[yocto] Fwd: OpenSSH pre login banner

Bryan Evenson bevenson at melinkcorp.com
Thu Oct 3 11:40:20 PDT 2013 

Amit,

Did you name the file sshd-config or sshd_config?  Because it should be sshd_config.

-Bryan

From: Amit Tomer [mailto:amittomer25 at gmail.com]
Sent: Thursday, October 03, 2013 2:36 PM
To: Bryan Evenson
Cc: yocto at yoctoproject.org
Subject: Re: [yocto] Fwd: OpenSSH pre login banner

Yes Brayan

I did the whole process again and  looked into Target filesystem /etc/ssh. I can see the banner file with my content is there
/etc/ssh/banner

Then I see the /etc/ssh/sshd-config with Banner variable to set to /etc/ssh/sshd-config

But still, when I do ssh IP_address, I did not see any Banner message .

I restarted the sshd service without any luck

I have connected to board using putty on serial line /dev/ttyUSB1 .

What could be the problem here??

On Thu, Oct 3, 2013 at 10:17 AM, Bryan Evenson <bevenson at melinkcorp.com<mailto:bevenson at melinkcorp.com>> wrote:
Amit,

To me it looks like it did not take your sshd_config file.  Maybe try adding it to the SRC_URI in your bbappend?

Instead of running the updated package on your target board, you can open up the newly created package and verify the file you want is where it should be.  Ipks are basically a tar.gz file, so you can open their contents with any unpacking tool that can read tar.gz (file-roller is what I use).  In the .ipk, open up the etc/ssh/sshd_config file and verify it matches the one with your modifications.  If not, then Bitbake isn't grabbing your modified sshd_config.  If you're using RPM or DEB packages, I believe something similar can be done.

-Bryan

From: Amit Tomer [mailto:amittomer25 at gmail.com<mailto:amittomer25 at gmail.com>]
Sent: Thursday, October 03, 2013 10:41 AM
To: Bryan Evenson; yocto at yoctoproject.org<mailto:yocto at yoctoproject.org>

Subject: Re: [yocto] Fwd: OpenSSH pre login banner

Fine Bryan,Thanks for your Suggestion

Not sure should I Share it with you or not but I have seen very weird behaviour on my Targer board regarding Openssh Banner.

When I login to my Hardware Board(after freash boot) and do ssh some_ip_address ,I am able to see Banner message
But in /etc/ssh/sshd_config file

#Banner is set to nothing

Then when I do ssh some_ip_address again ,I could not see any banner as it is expected behaviour.

Hope you would provide any pointer on the same .

Thanks
Amit




On Thu, Oct 3, 2013 at 7:40 PM, Bryan Evenson <bevenson at melinkcorp.com<mailto:bevenson at melinkcorp.com>> wrote:
Amit,

Good to hear you got your recipe in order.  Best way to learn more about the Yocto Project and the Poky distribution is through watching this mailing list and the Poky mailing list (poky at yoctoproject.org<mailto:poky at yoctoproject.org>) to see how other people solve their problems they come across.  And, by reading the documentation over at http://www.yoctoproject.org/documentation/current/.

-Bryan

From: Amit Tomer [mailto:amittomer25 at gmail.com<mailto:amittomer25 at gmail.com>]
Sent: Thursday, October 03, 2013 10:03 AM

To: Bryan Evenson
Cc: yocto at yoctoproject.org<mailto:yocto at yoctoproject.org>
Subject: Re: [yocto] Fwd: OpenSSH pre login banner

Thanks again Bryan for your kind response

The reason for having the PRINC ="4" is becaue when I started modifying this already existing file
value of PRINC is set 3 ,so for my changes I Incremented it to One.

Change
SRC_URI = "file://banner<file:///\\banner>"
To
SRC_URI += "file://banner"

I am really feeling bit stupid here ,I just in hurry forgot to put + sign
Though I learned a new point

"With your line, you are overriding all the SRC_URI for the entire openssh recipe and the openssh recipe will only include the banner file ".

Change
FILESEXTRAPATHS_prepend := "${THISDIR}/openssh-6.1p1:"
to
FILESEXTRAPATHS_prepend := "${THISDIR}:"

We already had openssh-6.1p1 folder where our sshd_config file is placed ,So I guess it won't harm
much if I put FILESEXTRAPATHS_prepend := "${THISDIR}/openssh-6.1p1:" with banner file in openssh-6.1p1 folder

One more point wanted from your end,what is best way to learn Yocto
How can improve my knowledge in Yocto?

Thanks
Amit.




On Thu, Oct 3, 2013 at 7:05 PM, Bryan Evenson <bevenson at melinkcorp.com<mailto:bevenson at melinkcorp.com>> wrote:
Amit,

First, I suggest you change
PRINC = "4"
to
PRINC := "${@int(PRINC) + 1}"

This way your bbappend will always increment the PR to one more than the PR called out by the main recipe.  So if the openssh recipe would get updated and increment the PR, you do not have to change your bbappend.

Change
SRC_URI = "file://banner<file:///\\banner>"
To
SRC_URI += "file://banner"

The += appends your banner file to the SRC_URI for the openssh recipe.  With your line, you are overriding all the SRC_URI for the entire openssh recipe and the openssh recipe will only include the banner file.  I've taken to the habit of writing the SRC_URI as follows:

SRC_URI += " \
file://banner<file:///\\banner> \
"
just to ensure that words aren't joined together when my SRC_URI is appended to the existing one.  I don't know if this is strictly necessary, but it's not a bad habit.

Change
FILESEXTRAPATHS_prepend := "${THISDIR}/openssh-6.1p1:"
to
FILESEXTRAPATHS_prepend := "${THISDIR}:"

so Bitbake can find your banner file and sshd_config that you have in the same directory as the bbappend.

I can't remember if you get a warning if Bitbake can't find the license file at all or if it fails on each attempt through the filepath.  Since your new path is first, it won't find LICENCE in your layer since you didn't copy it.  Once way to quiet this warning would be to copy the license file to your directory.

-Bryan

From: Amit Tomer [mailto:amittomer25 at gmail.com<mailto:amittomer25 at gmail.com>]
Sent: Thursday, October 03, 2013 8:23 AM
To: Bryan Evenson
Cc: yocto at yoctoproject.org<mailto:yocto at yoctoproject.org>
Subject: Re: [yocto] Fwd: OpenSSH pre login banner

Hi Brayan

Thanks for your help

The way I modify .bbapend file is below

PRINC = "4"
SRC_URI = "file://banner<file:///\\banner>"
FILESEXTRAPATHS_prepend := "${THISDIR}/openssh-6.1p1:"
do_install_append() {

Install -m 755 ${WORKDIR}/banner ${D}${sysconfdir}/ssh
}



But it gives me

Below problem

WARNING: /tmp/work/cortexa15hf-vfp-neon-poky-linux-gnueabi/openssh/6.1p1-r3/openssh-6.1p1/LICENCE could not be copied for some reason. It may not exist. WARN for now.

And my build process is really got slow and sometimes I am getting the error also

What could be the reason for above??






On Thu, Oct 3, 2013 at 5:49 PM, Bryan Evenson <bevenson at melinkcorp.com<mailto:bevenson at melinkcorp.com>> wrote:
Amit,

>From your message, I'm assuming you have a bbappend file for openssh.  Following the example in section of 5.1.4 of the Mega Manual (located at http://www.yoctoproject.org/docs/current/mega-manual/mega-manual.html#using-bbappend-files) and from personal experience, put the following in your bbappend file:

FILESEXTRAPATHS_prepend := " ${THISDIR}: "
SRC_URI += " file://banner<file:///\\banner> "
FILES_${PN} += " /etc/ssh/banner "

do_install_append() {
                install -d ${D}${sysconfdir}/ssh
                install -m 0644 ${WORKDIR}/banner ${D}${sysconfdir/ssh/banner
}
PRINC := "${@int(PRINC) + 1}"

then place your banner file and sshd_config in the same directory as your bbappend.  When openssh gets built, Bitbake will find your sshd_config first and use and install that file instead of the one from the main layer.  The recipe also tells it how to handle the new banner file that is not part of the original recipe; you do not need to put these rules in place for sshd_config because that is already part of the original recipe.  Then in the future every time you make a change to the openssh package in your layer, increment the PRINC so your package management tools will see it as an upgrade.  For example, if you change the contents of the banner file, then change the "+ 1" to "+ 2".

-Bryan

From: yocto-bounces at yoctoproject.org<mailto:yocto-bounces at yoctoproject.org> [mailto:yocto-bounces at yoctoproject.org<mailto:yocto-bounces at yoctoproject.org>] On Behalf Of Amit Tomer
Sent: Thursday, October 03, 2013 7:05 AM
To: yocto at yoctoproject.org<mailto:yocto at yoctoproject.org>
Subject: [yocto] Fwd: OpenSSH pre login banner


---------- Forwarded message ----------
From: Amit Tomer <amittomer25 at gmail.com<mailto:amittomer25 at gmail.com>>
Date: Thu, Oct 3, 2013 at 1:50 PM
Subject: OpenSSH pre login banner
To: "yocto-request at yoctoproject.org<mailto:yocto-request at yoctoproject.org>" <yocto-request at yoctoproject.org<mailto:yocto-request at yoctoproject.org>>
I am new to OpenEmbedded Yocto and have a requirement where OpenSSH pre login banner
should come when do ssh from target board

Now I know I have to create a simple .txt file(banner) and put my banner in to it and add the following to sshd_config

Banner /etc/ssh/banner

But now  wanted to know where should I keep my banner file in yocto so that Yocto build infrastructure will pack banner file  to /etc/ssh/banner into final image.

I do have receipes for openssh in meta-xyz/recipes-connectivity/openssh  folder

Thanks
Amit








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20131003/77227755/attachment.html>

More information about the yocto mailing list