Date: Thu, 12 Mar 2020 11:29:16 -0700 (PDT) From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> To: Ruben <mail@osfux.nl> Cc: Ben RUBSON <ben.rubson@gmx.com>, freebsd-hackers@freebsd.org Subject: Re: Allow to run SSHd in Installer (12.2 patch) Message-ID: <202003121829.02CITGjQ075689@gndrsh.dnsmgr.net> In-Reply-To: <f9dac1b0-ec6a-3487-6a37-27d77245a60e@osfux.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
I have been starting sshd from install media since 5.4 or so, here is my current method that should work on 11, 12 and 13: # This version for FreeBSD 11.0R, works for 12.0 too mkdir /tmp/ssh cp -p /etc/ssh/sshd_config /tmp/ssh echo 'PermitRootLogin yes' >> /tmp/ssh/sshd_config echo 'AllowGroups wheel' >> /tmp/ssh/sshd_config echo 'PermitEmptyPasswords yes' >> /tmp/ssh/sshd_config echo 'HostKey /tmp/ssh/ssh_host_rsa_key' >> /tmp/ssh/sshd_config echo 'HostKey /tmp/ssh/ssh_host_dsa_key' >> /tmp/ssh/sshd_config echo 'UsePAM no' >> /tmp/ssh/sshd_config echo 'PasswordAuthentication yes' >> /tmp/ssh/sshd_config ssh-keygen -t rsa -f /tmp/ssh/ssh_host_rsa_key -N '' ssh-keygen -t dsa -f /tmp/ssh/ssh_host_dsa_key -N '' /usr/sbin/sshd -f /tmp/ssh/sshd_config For those that "need" this feature today :-) Just drop to a shell after booting from install media, run the above commands, and you can get in. BEWARE, passwordless root login enabled! > Hi Ben, > > I'm not a FreeBSD developer (so not your targeted audience) but would > very much like to see this land in a release! > > Kind regards, > > Ruben > > On 3/10/20 4:07 PM, Ben RUBSON wrote: > >> On 2 Mar 2020, at 13:09, Ben RUBSON <ben.rubson@gmx.com> wrote: > >> > >> Hi, > >> > >> I've done some work to allow to connect to FreeBSD installer through SSH. > >> It can be useful for example if we have specific tasks to perform before installation, such as disks configuration etc... > >> Working through a SSH connection is much more convenient than in front of a console. > >> FreeBSD installer can then also be used as a rescue disk. > >> > >> To achieve this, I've modified FreeBSD installer, so that after having installed SSHd, if performs following configuration modifications : > >> - generate host keys into /var/ssh (as default /etc/ssh is not writable) ; > >> - only allow keys authentication ; > >> - allow root authentication ; > >> - read authorized_keys file from /var/ssh (as default homedirs are not writable). > >> > >> SSHd can then be started thanks to the installer shell : service sshd start > >> And a public key put into for example /var/ssh-keys/root/authorized_keys, thanks to fetch or whatever. > >> > >> Work is here : > >> https://github.com/freebsd/freebsd/pull/156 > >> Rather simple, and ready to be merged. > >> > >> This job is more than 2 years old, I would then really be glad if we could see this in 12.2 installation ISOs. > >> It would prevent me from having to modify the new ISO files to implement this patch. > > > > Any thoughts ? :) > > > > Thank you very much ! > > > > Ben > > > > _______________________________________________ > > freebsd-hackers@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003121829.02CITGjQ075689>