Date: Mon, 16 Mar 2020 10:46:38 +0100 From: Ben RUBSON <ben.rubson@gmx.com> To: freebsd-hackers@freebsd.org Subject: Re: Allow to run SSHd in Installer (12.2 patch) Message-ID: <A3E1BDAF-E1F2-4D9B-B153-2BB2DEA6B482@gmx.com> In-Reply-To: <202003121829.02CITGjQ075689@gndrsh.dnsmgr.net> References: <202003121829.02CITGjQ075689@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you Ruben & Rodney for your interest into this. Of course your solution works Rodney but is not really convenient trough a remote console. What my patch tends to fix :) Fingers crossed ! Ben > On 12 Mar 2020, at 19:29, Rodney W. Grimes <freebsd-rwg@gndrsh.dnsmgr.net> wrote: > > I have been starting sshd from install media since 5.4 or so, > here is my current method that should work on 11, 12 and 13: > > # This version for FreeBSD 11.0R, works for 12.0 too > > mkdir /tmp/ssh > cp -p /etc/ssh/sshd_config /tmp/ssh > echo 'PermitRootLogin yes' >> /tmp/ssh/sshd_config > echo 'AllowGroups wheel' >> /tmp/ssh/sshd_config > echo 'PermitEmptyPasswords yes' >> /tmp/ssh/sshd_config > echo 'HostKey /tmp/ssh/ssh_host_rsa_key' >> /tmp/ssh/sshd_config > echo 'HostKey /tmp/ssh/ssh_host_dsa_key' >> /tmp/ssh/sshd_config > echo 'UsePAM no' >> /tmp/ssh/sshd_config > echo 'PasswordAuthentication yes' >> /tmp/ssh/sshd_config > > ssh-keygen -t rsa -f /tmp/ssh/ssh_host_rsa_key -N '' > ssh-keygen -t dsa -f /tmp/ssh/ssh_host_dsa_key -N '' > > /usr/sbin/sshd -f /tmp/ssh/sshd_config > > For those that "need" this feature today :-) Just drop to > a shell after booting from install media, run the above > commands, and you can get in. BEWARE, passwordless root login enabled! > >> Hi Ben, >> >> I'm not a FreeBSD developer (so not your targeted audience) but would >> very much like to see this land in a release! >> >> Kind regards, >> >> Ruben >> >> On 3/10/20 4:07 PM, Ben RUBSON wrote: >> >>>> On 2 Mar 2020, at 13:09, Ben RUBSON <ben.rubson@gmx.com> wrote: >>>> >>>> Hi, >>>> >>>> I've done some work to allow to connect to FreeBSD installer through SSH. >>>> It can be useful for example if we have specific tasks to perform before installation, such as disks configuration etc... >>>> Working through a SSH connection is much more convenient than in front of a console. >>>> FreeBSD installer can then also be used as a rescue disk. >>>> >>>> To achieve this, I've modified FreeBSD installer, so that after having installed SSHd, if performs following configuration modifications : >>>> - generate host keys into /var/ssh (as default /etc/ssh is not writable) ; >>>> - only allow keys authentication ; >>>> - allow root authentication ; >>>> - read authorized_keys file from /var/ssh (as default homedirs are not writable). >>>> >>>> SSHd can then be started thanks to the installer shell : service sshd start >>>> And a public key put into for example /var/ssh-keys/root/authorized_keys, thanks to fetch or whatever. >>>> >>>> Work is here : >>>> https://github.com/freebsd/freebsd/pull/156 >>>> Rather simple, and ready to be merged. >>>> >>>> This job is more than 2 years old, I would then really be glad if we could see this in 12.2 installation ISOs. >>>> It would prevent me from having to modify the new ISO files to implement this patch. >>> >>> Any thoughts ? :) >>> >>> Thank you very much ! >>> >>> Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A3E1BDAF-E1F2-4D9B-B153-2BB2DEA6B482>