Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 2 Apr 2017 13:14:40 +0200
From:      Fabian Keil <freebsd-listen@fabiankeil.de>
To:        freebsd-hackers@freebsd.org
Subject:   Re: at home server without screen blocked by bad ipfw conf -- live boot usb with sshd
Message-ID:  <20170402130647.2f063868@fabiankeil.de>
In-Reply-To: <1491049373.5625.1.camel@ovh.fr>
References:  <1491049373.5625.1.camel@ovh.fr>
next in thread | previous in thread | raw e-mail | index | archive | help 
--Sig_/6UbptWHF7g4Y_A0Jm38QqCu
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Orka Edison <orka.edison@ovh.fr> wrote:

> i brink my at home by a bad ipfw.rules...
>=20
> how can i cr=C3=A9ate an usb boot key with sshd for access to my server ?
> with an fixed IP and tools-box for repair my machine.

I use a script to adjust the UFS partition on an image
created by the "memstick" target after it has been copied
to the USB stick.

The relevant script content:

    set -e -x
    mount "${device}" /mnt/
    [...]
    mkdir -p /mnt/root/.ssh
    echo 'ssh-ed25519 [...]' > /mnt/root/.ssh/authorized_keys
    chmod -R go-rwx /mnt/root/.ssh
    echo 'PermitRootLogin yes' >> /mnt/etc/ssh/sshd_config
    echo 'ifconfig_re0=3D192.168.5.48' >> /mnt/etc/rc.conf
    echo 'sshd_enable=3D"YES"' >> /mnt/etc/rc.conf
    sed -e 's@ro,@rw,@' -i.bak /mnt/etc/fstab
    cat /mnt/etc/fstab
    umount /mnt

You'll have to add your own public ssh key, adjust the rc.conf
modification and maybe add a default router if needed.

If you simply messed up the ipfw rules the memstick image
should contain everything you need to fix it.

If you are in a hurry and don't mind using unreproducible binaries
built by third parties you could download a memstick image from
freebsd.org instead of building it yourself.

Fabian

--Sig_/6UbptWHF7g4Y_A0Jm38QqCu
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTKUNd6H/m3+ByGULIFiohV/3dUnQUCWODdIAAKCRAFiohV/3dU
nSKGAJ9LlfcbYnwUTHyzjWn4q36I5WK+GACgmpMqT9YysrCbIQCH5Rtomab7K9A=
=1veK
-----END PGP SIGNATURE-----

--Sig_/6UbptWHF7g4Y_A0Jm38QqCu--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170402130647.2f063868>