ChromeOS – removing SSH known_hosts from Chromebook

One of the things that is not implemented in the Secure Shell Chrome extension is the ability to remove know_host fingerprints which alert you if the fingerprint for a specific IP address has changed.

However there are times when you upgrade a systems and this need to be done.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
d6:be:12:7e:22:23:c3:e1:56:30:d6:cd:65:b7:ab:42.
Please contact your system administrator.
Add correct host key in /.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /.ssh/known_hosts:7
ECDSA host key for xxxxxxxxxxxxx.yyy.au has changed and you have requested strict checking.
Host key verification failed.
NaCl plugin exited with status code 255.
(R)econnect, (C)hoose another connection, or E(x)it?

Here is how to remove a known host fingerprint (from known_hosts) on a Chromebook.

You can find the index of the offending host entry reported by ssh if the connection fails (see above: “Offending ECDSA key in /.ssh/known_hosts:7”). Then you can open the JavaScript console (CTRL +Shift +J) and type the following into the console.

term_.command.removeKnownHostByIndex(INDEX);
Replace INDEX with the number obviously.

To clear all the known hosts:
term_.command.removeAllKnownHosts();

Install Ubuntu 14.04 on a Chromebook

There are plenty of sites out there that give advise on this topic, unfortunately most of them are highly ad-infested to the point of being unreadable as well as only containing single bit rather that an overall picture. This is a collection of useful links to source materials as well as steps necessary to install.

Resource Links

Crouton Github: https://github.com/dnschneid/crouton – Thank you David Schneider for the excellent work !!!
Developer Info for Chromebooks: https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices

Put Cromebook into “developer mode”

  1. Back up any data as the process wipes the system
  2. Create a restore image for Chrome OS (install the Restore Image Chrome Extension for this task)
  3. Enter Developer Mode – hold down ESC and Refresh (F3) keys and press the Power button

Download Crouton Script

Download link for installer: https://raw.githubusercontent.com/dnschneid/crouton/master/installer/crouton

Installing Crouton

CTRL+Alt+t to open Cronos Prompt + type “shell” to enter proper bash shell.

To see the list of supported releases:
sh -e ~/Downloads/crouton -r list
To see a list of the supported desktop envoironments (target names):
sh -e ~/Downloads/crouton -t help
I generally install LXDE on ‘resource-challenged’ devices.

shell
sudo sh -e ~/Downloads/crouton -r RELEASENAME -t TARGETNAME -e

The ‘-e’ at the end is optional to encrypt the chroot. Which is probably a good idea as the Chromebook in developer mode is completely open and allows any user to access. If you do not specify the Release it defaults to Ubuntu 12.04 (precise)

My default install would be:
sudo sh -e ~/Downloads/crouton -r trusty -t lxde -e

Removing Crouton

The proper way to remove the chroot environment created by Crouton is as follows

sudo delete-chroot CHROOTNAME

CHROOTNAME could be ‘precise’ or ‘trusty’ depending on the installed version and can be found by

ls /mnt/stateful_partition/crouton/chroots/

Run Ubuntu

Depending on your installed shell.
sudo startlxde

Replace with ‘startxfce4’ or ‘startkde’ or ‘startunity’ depending on your target release.

Chromebook tips to get started

Just got myself (actually it’s for our Office Manager back in OZ) one of these Chromebooks while in Europe (since Google Australia with their absolutely hopeless hardware strategy do not seem to be able to ship any devices – Nexus 4 anyone ?) .

Since the first days turned out to be a bit of a frustrating experience, I thought I share some of the findings as I had a hard time finding much useful info on troubleshooting ChromeOS.

Wireless Connection (WIFI)

Do not use WPA (or for that matter WEP) connections with ChromeOS. I had extreme difficulties browsing webpages on the Chrombook. Some pages would load, some pages would not load at all. There seemed to be no consitency to it as some would load one day, but not another. Somewhere in the Google Groups there seemed to be people reporting issues with wireless connections using WEP. It turned out that the Wireless Modem Router (Telekom Austria supplied Pirelli PBS modem) where I was staying was set to WPA encryption only by default. Once I figured out how to set the unit to WPA2 (which these days should really be the default anyway) things started to actually work consistently. Check the sections below (specially chrome://diagnostics) to see how you can find out what’s going wrong.

However to save some trouble & frustrations, before you do anything make sure your Chrombook connects using WPA2 !

Terminal

CTRL+ALT+T will launch the Chrome Shell which is a slightly odd and very cut-down command line shell. Other than a ‘ping’ utility and some debug tools there really seems to be only the ‘ssh’ command that would be very useful to connect to remote systems. Unfortunately the SSH implementation is quite unusual compared to my normal OpenSSH client.

Poking under the hood

  • Get diagnostic info: chrome://diagnostics/
  • Settings: chrome://chrome/settings/
  • Get hard-disk space: chrome://quota-internals/
  • Bandwidth used: chrome://net-internals/#bandwidth
  • Factory reset the unit: chrome://chrome/settings/factoryResetData
  • Complete listing of ‘chrome’ URL’s: chrome://chrome-urls/

Developer mode

To make some serious mods to the Chromebooks you need to boot into Developer mode. On the Samsung 303C ARM Chromebook this is achieved by holding ESC + Refresh buttons when pushing the power button to turn the unit on. Probably best left alone unless you know what you are doing.