Hardware boxes
A hardware box is a computer (a server or industrial PC), installed by Bohemia Automation engineers.
Contents
System information and access
The system information and access is provided by the box vendor.
Common conditions:
All boxes are configured with a dynamic IP address (DHCP) by default.
SSH root access is enabled by default.
Remote assistance keys are placed into /root/.ssh/authorized_keys.
Remote assistance VPN
All boxes are automatically connected to Bohemia Automation remote assistance VPN. Support engineers can access customer boxes via VPN+SSH.
To disable the remote assistance VPN, execute the following:
systemctl disable openvpn@bma
systemctl stop openvpn@bma
Optionally, remove the remote assistance keys from /root/.ssh/authorized_keys.
To enable the remote assistance VPN, execute the following:
systemctl enable openvpn@bma
systemctl start openvpn@bma
If the remote assistance keys have been removed, contact Bohemia Automation support for details.
Headless configuration
If there are problems accessing a box via SSH, additional system configuration can be performed using a script. The script should be placed on the box memory card. If the box has no memory card, the script can be placed on a USB stick.
The script must be named box-configure and placed in the root directory of the storage device. The script is executed with bash and with root privileges during the system boot.
After the script is placed on the storage device, the box must be rebooted.
Note
It is highly recommended to have UNIX line endings in the script.
The script has got the following current directory at launch:
for memory card: depends on the box model, for Raspberry Pi-based boxes: /boot/firmware
for USB stick: /mnt/usbflash
Configuring static IP address
Place the following script named box-configure on the storage device:
cat <<EOF > /etc/systemd/network/eth0.network
[Match]
Name=eth0
[Network]
Address=192.168.1.2/24
Gateway=192.168.1.1
DNS=192.168.1.1
EOF
systemctl restart systemd-networkd
Replace the IP address, gateway, and DNS with the actual values. Make sure the network interface name is correct.
Configuring dynamic IP address
Place the following script named box-configure on the storage device:
cat <<EOF > /etc/systemd/network/eth0.network
[Match]
Name=eth0
[Network]
DHCP=yes
MulticastDNS=yes
LinkLocalAddressing=fallback
[DHCPv4]
ClientIdentifier=mac
UseHostname=no
EOF
systemctl restart systemd-networkd
Make sure the network interface name is correct.
Enabling root access for own keys
By default SSH access is enabled for Bohemia Automation support engineers only. To enable SSH access for your own keys, place the following script named box-configure on the storage device:
cat <<EOF >> /root/.ssh/authorized_keys
your-ssh-public-key-here
EOF
Disabling execution from a USB stick
Script execution from USB may be insecure in certain configurations. To disable it, execute the following:
systemctl disable box-configure-usb