» Simple Elegant Web.Site «

Setting up SSH certificates

Second part of this mess... Hope it get's cleaner with time.

Status:working on it Role: Student Period: 2025
Raspberry PiAlpine LinuxopensshNot Arch 😟

Initial Setup

As always… I have some tasks, I have an easy way to do them… but wtf… I’ll just learn about images ARM processors and stuff… so I can do it the hard way. Also some stuff on ssh certificates that I wanted to learn previouwsly.

detecting device my microSD:

 sudo dmesg | tail 
...
[ 2464.746382] mmc0: cannot verify signal voltage switch
[ 2465.181955] mmc0: error -110 whilst initialising SD card
[ 2465.616458] mmc0: cannot verify signal voltage switch
[ 2466.048619] mmc0: error -110 whilst initialising SD card
[ 2466.482980] mmc0: cannot verify signal voltage switch

cleaned with my tshirt the microSD:

 sudo dmesg | tail 
...
[ 2532.471558] mmc0: new ultra high speed SDR104 SDXC card at address 0001
[ 2532.472358] mmcblk0: mmc0:0001 SD64G 58.2 GiB
[ 2532.475012]  mmcblk0: p1 p2

nice 😼

I wanted to use arch, but because it’s not supported on rp zero w, I was like: ChatGPT I have a problem and you are really good with solutions soooo…:

Disclaimer: From this point on, I will document the steps that finally worked for me to install Linux on my devices—after struggling for hours over more days than I care to admit. ChatGPT led me down deep dives into numerous topics that, because I was exhausted, I didn’t take the time to really understand—and I almost gave up. Here’s what I learned from my mistakes and from blindly following an over-engineered Markov chain style text generator:

  1. Architecture: The CPU’s fundamental “language” that defines how instructions, registers, and memory operations work —ARMv6 (32-bit, smple pipeline), ARMv8-A (aarch64, true 64-bit with more registers and SIMD), and x86_64 (complex CISC 64-bit); software must match its CPU’s architecture to run correctly.
  2. Partition & FAT32: A single FAT32 partition serves as a universally readable boot volume for the PI’s firmware, which loads kernel and initramfs (temporary filesystem for booting) directly from it.
  3. USB Gadget Mode: The dwc2 overlay reconfigures the PI’s on-board DesignWare USB controller to peripheral mode, letting the kernel load gadget drivers like g_ether (virtual network interface) or g_serial (virtual serial port) for USB on-the-go functionality.
  4. Diagnostics & Boot Chain: From GPU firmware to kernel logs, tools like dmesg, lsblk, and ip a reveal firmware loading, driver initialization, and USB enumeration health.

Maybe more things, but for now… let’s just finish the initial config.

Alpine over Arch

After all of my struggles, I found myself with the official community edition rasperberry pi imager, which had no option for arch linux on the default settings, but did have alpine linux. Read a little bit of this distribution on the AI summary generated by DuckDuckGo, and made complete sense to me, so I went with it.

DuckDuckGo summary on Alpine Linux

Installation was simple, just ran sudo -E rpi-imager selected Alpine Linux 64, a couple of continue clicks later, and boom, I had alpine linux installed on my rp, followed a repo referenced on the official wiki on headless configuration and I had life proof that it was working 😊.

Proof of connection to my phones WiFi

setup-alpine

With the command:

sudo cu -l ttyACM0

I was able to open a serial-line connection to the divice at /dev/ttyACM0, which represents a serial communication port.

A serial-line connection is a method of trasferring data one bit at a time over a single communication, line, allowing my laptop to send commands and receive output from the connected device through my terminal interface.

~ on ☁️   
 sudo cu -l ttyACM0
[sudo] password for cbr4l0k: 
Connected.
###################################
Using following network interfaces:
auto lo
iface lo inet loopback

auto usb0
iface usb0 inet static
    address 10.42.0.2/24
    gateway 10.42.0.1

auto wlan0
iface wlan0 inet dhcp

###################################
headless_bootstrap: Configuring wifi...
(1/6) Installing dbus-libs (1.16.2-r1)
(2/6) Installing libnl3 (3.11.0-r0)
(3/6) Installing pcsc-lite-libs (2.3.3-r0)
(4/6) Installing wpa_supplicant (2.11-r2)
(5/6) Installing wpa_supplicant-openrc (2.11-r2)
(6/6) Installing ifupdown-ng-wifi (0.12.1-r7)
Executing busybox-1.37.0-r19.trigger
OK: 19 MiB in 34 packages
 * /var/run/wpa_supplicant: creating directory
 * Starting WPA Supplicant ...                                              [ ok ]
 * Starting networking ...
 *   lo ...                                                                 [ ok ]
 *   usb0 ...                                                               [ ok ]
 *   wlan0 ...
udhcpc: started, v1.37.0
udhcpc: broadcasting discover
udhcpc: broadcasting select for 10.17.140.244, server 10.17.140.95
udhcpc: lease of 10.17.140.244 obtained from 10.17.140.95, lease time 3599  [ ok ]
(1/4) Installing openssh-keygen (10.0_p1-r9)
(2/4) Installing openssh-server-common (10.0_p1-r9)
(3/4) Installing openssh-server-common-openrc (10.0_p1-r9)
(4/4) Installing openssh-server (10.0_p1-r9)
Executing busybox-1.37.0-r19.trigger
OK: 21 MiB in 38 packages
headless_bootstrap: No SSH authentication.
headless_bootstrap: Using bundled ssh keys from RAM...
 * Caching service dependencies ...                                         [ ok ]
 * Clock skew detected with 'sshd'
 * Adjusting mtime of '/run/openrc/deptree' to Thu Sep 25 10:14:34 2025
 * Starting sshd ...                                                        [ ok ]
headless_bootstrap: Initial setup done, handing-over to clean-up
 * Starting Headless cleanup ...                                            [ ok ]
headless_cleanup: Cleaning-up...
(1/4) Purging openssh-server (10.0_p1-r9)
(2/4) Purging openssh-keygen (10.0_p1-r9)
(3/4) Purging openssh-server-common-openrc (10.0_p1-r9)
(4/4) Purging openssh-server-common (10.0_p1-r9)
Executing busybox-1.37.0-r19.trigger
OK: 19 MiB in 34 packages
(1/6) Purging ifupdown-ng-wifi (0.12.1-r7)
(2/6) Purging wpa_supplicant-openrc (2.11-r2)
(3/6) Purging wpa_supplicant (2.11-r2)
(4/6) Purging libnl3 (3.11.0-r0)
(5/6) Purging pcsc-lite-libs (2.3.3-r0)
(6/6) Purging dbus-libs (1.16.2-r1)
Executing busybox-1.37.0-r19.trigger
OK: 13 MiB in 28 packages
headless_cleanup: Clean-up done, enjoy !

Alpine Linux headless bootstrap v1.4 by macmpi

You may want to delete/rename .apkovl file before reboot (remount partition rw!):
/media/mmcblk0/headless.apkovl.tar.gz
(can be done automatically with unattended script - see sample snippet)



Welcome to Alpine Linux 3.22
Kernel 6.12.51-0-rpi on aarch64 (/dev/ttyGS0)

alpine-headless login: headless_bootstrap: Internet access: failed
headless_bootstra
Password: 
Login incorrect
alpine-headless login: root
Welcome to Alpine!

The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
See <https://wiki.alpinelinux.org/>.

You can setup the system with the command: setup-alpine

You may change this message by editing /etc/motd.

alpine-headless:~# pwd
/root

Now is time —like the section’s title— to run setup-alpine and finish the initial configuration of the system.

Running setup-alpine guided me through configuring the system: connecting to Wi-Fi via my phone’s hotspot, setting the timezone, enabling SSH, and preparing the SD card for installation. However, the process failed to download some core packages due to unreachable repositories, leaving the setup incomplete but confirming that the Pi, network, and serial interface were all functioning correctly.