From owner-freebsd-current@FreeBSD.ORG Wed Dec 15 17:16:19 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 767DE16A4CE; Wed, 15 Dec 2004 17:16:19 +0000 (GMT) Received: from oneplusone.ch (oneplusone.ch [212.55.208.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D9FC43D1D; Wed, 15 Dec 2004 17:16:18 +0000 (GMT) (envelope-from ast@marabu.ch) Received: from oneplusone.ch (localhost [127.0.0.1]) by oneplusone.ch (8.13.1/8.13.1) with ESMTP id iBFHG2QL038202; Wed, 15 Dec 2004 18:16:02 +0100 (CET) (envelope-from ast@marabu.ch) Received: (from uucp@localhost) by oneplusone.ch (8.13.1/8.13.1/Submit) with UUCP id iBFHG1LD038201; Wed, 15 Dec 2004 18:16:01 +0100 (CET) (envelope-from ast@marabu.ch) Received: from nano.marabu.ch (nano.marabu.ch [192.168.21.102]) by pano.marabu.ch (8.12.10/8.12.10) with ESMTP id iBFHDlRI069453; Wed, 15 Dec 2004 18:13:47 +0100 (CET) (envelope-from ast@marabu.ch) Received: from marabu.marabu.ch (marabu.marabu.ch [192.168.21.3]) by nano.marabu.ch (8.12.9/8.12.9) with ESMTP id iBFHDkGG063610; Wed, 15 Dec 2004 18:13:47 +0100 (CET) (envelope-from ast@marabu.marabu.ch) Received: by marabu.marabu.ch (8.7.5/20001028-ast-8.3) id SAA02266; Wed, 15 Dec 2004 18:13:43 +0100 (CET) Message-Id: <200412151713.SAA02266@marabu.marabu.ch> MIME-Version: 1.0 (NeXT Mail 3.3 v124.8483.6) Content-Type: text/plain In-Reply-To: <44115.1103109518@critter.freebsd.dk> X-Nextstep-Mailer: Mail 3.3 (Enhance 2.0b6) Received: by NeXT.Mailer (1.124.8483.6) From: Adrian Steinmann Date: Wed, 15 Dec 2004 18:13:41 +0100 To: current@FreeBSD.org References: <44115.1103109518@critter.freebsd.dk> X-Organization: Webgroup Consulting AG, Apollostrasse 21, 8032 Zurich X-Phone-Numbers: Switzerland, Tel +41 1 380 30 83 Fax +41 1 380 30 85 X-Mailfilter: egfilter version 1.2.4.27; Archiver [msg.NwQwDH8c] cc: Ruslan Ermilov cc: Poul-Henning Kamp cc: Matthias Andree Subject: SSH ramdisk environment (Was: Background fsck is broken) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Dec 2004 17:16:19 -0000 In message <43574.1103107578@critter.freebsd.dk> it was mentioned that in message , Matthias Andree wrote: >On my wishlist, I've always wanted a "networked single user mode" >(i. e. only sshd running, only root login with key possible), and I've >always wondered why the whole system recovery is focused so much on the >principle of a "single-user console". To which "Poul-Henning Kamp" responds: Implement it! I've wanted that for a long time too. We have something like this is our STYX system (STYX is a Remote Managed Firewall Service based is a hardened/reduced FreeBSD System). What we do is create two files /boot/maint/k.gz /boot/maint/fs.gz which are loaded via /boot/maint/loader.rc which contains: unload load /boot/maint/k load -t md_image /boot/maint/fs autoboot this boots the system into a ramdisk "maintenance" mode, networked and running a sshd. If you replace /boot/loader.rc with /boot/maint/loader.rc and reboot, you go into this maintenance mode. You can then ssh as root with the correct SSH private key, and from there, you can mess up the system at will. This has been working nicely on 4.x and recently we got "STYX 5.3" build working for "-current" (after we burnt the bridge to not support having the full /boot/* including /boot/maint/* on one floppy). I was hoping to get geom gmirror/gbde to work in the ramdisk crunch environment, but the geom_* programs are practically impossible to crunch. We haven't evangelized this work too much for lack of time, but I'd be happy to furnish the scripts if there is interest. Adrian _______________________________________________ Adrian Steinmann Apollostrasse 21 8032 Zurich Tel +41 44 380 30 80 Mailto:ast@marabu.ch