Chromebook fun: SSH, Crouton, and ALARM

5 minute read Published:

Doing things with an ARM Chromebook including SSHing to my desktop, installing Ubuntu with Crouton, and installing native Arch ARM on an SD card

The Asus C100P Chromebook Flip is a dirt cheap ARM-powered Chromebook. Light, good battery life, weak specs.

SSH to desktop

Setting up sshd on desktop

My goal was to make sshd as secure as possible. Here are the steps to install and configure sshd:

$ sudo dnf install -y openssh

Modifications to /etc/ssh/sshd_config:

PermitRootLogin no
AuthorizedKeysFile      %h/.ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

With these settings, the only way way you can log in to this machine via SSH is with an ssh key.

Port forwarding from your router

Configured on my D-Link router’s configuration page:

I chose to forward my computer’s default sshd port 22 to port 222 to attempt “security by obscurity”.

Generating the key

ChromeOS is limited so you can generate the key from your home computer. Run the following commands:

cd ~/.ssh
mkdir chromebook
cd chromebook/
ssh-keygen -t rsa #enter a password for maximal security and pick a file name/location - I picked ./new_key
cat new_key.pub >> ~/.ssh/authorized_keys
chmod 0600 authorized_keys

Share the 2 key files to your Chromebook with Google Drive (or whatever you want to use).

Setting up Secure Shell

First install Secure Shell on your Chromebook. Then, when setting up a new connection, use your settings (username, public IP, port you forwarded) and import your key from the Secure Shell identity import button (be sure to select both public and private keys, e.g. my_key and my_key.pub) when importing.

Troubleshooting

You can test your key from the computer where you generated it, by trying to ssh to itself.

Example:

$ ssh sevag@localhost
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
$

In this snippet I’m denied access because I haven’t entered my SSH key (with command line switch -i path-to-key).

Testing if you’re exposed to the internet

Find out your IP (http://lmgtfy.com/?q=my+ip), and then with telnet try to connect to port 222 (or whichever port you forwarded from your router):

$ telnet
$ telnet mypublicip 222
Connected to mypublicip.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.9

Crouton and Ubuntu

Crouton is a tool to get Ubuntu running on the ChromeOS’s Linux kernel in a chroot.

Xorg and xiwi

Reading about Crouton, you’ll sometimes hear mention of Xiwi. Xiwi is “X in a window”. With the Chrome extension “crouton integration”, Xiwi allows Xorg programs to be launched as Chrome tabs (fullscreenable):

Installing crouton with i3 and xiwi

The official crouton instructions contain all the info you may need (crouton project).

First things first, you need to developer unlock your Chromebook - I won’t cover that.

The command I ran to install crouton was:

$ sudo sh crouton -r trusty -t x11,xiwi

Here are the i3 instructions: crouton i3.

Crosh startup scripts

I set up the following scripts in Crosh (Chrome Shell?) to make it easier to go in and out of my crouton Ubuntu chroots:

chronos@localhost / $ cat /usr/local/bin/start-ubuntu-xorg.sh 
sudo enter-chroot exec env XMETHOD=xorg xinit
chronos@localhost / $ cat /usr/local/bin/start-ubuntu-xiwi.sh 
sudo enter-chroot exec env XMETHOD=xiwi xinit

Also, in my Ubuntu chroot I have:

(trusty)sevag-chromeos@localhost:~$ cat ~/.xinitrc 
exec i3

I prefer using the Xiwi script most of the time because I can use the ChromeOS chrome browser simultaneously.

i3 battery status

If you intend on using the Xorg script to run Linux fullscreen, you won’t have access to the Chromebook battery status bar (not unless you exit i3 with $mod+shift+e).

Add this to your ~/.i3status.conf file to get battery status:

battery 0 {
    format = "%status %percentage %remaining (%consumption)"
    path = "/sys/class/power_supply/bq27500-0/uevent"
    low_threshold = "30"
    threshold_type = "time"
    last_full_capacity = true
    integer_battery_capacity = true
}

In the case of my Asus Chromebook Flip C100P, the device bq27500 is my battery device but it may be different for your Chromebook so do some digging in /sys/class/power_supply first.

Native Arch Linux on an SD card

Installing Arch Linux natively on your Chromebook can give you a native (underpowered) development machine with all the ARM Chromebook portability advantages (aluminum build quality depending on the model you own, great battery life, passive cooling, etc.)

I followed the following 3 guides to get Arch installed on my Asus C100P Chromebook Flip:

I bought a 64GB SDXC card and followed the linuxveda guide word for word (link 2).

Graphical environment

The only caveat of the linuxveda guide is that it states that you can get gdm/gnome 3 working but its very slow.

In my experience, gdm/gnome 3 are both very unstable on the ALARM (Arch Linux ARM) installation on the C100P. Additionally, after installing X, the startx script never worked for me.

Upon reading the third link (kmkeen), they mention that they could never get startx working on the C100P, and that they had to use sddm (which is what the linuxveda guide teaches you to install anyway).

The final graphical stack you get after the linuxveda tutorial is MATE running on sddm.

Here’s the result of the installation:

Basic Pacman commands

As a long time Fedora user, the biggest learning curve for me to start using Arch correctly was learning some basic Pacman commands:

$ sudo pacman -Syy ; sudo pacman -Syu

This updates your Pacman repositories and packages. Once in a while I would get 404 errors when trying to install some packages, until I learned that the Pacman repos change so often that its essential to run this command regularly.

Searching for a package:

$ sudo pacman -Ss <package_name>

Installing a package:

$ sudo pacman -S <package_name>

Removing a package:

$ sudo pacman -Rscn <package_name>

Wifi setup

Arch comes with a tool called wifi-menu:

$ sudo wifi-menu

To persist a network on boot, run the following:

$ sudo wifi-menu -o #store network configuration
$ sudo cat /etc/netctl/wlan0-* #check if your ssid config was saved
$ sudo systemctl enable netctl-auto@wlan0.service

Conclusion

If you’re displeased with the crouton solution and prefer something more native, but don’t want to get too involved with bootloaders, etc. (not even sure if there’s a Seabios-like tool for ARM Chromebooks yet), the ALARM-on-SD-card solution is easy to install.

I even got native Docker running (but it can only use ARM images because it’s an ARM kernel - subjet for a different post).

Enjoy your insane battery life, decently-powered, and very portable dev machine. It’s like a baby $300 Macbook Pro. Or not. I like it anyway.