From owner-freebsd-hackers@freebsd.org Tue Mar 10 15:08:00 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E878E266871 for ; Tue, 10 Mar 2020 15:08:00 +0000 (UTC) (envelope-from ben.rubson@gmx.com) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48cJPB3Cckz458W for ; Tue, 10 Mar 2020 15:07:57 +0000 (UTC) (envelope-from ben.rubson@gmx.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1583852875; bh=9qhlDsuNkVPoYhd5BaATw03PXnNtrr5LqclqW8wldho=; h=X-UI-Sender-Class:From:Subject:Date:References:To:In-Reply-To; b=jBxuYd9dGQPXcxHPxNhzynUsCb8zN3B0w/98JSsaD2GXVR0IGw+R6YVur9dcPM/F5 EMQJ7uf/rIC30z+C2wCLeS8iFq7znwOgnehT2q6TQpHxQHY+w1K+69Q4X+SyaIK/+/ 4du/H2xghbv0isQTFWeUSfwJH3wmfNBDFph/ZcXo= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.0.102] ([82.64.198.151]) by mail.gmx.com (mrgmx004 [212.227.17.184]) with ESMTPSA (Nemesis) id 1MvK4Z-1jSwFm0Id7-00rGxG for ; Tue, 10 Mar 2020 16:07:55 +0100 From: Ben RUBSON Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\)) Subject: Re: Allow to run SSHd in Installer (12.2 patch) Date: Tue, 10 Mar 2020 16:07:54 +0100 References: <2352A2A0-999C-453F-92A1-D067E4C05712@gmx.com> To: freebsd-hackers@freebsd.org In-Reply-To: <2352A2A0-999C-453F-92A1-D067E4C05712@gmx.com> Message-Id: <6DB159F2-99C2-46BE-AEC5-99FB7582FCF0@gmx.com> X-Mailer: Apple Mail (2.3608.60.0.2.5) X-Provags-ID: V03:K1:6rDhuFAk2rfbu7fx5CpR0YEOMXawfn/i77k0dMzUP7+hfO7/FxD cdiQnGxRHP6CIw0UZZccjv6k6ZCjy3fhXlsf8nNwVm4Qu2EKX4Vt/zSarndKyBlAjnBfia4 a//1TDuOU9NSbHX8uwSNUbYUm5kV30q1Q21yyN5fAoHbH/q+spS+4NreLUx3soBXcbVex2Y muF2q8JW6dkLg+jzLh5qQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:OktqQRrrw58=:/hP3brMrRzic55GHjYCKPy BsuHI61cMPClBalIb6hpfX1F6SOlfmU1EfSqYnS7cnBQiBl/yTMWXDl4UB8EGdxbxDWczqGn4 r4JtKiGW7xMn5CLKImrKg2xKvyiXUU34cHqPuKilc1LBBS2PvPmr614AjOCXT76pbTH9kXP4n p14E9dpjjaIc3F6poUEH13PNgCanAnGhVfHlY+evQrHPaBEXSJrDaFEx/i92aTPU7ilBG5AMT x+kOwixDZZXAs3wWG7gQVPNegce5eWPr8HhndvyoHIvuXOASJPznFZ1GVLnUUyZ75JbTSi82B jY1lUooi4q8+HdsSVDAly5AhHDIWmnUK799SEAzVOBcF9enMJe9VWTwVA8ZDpugRRrKloOrDA 9hH8DWOxtciTs5L0YnYRsx/5yjx5SxBUKgz3DV35rZQ0E1HmBizrhuC3PxVE3UXfs5vw1DZ1R dIWI+s8Xb0jq5DVeZ+4mAZg3LNj5CBq9yGhYHvNLllpQlDSBgJOxwCvsPFfZBFeyuqk3WdP3N afdHIJ/UIkQjaQSZ1XwpunHNmRQ24TRMSQK256WQcrtp57sZt/Nnra8l1wqOuGKpnghW5TCX3 9Q2ze/emmYBC6uoyzgf9fBmQAn71LaWDGo0YG81viV73SVmxb9C6DPCWvIlChEmnhE+JnbjPl h/sUNzvJWcPchi3DzbjQp55lnbIrAzmFoUBqVEiJ4J0g/RQ8ahculwxRFfBQNqGMQggBcqsgf ekGFvgBMH5N4wx7jNXrRTkTEwFAvmPbctdJtPWRHbRHIpVvhV8chGR//psNzGuseJCzrBfJVn PfU0/cnB4C8dHW00q7E59utBcBVQneBkoG5/xA6cZ0V17MhTeT/rHBVGnKCZXIWchSOU0ONZK iBiyw7yrQPc6OtnF5bKj9vdsYslATB9HW65RyOHt6jGZ9FsPzGSWEjwfwgtuf2W2y6ORo5GaW jk8bN+CG7kkhofHXDb9px9NYabGRaGpQ0ZRviUnOJ2ziEHCSkxI3qtv0H+9Mokez0Ip4g4XU0 5CMNdcTAcTfvbMtpOQOzoEsuqimuKVQfUsvX8dQ+XfLjLq9D5h0CrvE9hPN8xlUk1np693Zda wwTvJJ8k2sQwOJuJnjM/cEM8qUyPcRrrj5RvIXifhgiDKJrUX0xxQXEBx9UTqW/IlZR3+XVdG r3/x7RMp4hJTna4GRcKu1HaTR7L/cKz6hoeIoqkiybrj2qDnfOTUNKZLn3lzko26LTVlTnAhP 14H8+LDX6uNhaCYUS X-Rspamd-Queue-Id: 48cJPB3Cckz458W X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=jBxuYd9d; dmarc=none; spf=pass (mx1.freebsd.org: domain of ben.rubson@gmx.com designates 212.227.15.15 as permitted sender) smtp.mailfrom=ben.rubson@gmx.com X-Spamd-Result: default: False [-1.93 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.227.15.0/24]; FREEMAIL_FROM(0.00)[gmx.com]; TO_DN_NONE(0.00)[]; MV_CASE(0.50)[]; DKIM_TRACE(0.00)[gmx.net:+]; RECEIVED_SPAMHAUS_PBL(0.00)[151.198.64.82.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; RCVD_IN_DNSWL_LOW(-0.10)[15.15.227.212.list.dnswl.org : 127.0.3.1]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmx.com]; R_DKIM_ALLOW(-0.20)[gmx.net:s=badeba3b8450]; NEURAL_HAM_MEDIUM(-0.83)[-0.831,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; DMARC_NA(0.00)[gmx.com]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.00)[ip: (-6.95), ipnet: 212.227.0.0/16(-1.12), asn: 8560(2.17), country: DE(-0.02)]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Mar 2020 15:08:01 -0000 > On 2 Mar 2020, at 13:09, Ben RUBSON wrote: >=20 > Hi, >=20 > I've done some work to allow to connect to FreeBSD installer through = SSH. > It can be useful for example if we have specific tasks to perform = before installation, such as disks configuration etc... > Working through a SSH connection is much more convenient than in front = of a console. > FreeBSD installer can then also be used as a rescue disk. >=20 > To achieve this, I've modified FreeBSD installer, so that after having = installed SSHd, if performs following configuration modifications : > - generate host keys into /var/ssh (as default /etc/ssh is not = writable) ; > - only allow keys authentication ; > - allow root authentication ; > - read authorized_keys file from /var/ssh (as default homedirs are not = writable). >=20 > SSHd can then be started thanks to the installer shell : service sshd = start > And a public key put into for example = /var/ssh-keys/root/authorized_keys, thanks to fetch or whatever. >=20 > Work is here : > https://github.com/freebsd/freebsd/pull/156 > Rather simple, and ready to be merged. >=20 > This job is more than 2 years old, I would then really be glad if we = could see this in 12.2 installation ISOs. > It would prevent me from having to modify the new ISO files to = implement this patch. Any thoughts ? :) Thank you very much ! Ben