0
0
0
s2sdefault

Article Index

At work we have a lab setup, complete with serial console access to a variety of appliances. This console access was provided through an old console server, which was FULL of problems. The biggest thing was just a lack of connectivity. Since moving, we have replaced those old console servers and denied access to the lab to most peoiple, so this setup has been rendered unnecessary. But I have an old IP Appliance sitting at home, which I have been wanting to tinker with, and it has a serial console connector, and the computer I have set up does not. So now I am revisiting the RasPi Serial Client to get it going at home, and serve as a bit of a console server (even though there is only 1 serial connection). Read on to see how I went about accomplishing this.

Please note that this is my first larger-scale How-To. So you have any suggestions/improvements, feel free to use the comments section and I will take a look.

INITIAL SETUP

Install Raspbian to an SD Card. Adafruit has an awesome starter's guide here.

Once that has been completed, take a moment to edit the config.txt file. The key thing here is to set up the correct screen resolution so that we can finish setting everything up from a direct connection to the Pi. For full optionsfor the config file, elinux has a complete breakdown here. For my purposes, I am using an old (ancient really) monitor at 1024x768. Here's the entries I have for that:

hdmi_force_hotplug=1
hdmi_drive=2
hdmi_group=2
hdmi_mode=16

Make sure youare directly connected to the Pi... Have a monitor plugged in and a keyboard and mouse, as well as your WiFi dongle. If you need to use a USB hub, plug the keyboard and mouse into the hub, leave the WiFi dongle directly connected to the Pi. For the monitor connection, I used an adapter like this from Adafruit. I also have a nice little wireless keyboard and trackpad combo for the keyboard/mouse connection. Turn on the Pi, and go through the little configuration wizard. It is very good. Make sure to expand the filesystem. Once that has been completed, reboot the Pi.

Once rebooted, get a terminal session, and run through the following commands:

First, let's update our repositories:

sudo apt-get update

Now, we install the additional softwares we'll be needing:
sudo apt-get install tightvncserver minicom wicd-curses tcpdump iceweasel iceape bind9-host dnsutils inetutils-telnet ftp vsftpd hping3 scapy

While everything in Raspbian is free, there are a few packages I want to remove to free up space (and just to get rid of them, they are entirely useless for this application):
sudo apt-get purge midori scratch dillo netsurf-common idle idle3 wolfram-engine
sudo apt-get --purge autoremove
Now that everything unwanted is removed, let's update EVERYTHING else:
sudo apt-get upgrade
Now the Pi is completely updated! You will note that I only ran the upgrade AFTER removing the unwanted apps. The reason for this is simple: I did not want to upgrade something I was just going to get rid of.

 

Next, we configure SFTP and FTP access.

SFTP Access:
sudo nano /etc/ssh/sshd_config
Change the default sftp server from:
Subsystem sftp /usr/lib/openssh/sftp-server
to
Subsystem sftp internal-sftp

SFTP Access is now granted to all users configured on the Pi. They will have access to the entire filesystem.


FTP Access:
sudo nano /etc/vsftpd.conf
Change lines: 

#local_enable=YES change to local_enable=YES

#write_enable=YES change to write_enable=YES

(Notice the lack of #, this means we are UNcommenting these lines, and making them active)

And if you want to disable anonymous access (which I strongly suggest):

anonymous_enable=YES change to anonymous_enable=NO
 

Since the Pi will be directly connected to my IP Appliance, and the single ethernet connection will also be connected to the appliance, I need to set up my WiFi connection. Here's how we do it via command line:

sudo wicd-curses

Use the up and down arrows to select your wireless network, then the right arrow to configure it.

Now on to the good stuff...


SET UP THE SERIAL CONNECTOR

First, let us copy the files we will be editing, that way, if we mess up, it a very easy revert.

sudo cp /boot/cmdline.txt /boot/cmdline.bak

sudo cp /etc/inittab /etc/inittab.bak

Edit the file cmdline.txt:

sudo nano /boot/cmdline.txt

Remove the "console=ttyAMA0,115200" and "kgdboc=ttyAMA0,115200" configuration parameters. The file probably contains this default configuration line:

dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait
 
After removing the two configuration parameters, it will look similar to this: 

dwc_otg.lpm_enable=0 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait

Save and close the file (Ctrl+X).

Next, edit the file inittab:

sudo nano /etc/inittab

Comment out the last line that contains "ttyAMA0"

***SAMPLE CODE***

Save and close the file (Ctrl+X).

And this takes care of the configuration changes needed for this. Next, we get down and dirty with hardware.


Now we're into the hardware part. Comically enough, this is likely the easiest part of the wholoe deal. This is a fabulous way to get your hands dirty with some basic hardware "hacking" if you have never done so before.

First, you need an "RS232 to TTL Converter", or a "DB9 Level Shifter". You can pick one up at SparkFun for a not-too-ungodly-price. But myself, I picked one up on eBay like this for a much cheaper price. The one I got even came with a cable with the appropriate connectors. It came from China so it took FOREVER to get here, but it was much MUCH cheaper.

Once you have it, connect the DB9 level shifter as per the image below:

raspi rs232 schematic2

Next, connect the serial port to a device (I tested with and IP260 in my lab).

You can now connect with the following command:

minicom -b 9600 -D /dev/ttyAMA0

or, once the aliases have been changed:

serial

 

The last thing I wanted to do was to create a secure VNC Connection. This is the last application that we installed earlier to be configured. A VNC Connection would allow me to connect to the Pi's desktop, and open GUI applications like a Web Browser. Granted, the initial reason for this setup was to simply get a Serial connection, which has been accomplished. But on the overall scale, I needed to be able to configure the device I was connected to via Serial. In my case, this was a Nokia IP260 (ancient by now). Once the initial installs have been completed via the serial connection, I then need some kind of Web Browser to be able to then finish configuring the device. Fortunately, the built-in Ethernet adapter on the Pi is the PERFECT solution for this. In the end, this would give me a Pi that I can (theoritically) send into any lab, and directly connect via both serial AND ethernet.

By default, TightVNC does not encrypt the VNC connection. Since I'm a Security Engineer, we can't have that... We need to secure it somehow. I am sure there are other ways of doing this, and if you know of one, please put it in the comments. In short though, I was not able to find a way to encrypt the VNC connection itself. So rather than keep trying to beat THAT dea horse, I decided to use the SSH session as the encryption, and tunnel the VNC connection through that. Here's how it's done:

On the Pi, run the following command:

vncserver -localhost :1
or, once the aliases have been changed:
vnc

And that is all to be done on the Pi.

The next part needs to be done on the Client PC you are connecting to the Pi with. Since my Corporate run Windows (ewww...), I needed to set this up with that. For the SSH Session, I used the most popular SSH Client, PuTTY; for the VNC Session, I used the freely available VNCViewer. Here's the configuration changes needed to make this work.

In PuTTY, on the right-hand side, go to Connection -> SSH -> Tunnels

Fill in the following details:

Source Port: 5901
Destination: localhost:5901

Click the Add button. Now, connect to the Pi with a new SSH session, and run the VNC command noted above.

Now, open VNCViewer (KEEP PUTTY OPEN), and connect to 127.0.0.1:1 . Use the password you configured when you ran the tightvncserver command, and voila, you are connected!

Lastly, here is how to add the command aliases to make life a little easier.

On the Pi, run the following command:

sudo nano ~/.bash_aliases

Add the following lines:

alias serial='minicom -b 9600 -D /dev/ttyAMA0'

alias vnc='vncserver -localhost :1'

Ctrl+X to exit, press y and enter to save the file. The command aliases will only take effect on the next boot.

 

And there you have it. A nice Raspberry Pi, ready to be a Serial client. Please use the comments and let me know what you think!

Enjoy!

 

Add comment


Security code
Refresh

0
0
0
s2sdefault