5. Software
-----------

OS & Firmware
~~~~~~~~~~~~~

- Custom **Yocto Linux** distribution  
- RF drivers, device management, and mesh stack  
- Signed OTA updates for secure delivery  

Networking stack
~~~~~~~~~~~~~~~~

Designed for decentralised, encrypted mesh operation.  

Applications & development
~~~~~~~~~~~~~~~~~~~~~~~~~~

- Android app (chat, audio calls)  
  Latest: `Download APK <https://beechat.network/wp-content/uploads/kaonic-app/kaonic-app-0916.apk>`_
- Open APIs for developers  

Accessing the Kaonic Yocto Linux
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Via SSH
^^^^^^^

This guide explains how to access the internal Yocto-based Linux system running on your Kaonic 1S unit using SSH.

SSH access is intended for advanced users who wish to inspect logs, run diagnostics, or perform system-level configuration.

Prerequisites
"""""""""""""

Before you begin, make sure you have:

- A Kaonic unit powered on and broadcasting its Wi-Fi network
- A laptop or PC with Wi-Fi capability
- An SSH client installed:

  - Windows: built-in ssh command in terminal
  - macOS / Linux: built-in ssh command in terminal

Connect to the Kaonic Wi-Fi Network
""""""""""""""""""""""""""""""""""""

1. Power on the Kaonic unit.

   - Wait approximately 8–10 seconds for it to boot.
   - The green LED will begin blinking when ready.

2. On your laptop, open the list of available Wi-Fi networks and connect to:

   **Kaonic-XXXX** (where XXXX are the last digits of the device ID)

Access the Kaonic via SSH
""""""""""""""""""""""""""

Open your SSH client and connect to the device using:

.. code-block:: bash

   ssh root@192.168.10.1

If prompted for a password, enter **root**

Useful Commands
"""""""""""""""

+----------------------+------------------------------------------+
| Command              | Description                              |
+======================+==========================================+
| ``uname -a``         | Display kernel and Yocto version         |
+----------------------+------------------------------------------+
| ``df -h``            | Show available storage                   |
+----------------------+------------------------------------------+
| ``ifconfig`` or      | View network interfaces                  |
| ``ip a``             |                                          |
+----------------------+------------------------------------------+
| ``systemctl status`` | Check running system services            |
+----------------------+------------------------------------------+
| ``journalctl -u``    | View logs for a specific service         |
| ``<service>``        |                                          |
+----------------------+------------------------------------------+

Disabling SSH access
~~~~~~~~~~~~~~~~~~~~

SSH access is provided on the Kaonic board to allow developers to log in, customise firmware, and perform system diagnostics.

Once your configuration and testing are complete, you may wish to disable SSH to protect your custom firmware and prevent end-user access to the underlying Yocto Linux system.

When to Disable SSH
^^^^^^^^^^^^^^^^^^^

You should disable SSH before distributing or shipping your customised units, especially if:

- Your end-users do not require system-level access
- You want to protect proprietary software or configurations
- You are preparing the device for a secure production environment

Disable the SSH Service
^^^^^^^^^^^^^^^^^^^^^^^

To disable SSH on your Kaonic board:

1. Log in to the device via SSH:

   .. code-block:: bash

      ssh root@192.168.10.1

2. Disable and stop the SSH service:

   .. code-block:: bash

      systemctl disable sshd
      systemctl stop sshd

This will immediately stop SSH access and prevent it from starting on the next boot.

Verify SSH Is Disabled
^^^^^^^^^^^^^^^^^^^^^^

You can confirm that the service is inactive with:

.. code-block:: bash

   systemctl status sshd

Expected result:

.. code-block:: text

   Loaded: disabled
   Active: inactive (dead)

Permanent SSH Disable (Advanced)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The steps below are intended for integrators who wish to make SSH permanently inaccessible to end-users. This will ensure that the Yocto system cannot be modified, and that firmware integrity is maintained.

Once these steps are performed, SSH access cannot be restored without re-flashing the firmware or rebuilding the image.

Option A — Remove the SSH Service Completely
"""""""""""""""""""""""""""""""""""""""""""""

1. Log in to the device:

   .. code-block:: bash

      ssh root@192.168.10.1

2. Remove the OpenSSH server package:

   .. code-block:: bash

      opkg remove openssh

3. Confirm that the sshd binary has been removed:

   .. code-block:: bash

      which sshd
      # (Should return no result)

4. Reboot the device:

   .. code-block:: bash

      reboot

After reboot, SSH will no longer be available.

Users attempting to connect will see "Connection refused".

Option B — Lock the Configuration Files
""""""""""""""""""""""""""""""""""""""""

1. Disable and stop the SSH service:

   .. code-block:: bash

      systemctl disable sshd
      systemctl stop sshd

2. Remove executable permission from the SSH daemon:

   .. code-block:: bash

      chmod 000 /usr/sbin/sshd

3. Make SSH configuration directory read-only:

   .. code-block:: bash

      chmod -R 000 /etc/ssh

This prevents the SSH daemon from running or being modified.

Alternative Access
^^^^^^^^^^^^^^^^^^

For factory or developer diagnostics, serial console access remains available via the debug UART header. This allows re-flashing or recovery if SSH is disabled.