it lets you gain remote command line access to another computer over a network. I use it to connect to the Rasbery Pi at my parents house, and it’s very powerful, you can do anything you could do sitting in front of the computer via SSH. I’d be able to install an onscreen keyboard and do other terminal things, but Unfortunately I can’t connect yet.

I order a Bluetooth keyboard off of amazon with the last of my Xmass giftcard balance, but even next day shipping isn’t fast enough for me right now. (and not everyone can afford to do that) so I’m going to have to find another way.

Where there’s a shell there’s a way

I can’t keyboard and I can’t SSH, but fortunately there is another way to access a shell. The micro USB-power cable can be plugged into a computer and not only will it supply power, it will also allow you to access the CHIP via a terminal.

Pluging the CHIP into the computer will light up the CHIP’s LEDs, but does not generate any particular messages for the user. That does not mean things aren’t happening though.

Open up a terminal emulator and type

dmesg | tail

You should get an output like this

[11069.233332] perf samples too long (2537 > 2500), lowering kernel.perf_event_max_sample_rate to 50000
[12880.986269] usb 2-1.2: new high-speed USB device number 4 using ehci-pci
[12881.079065] usb 2-1.2: New USB device found, idVendor=0525, idProduct=a4a7
[12881.079069] usb 2-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[12881.079071] usb 2-1.2: Product: Gadget Serial v2.4
[12881.079072] usb 2-1.2: Manufacturer: Linux 4.3.0 with musb-hdrc
[12881.104850] cdc_acm 2-1.2:2.0: This device cannot do calls on its own. It is not a modem.
[12881.104933] cdc_acm 2-1.2:2.0: ttyACM0: USB ACM device
[12881.106784] usbcore: registered new interface driver cdc_acm
[12881.106788] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters

dmesg is a command that prints the kernal ring buffer. Among other things, this is a log of things that were plugged into the computer. Because this log would be too long to be useful, we use the | to redirect or pipe it’s output to another command called tail. This shows us just the last few lines, there is another command called head that does the opposite, but that’s less useful.

Most of those messages (all but the first really) are talking about the CHIP I just plugged in. But the important information is on the third to last line.

    [12881.104933] cdc_acm 2-1.2:2.0: ttyACM0: USB ACM device

Particularly, I’m looking for ttyACM0 that tells us where I can access the CHIP from my computer. Specificly, it’s located in /dev/ttyACM0 I could go there in my file manager if I wanted to, and if you don’t believe me you can see for yourself. In order to access the CHIP, now all we have to do is use the following command. screen /dev/ttyACM0 Screen is a useful program which I could spend a lot of time describing, but in this case it allows us to access the CHIP’s shell as if it were part of our regular computer. You should be prompted for a username and password. The login is root and the password is chip. You won’t see anything when you type the password, but trust me, it’s going through, just type it and press enter when you are done. If everything goes well, you should see something like the following.

Debian GNU/Linux 8 chip ttyGS0

chip login: root
Password: 
Last login: Thu Dec 31 01:32:42 UTC 2015 on ttyGS0
Linux chip 4.3.0 #10 SMP Sat Nov 14 19:10:05 PST 2015 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@chip:~# 

For security reasons It’s a good idea to disable root login and change the default password, but we’ll do that latter. Logging in as root is very dangerous, you can have access to everything. If you don’t know what you are doing, you can break something, and if a hacker gets access to root, they can do whatever they want.

At this point you’ll probably feel an urge to put on fingerless gloves and mutter “i’m in”, but we have work to do here. First order of business is to connect to the internet. Type nmtui to open up network manager’s curses based interface.

┌─┤ NetworkManager TUI ├──┐
│                         │
│ Please select an option │
│                         │
│ Edit a connection       │
│ Activate a connection   │
│ Set system hostname     │
│                         │
│ Quit                    │
│                         │
│                    <OK> │
│                         │
└─────────────────────────┘

Pretty nifty eh? You can move your cursor around with the arrow keys and select with the enter key. Chose Activate a connection and then select your network from the list. You will then be prompted to enter the password. Exit out of nmtui and open it back up again, this time selecting edit a connection. You’ll see lots of scary options, but the important ones are at the bottom. Scroll down the whole way using the arrow buttons.

┌───────────────────────────┤ Edit Connection ├───────────────────────────┐
│                                                                        ↑│
│ │               Mode <Client>                                          ▒│
│ │                                                                      ▒│
│ │           Security <WPA & WPA2 Personal>                             ▒│
│ │           Password *************___________________________          ▒│
│ │                    [ ] Show password                                 ▒│
│ │                                                                      ▒│
│ │              BSSID ________________________________________          ▒│
│ │ Cloned MAC address ________________________________________          ▒│
│ │                MTU __________ (default)                              ▒│
│ └                                                                      ▒│
│                                                                        ▒│
│ ═ IPv4 CONFIGURATION <Automatic>                              <Show>   ▒│
│ ═ IPv6 CONFIGURATION <Automatic>                              <Show>   ▒│
│                                                                        ▒│
│ [X] Automatically connect                                              ▒│
│ [X] Available to all users                                             ▒│
│                                                                        ▒│
│                                                           <Cancel> <OK>▮│
│                                                                        ↓│
└─────────────────────────────────────────────────────────────────────────┘

the important options are the ones that say [X] Automatically connect and [X] Available to all users Make sure both are connected and you are done. The CHIP will automatically connect to the proper network and the password will be saved.

Installing software

Sudo apt-get Probably one one of the most useful commands you will use.
sudo is how you ask please in *nix. Right now you are logged in as root so it’s not really necessary, but you should get into the habit now. Many commands require elevated permission.With sudo you will be prompted for your password (once again, the characters in your password will not be displayed as you type them) and if you have the proper authorization, you will be allowed to execute the command.
apt-get is a package manager used by many distributions of Linux, particularly Debian based ones such as Ubuntu or Rasbian. IDK what the CHIP’s distro is called, but it appears to be based off of Rasbian and thus uses apt-get. apt-get install something is basically telling apt-get to install something (assuming there was a packaged named “something” for it to install, replace that with whatever you want to install.)
apt-get update is telling apt-get to check it’s repositories for a list of available software packages.

Before we install anything, we need to use sudo apt-get update this will take a while so be patent. Once it’s done, install SSH with sudo apt-get install ssh
once again this takes a while, sometimes it will ask you if you want to install extra packages that are required as dependencies. Always answer yes.

Once SSH is installed, we can leave, but if you want, you can install other things. Try installing and running a program called cmatrix to see what it does. If you ever want to un-install something, use sudo apt-get purge something it’s also a good idea to run sudo apt-get autoremove from time to time as it removes un-needed dependencies that would otherwise clog your system. Remember you only have 4 gigs of storage space so use it wisely.

Ghost in the shell

Now that you have SSH running, you can close the terminal, disconnect the chip, and hook it back up to wherever it was before. (Sometimes the chip does not like to start up again after being powered off, check the "Not rebooting! section below for help if this happens)
You will be able to connect to it through wifi now. Some routers handle things diffrently, but you should be able to log in with ssh root@chip' or 'ssh root @chip.local

If neither of those work, go into your router and find the IP address. You can usually connect to it by opening a web browser and typing 192.168.1.1 you will be prompted for a password, but you can usually find the default written on the back of the router, or if the people who made it are idiots, the default login will be admin and password. Fun fact, this trick can often be used to hack into public wifi-hotspots. Use this power responsibly. What you will find inside depends on the router manufacturer, but usualy there is a place listing all the devices attached. On this list next to your computers and smartphones, you will find an entry labeled chip along with it’s local IP address. Once you have that you can connect to it via ssh root@xxx.xxx.x.x If this doesn’t work, your router is probably specifically preventing ssh connections or something shady like that. Complain to your ISP.

Once you have found the proper way to connect, ssh will ask you the following question

The authenticity of host 'chip.local (XXX.XXX.X.X)' can't be established.
ECDSA key fingerprint is Xx:XX:xX:Xx:xX:Xx:XX:xx:Xx:XX:xX:XX:XX:XX:XX:xx.
Are you sure you want to continue connecting (yes/no)?

This sounds scary, but SSH is just making sure nobody is trying to trick you. Answer yes. If somebody tries to trick you with a computer that has the same name and ip address as yours, ssh will warn you because it will check to make sure the keys are the same.

Once that’s taken care of, you will be prompted for a password. Unless you changed it, it will still be chip but you’re smart so you’ll change it to something less obvious won’t you.

Now that you are connected via SSH, you can access it remotely and do anything you could do with a keyboard locally. Your chip dosn’t even need a screen anymore, just a source of electricity. It would be nice if SSH came pre-installed so you could start doing this out of the box, but that’s an issue for the developers. SSH is also a better interface in general compared to using the USB cable. your terminal will now be able to scroll up and down, and display colored text.

If you want the power to access your chip from anywhere in the world, go back into your router and set up port forwarding. Again this is diffrent depending on your router, but there should be an option to set any incoming traffic to be redirected to the chip’s ip address using port 22. This however can be dangerous if you don’t know what you are doing. Your chip will be exposed to the internet, and random botnets will start trying to connect to it. I’d recommend disabling the root login, changing the password to something other than chip, and setting up fail2ban. I’ll show you how to do that latter on.

Fixing the Locales

While I was setting things up, I noticed a lot of error messages along the lines of

locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

These aren’t preventing anything from working, but they are annoying and might cause actual problems latter. Assuming you are an american, We fix this by using sudo locale-gen en_US en_US.UTF-8 and sudo dpkg-reconfigure locales The latter will present you with another curses menu.

┌──────────────────────────┤ Configuring locales sudo ├──────────────────────────┐
│ Locales are a framework to switch between multiple languages and allow    │
│ users to use their language, country, characters, collation order, etc.   │
│                                                                           │
│ Please choose which locales to generate. UTF-8 locales should be chosen   │
│ by default, particularly for new installations. Other character sets may  │
│ be useful for backwards compatibility with older systems and software.    │
│                                                                           │
│ Locales to be generated:                                                  │
│                                                                           │
│    [ ] en_SG.UTF-8 UTF-8                                              ↑   │
│    [*] en_US ISO-8859-1                                               ▮   │
│    [*] en_US.ISO-8859-15 ISO-8859-15                                  ▒   │
│    [*] en_US.UTF-8 UTF-8                                              ▒   │
│    [ ] en_ZA ISO-8859-1                                               ↓   │
│                                                                           │
│                                                                           │
│                    <Ok>                        <Cancel>                   │
│                                                                           │
└───────────────────────────────────────────────────────────────────────────┘

Assuming you are an English speaking american, select all the ones labeled en_US, otherwise find the ones that apply to your chosen language. You will have the option to select all of them, but that’s not recommended, you only have 4 gigs on this thing.

Once you are finished with that, Reset the chip. You can do this by typing sudo reboot. once the chip reboots, this problem should be fixed.

Not rebooting!

Well, it should be fixed, but for me it caused another problem. The chip does not seem to like restarting when it gets hot. IDK why, but when this happens, you just have to let it cool down for a few minutes. Blowing dry air over it can speed this up, but don’t do something stupid like putting it in the refrigerator, computers do not like moisture.

Once the chip has had time to cool down, try plugging it back in. It should work again.

Passwords and security

Now it’s time to start securing things. First to go is root login. We can log in as chip@chip with the same default password of chip. Chip has sudo access so we don’t need root. Even if we did want to be root we could use sudo su to temporarily switch accounts.

To do this we must first log in as chip and enter the following command sudo passwd -l root
passwd is the command for setting passwords, and setting root’s password to -l locks it. The password is now an invalid value. Root may be accessed in other ways, but it no longer has a password.

This still isn’t secure enough though, even letting people try to login as root can be dangerous. The next step is to type sudo nano /etc/ssh/sshd_config nano is a simple text editor program, sshd_config is a file used to store your SSH configurations. You should see a screen like this,

  GNU nano 2.2.6          File: /etc/ssh/sshd_config                            

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600

^G Get Help  ^O WriteOut  ^R Read File ^Y Prev Page ^K Cut Text  ^C Cur Pos
^X Exit      ^J Justify   ^W Where Is  ^V Next Page ^U UnCut Text^T To Spell

There are lots of lines here, but the important part is the line that says PermitRootLogin yes change that yes to a no. When you are done press Ctrl-X to save and quit. Chose yes when prompted and then press enter to leave the file-name unchanged. Now any attempt to log in as root via SSH will be refused, and any attempt to log in as root locally using it’s password will also fail. Assuming you are a sudoer you can still access it by typing sudo su and then entering YOUR password (not root’s password) but that requires you to already have access.

Once you have done this use sudo service ssh restart to make sure the changes take effect. Surprisingly this will not log you off. Try logging off now, and logging in as root, and you will not be able. But you will be able to log on as chip, and chip will be able to use sudo and su.

You should probably change chip’s password, and maybe while you are at it, set up some new accounts. But I’ll talk about that latter.


Getting started with CHIP on Windows 10
How to auto-login to CHIP?
HOWTO: Hitchhiker's guide to get into headless CHIP
Just purchased 2 chips and can't get either to work with Windows
SSH using vanilla chromebook over usb?
Can Not Manage wlan1
[APT] Pocket Home (Marshmallow edition)
Unable to connect to wifi that requires username & password
0 to 60 with OSX, remaining questions (#4 being the big one)
Ssh into headless CHIP: not able to find it on local network
PLEASE VOTE - CHIP Production Units - How Many Stars?
Is a blind installation possible?
Package Updater stuck; not requesting authentication
SSH not pre-installed
Anyway to SSH with out any DIP's?
Moved the /bin/ - folder
CHIP tty serial?
Need some advice for setting up to run MaslowCNC
#2

@NinjaKun awesome post


#3

That was good. I never know there was a command nmtui that can easy set up WiFi thought the command line.

Wow it would of worked for me long ago when I looked on Google for a command like that. Every thing was very hard. I looked for “setup wifi command line ubuntu” all was lots of edits and commands and I never got it to work back then.

I got a txt file on my /root for nice commands I added this one in a file I name “cat4commands”

Thank you.

If you want to change the pass word. Just log in as root or if you on the screen and in a term can get to root with “sudo su -” then just type “passwd root” to change the root password.

-Raymond Day


#4

Thanks so much, @NinjaKun! You saved me a bunch of time. :slightly_smiling:

But I had some trouble with the “screen” command on my Macbook Air. When I entered the “nmtui” command, screen did not properly render the ncurses output. Basically, no text characters were displayed at all; everything was graphical characters. I tried a few different terminal emulators without luck (different ones had different problems). Finally I tried “cu”, and it worked.

Here’s my adjusted “quick start” guide: http://wiki.geeky-boy.com/w/index.php?title=CHIP_startup


#5

As for your “plug into USB port then die after a couple minutes” problem. I had the same issue. Actually, it always happened even if I plugged if into an USB 5v 2a power supply. Somehow, CHIP does not like to be ignored for a long time. So I try to give it some attention. If I plugged it in and try to SSH in. Once it was successful, it would not die. I then added a command line “ping 192.168.0.1 -c 256” in /etc/rc.local, where the IP it pinged is my router, and it will not die. Right now, I can plug it into any power source including my pc’s USB port. It will start up and stay on without do anything. You can try to see if it works.


#6

I never had that problem. once it’s up and running the chip seems to be fine sitting in the dark behind my TV all night long. It hasn’t been on for more than 24 hours yet because I keep doing things with it that require resets, but I haven’t seen any long term use issues.

The problem for me is when it shuts down, it does not like to turn back on until it cools down. Also, plugging a new USB device in while it’s running sometimes kills it.


#7

As I posted in another thread, I’ve now had my CHIP running continuously as a server for about 24 hours. With a USB flash drive plugged in, and a tiny 110mAh battery. Maybe the battery is helping even out any power draw issues…


#8

When I tried that, it said, “command not found”, even after “apt-get update”. But after a “apt-get -f install locale”, your locale-fixing commands worked.


#9

On my Mac, I had to use

screen /dev/tty.usbmodem1411

as the command to connect over USB to the CHIP. Check /dev for a similarly named tty device if you are on a Mac.

I hope this will help others connecting to the CHIP from a Mac.


#10

Yeah, it might be diffrent, which Is why I suggest using dmesg | tail to find the specific device name.
lsusb might also work, but I haven’t tried it and I’m too lazy to unplug my chip just for that.


#11

Another tidbit: I had to set

TERM=ansi

to get nmtui to display properly. The default TERM setting did not work at all on my Mac.


#12

Sorry for going off-topic, but why do so many CHIP users also use macs? I mean, I came here because raspberry pi was too expensive for what I want from it. But you people, if you can afford buying an overpriced computer when you can get the same or better specs for mere 40% of its price, why even bother saving that $50 if it means nothing to you?


#13

I haven’t owned a new Mac since 2006 (and then I was running a small business, so it was a tax write off.) Since then, I have only bought used Macs that are broken in some way that I fixed myself. My current one is a 2011 iMac I paid $200 for, and spent another $100 fixing/upgrading. I bought it about six months ago. Prior to that was a 2008 iMac my neighbor gave me for free because it was broken (I took the hard drive out and put it in a USB case for him as payment.) I spent $150 fixing it. That was in 2011.

And I know quite a few people who have a computer provided by work, many of them a Mac.


#14

Ok, I see your point, BUT you can also buy used laptops from other manufacturers. Crapple is well-known for making non-repairable laptops that take more effort only to open than others to repair. On the other hand, Windows or Linux laptops in similar condition are often cheaper than macs. So in the end you save both money and time repairing it.


#15

Yeah, sorry, you lost me with “Crapple”… Obviously your mind is made up, and nothing I write will convince you that there are acceptable reasons for someone on a budget to buy a Mac, so I’m not going to bother trying any further.


#16

DOH! I had the same problem @tonyhansen which I solved by using “cu” instead of “screen”. I did try “TERM=vt100” which usually resolves such issues, but not here. Didn’t think of ansi.

Thanks!


#17

He lost me with “you people”. :slight_smile:


#18

Please take your non-constructive opinions elsewhere.


#19

Yikes! TLDR

Flash it: ./chip-update-firmware.sh -d

Login and do this:

apt-get update
apt-get upgrade
apt-get -y install locales
locale-gen en_US en_US.UTF-8
dpkg-reconfigure locales

Setup WiFi:

nmcli device wifi connect SSID_NAME password “YOUR_PASSWD” inflame wlan0

reboot


#20

I went verbose because I see lots of guides where they just list commands without saying what they do. Not only is this potentially insecure. It also does not teach anything.

My guide was written for people who don’t know what they are doing, but would like to know.