From owner-freebsd-hackers@freebsd.org Mon Mar 2 12:09:53 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 631061AC8FB for ; Mon, 2 Mar 2020 12:09:53 +0000 (UTC) (envelope-from ben.rubson@gmx.com) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48WJqM06jbz4GwY for ; Mon, 2 Mar 2020 12:09:50 +0000 (UTC) (envelope-from ben.rubson@gmx.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1583150988; bh=HyRL5/XhKoohaKdCYKh3kvjs0mHdBI4zxhVGi3KgyyI=; h=X-UI-Sender-Class:From:Subject:Date:To; b=RfXhphtwuy/oFBlqbUnA0VmOARImTx3yPPForaGuuk9Z7BgOhXz3hB3CLB0kf0IaS POlDefFPnjw37iCJgGPs67reWwElp9uONYOweHlMCLq4FLLEsbL6CDkQVwdmUwxMSt RRqBrsGekSsJLfBqpJgUCTa9YypPma9rJYs/3r8k= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.0.101] ([82.64.198.151]) by mail.gmx.com (mrgmx104 [212.227.17.174]) with ESMTPSA (Nemesis) id 1MAfUe-1jFJTQ1VJQ-00B7EI for ; Mon, 02 Mar 2020 13:09:48 +0100 From: Ben RUBSON Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\)) Subject: Allow to run SSHd in Installer (12.2 patch) Message-Id: <2352A2A0-999C-453F-92A1-D067E4C05712@gmx.com> Date: Mon, 2 Mar 2020 13:09:47 +0100 To: freebsd-hackers@freebsd.org X-Mailer: Apple Mail (2.3608.60.0.2.5) X-Provags-ID: V03:K1:xFdvcDSk0b9jnv5hKcog6Qd/Iv75PVMfGiPa3XzjSkpPfJvMgXK uVd+pdbgcLbsfljkVJXecNhU+04DchryE4qaR3Qj7NXgNM47Fyge6oVE9CxoIBBfWEg4Gmh qE56Ob69tt9snTZi6Nxv3UJ46FswrTGIq3yc/BLCgJUqJrF0z8fCRfltumMD5LHGnJckTnW T993Caraq521xkpj9NWVw== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:oe3E7M4vE+Y=:RdN6FMdjIoQR+vWx3Pb1+l heQbw5a8DTZnAruZT7Ppl9/ppS6oqJFxJGvdwl4A96jT9NV6cocBCmRCwJJ/iIuAMWAMjKs9i GNY3HHfNX7saI7Yk0C3DAXv+SbVV/lMqGqdx/p5z4e1FsW5cLUoDHvMIHmpgaBjChLiytC58h B2W2wzriXLr0nm+A5f03gKyqeJ4HYfeY2wBWuAv4uRdA+S8NEaYIcXziNiE3FWOZI2akYrwRU g8F28BAuf5wUnm9LJaEC52jxwJEZnPVmlnzOp9KNbDbuNOQUcyZKHo6R5ux5CS33MuDK2f/4i YwLbjfWpiXCbJW1mTKqhUZtDOFoM44frg2gZHPqaT+8E6fdtX4Ite/nQnRf8Bwe47v339cRvF 1bGAjMX6oO8AMpMo+dWviLkQaUcv1wbCcZaU4oHI+x1W2cuGzEfvGD65t+vtM6O0oLkOHiv/D QucKL89rMt5SHHJqqTG2tblMUOfm2g6UzlBFub1u7l9TwhAiCkDzb3zFlwDWsJ3vHBG9IZUTn naxniqHH0GQq+FHaa7ytOJy0pwJLITsfSf9Bb7cJhcXaV1aM8ey/luKKMoczcDxWmypjwnUDl Rci02gT+DfPAR0oiJLQJ/IpGRDSGUwZwNXYZDadH19o+IhWTXtgb40KUhkqQRQIzrQMuEU9ms l17Eu9KM0l2LRXj7lYx5Zx7eZ3L8q1nHQuxBetQMyxDJkwpXiVRVyY5Qgugm0OaVLGPFzuoUy 15DZQLyoGh6bxrVKYiUc+SKZmv8LSGml0xvuF+xbRHXUaSVKrWJs75oWJyjwozKlZp9Zqjyrg h3gSnbpW22/dbQBKDyakhIuYLWnGzSRXRyAHSjnCQNx6/0U8QI+dTeQ81wZm6zAu5iAbUzEp/ kXS9F1mwk/UNSn/pYc9WE3cXUjOaPzyYf0+D/SyKXXTcpqf1nf9uWLceNVe0jcQkopxDBQ7JG hXanxApx3rfQrQpn35povg61ru7QWSk/fzvuuXoLGZKICz8pZzgYBbrp9mSWG3R6CJ3majl23 hLpz+NUqBBNM5bwklfsP72qOrdM/fUvU5Dwt605moQU/+ueuYr1Bao4aJXiNMnIXt/Ni91tz/ wRQXDbrKakE/zeScnmbQPQMPVUO68z1XoG1vWf8at+as7y5Jvq7Nmmp9tnlpGvZ76pkj4lKu1 RHlDSVyltvlfq4xyr7QcNUgIFZlexDsC44JeuToAzoAwMMfcf9Ctb8Ogm69ej0mzCOGqVy6Be lwid7WII6Ti9lNGFk X-Rspamd-Queue-Id: 48WJqM06jbz4GwY X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=RfXhphtw; dmarc=none; spf=pass (mx1.freebsd.org: domain of ben.rubson@gmx.com designates 212.227.17.20 as permitted sender) smtp.mailfrom=ben.rubson@gmx.com X-Spamd-Result: default: False [-2.09 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.227.17.0/27]; FREEMAIL_FROM(0.00)[gmx.com]; TO_DN_NONE(0.00)[]; MV_CASE(0.50)[]; DKIM_TRACE(0.00)[gmx.net:+]; RECEIVED_SPAMHAUS_PBL(0.00)[151.198.64.82.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; RCVD_IN_DNSWL_LOW(-0.10)[20.17.227.212.list.dnswl.org : 127.0.3.1]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmx.com]; R_DKIM_ALLOW(-0.20)[gmx.net:s=badeba3b8450]; NEURAL_HAM_MEDIUM(-0.99)[-0.995,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; DMARC_NA(0.00)[gmx.com]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.00)[ip: (-6.57), ipnet: 212.227.0.0/16(-1.15), asn: 8560(2.17), country: DE(-0.02)]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Mar 2020 12:09:53 -0000 Hi, I've done some work to allow to connect to FreeBSD installer through = SSH. It can be useful for example if we have specific tasks to perform before = installation, such as disks configuration etc... Working through a SSH connection is much more convenient than in front = of a console. FreeBSD installer can then also be used as a rescue disk. To achieve this, I've modified FreeBSD installer, so that after having = installed SSHd, if performs following configuration modifications : - generate host keys into /var/ssh (as default /etc/ssh is not writable) = ; - only allow keys authentication ; - allow root authentication ; - read authorized_keys file from /var/ssh (as default homedirs are not = writable). SSHd can then be started thanks to the installer shell : service sshd = start And a public key put into for example = /var/ssh-keys/root/authorized_keys, thanks to fetch or whatever. Work is here : https://github.com/freebsd/freebsd/pull/156 Rather simple, and ready to be merged. This job is more than 2 years old, I would then really be glad if we = could see this in 12.2 installation ISOs. It would prevent me from having to modify the new ISO files to implement = this patch. Many thanks ! Best regards, Ben