Date: Mon, 16 Mar 2020 10:46:38 +0100 From: Ben RUBSON <ben.rubson@gmx.com> To: freebsd-hackers@freebsd.org Subject: Re: Allow to run SSHd in Installer (12.2 patch) Message-ID: <A3E1BDAF-E1F2-4D9B-B153-2BB2DEA6B482@gmx.com> In-Reply-To: <202003121829.02CITGjQ075689@gndrsh.dnsmgr.net> References: <202003121829.02CITGjQ075689@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you Ruben & Rodney for your interest into this. Of course your solution works Rodney but is not really convenient trough = a remote console. What my patch tends to fix :) Fingers crossed ! Ben > On 12 Mar 2020, at 19:29, Rodney W. Grimes = <freebsd-rwg@gndrsh.dnsmgr.net> wrote: >=20 > I have been starting sshd from install media since 5.4 or so, > here is my current method that should work on 11, 12 and 13: >=20 > # This version for FreeBSD 11.0R, works for 12.0 too >=20 > mkdir /tmp/ssh > cp -p /etc/ssh/sshd_config /tmp/ssh > echo 'PermitRootLogin yes' >> /tmp/ssh/sshd_config > echo 'AllowGroups wheel' >> /tmp/ssh/sshd_config > echo 'PermitEmptyPasswords yes' >> /tmp/ssh/sshd_config > echo 'HostKey /tmp/ssh/ssh_host_rsa_key' >> /tmp/ssh/sshd_config > echo 'HostKey /tmp/ssh/ssh_host_dsa_key' >> /tmp/ssh/sshd_config > echo 'UsePAM no' >> /tmp/ssh/sshd_config > echo 'PasswordAuthentication yes' >> /tmp/ssh/sshd_config >=20 > ssh-keygen -t rsa -f /tmp/ssh/ssh_host_rsa_key -N '' > ssh-keygen -t dsa -f /tmp/ssh/ssh_host_dsa_key -N '' >=20 > /usr/sbin/sshd -f /tmp/ssh/sshd_config >=20 > For those that "need" this feature today :-) Just drop to > a shell after booting from install media, run the above > commands, and you can get in. BEWARE, passwordless root login = enabled! >=20 >> Hi Ben, >>=20 >> I'm not a FreeBSD developer (so not your targeted audience) but would=20= >> very much like to see this land in a release! >>=20 >> Kind regards, >>=20 >> Ruben >>=20 >> On 3/10/20 4:07 PM, Ben RUBSON wrote: >>=20 >>>> On 2 Mar 2020, at 13:09, Ben RUBSON <ben.rubson@gmx.com> wrote: >>>>=20 >>>> Hi, >>>>=20 >>>> I've done some work to allow to connect to FreeBSD installer = through SSH. >>>> It can be useful for example if we have specific tasks to perform = before installation, such as disks configuration etc... >>>> Working through a SSH connection is much more convenient than in = front of a console. >>>> FreeBSD installer can then also be used as a rescue disk. >>>>=20 >>>> To achieve this, I've modified FreeBSD installer, so that after = having installed SSHd, if performs following configuration modifications = : >>>> - generate host keys into /var/ssh (as default /etc/ssh is not = writable) ; >>>> - only allow keys authentication ; >>>> - allow root authentication ; >>>> - read authorized_keys file from /var/ssh (as default homedirs are = not writable). >>>>=20 >>>> SSHd can then be started thanks to the installer shell : service = sshd start >>>> And a public key put into for example = /var/ssh-keys/root/authorized_keys, thanks to fetch or whatever. >>>>=20 >>>> Work is here : >>>> https://github.com/freebsd/freebsd/pull/156 >>>> Rather simple, and ready to be merged. >>>>=20 >>>> This job is more than 2 years old, I would then really be glad if = we could see this in 12.2 installation ISOs. >>>> It would prevent me from having to modify the new ISO files to = implement this patch. >>>=20 >>> Any thoughts ? :) >>>=20 >>> Thank you very much ! >>>=20 >>> Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A3E1BDAF-E1F2-4D9B-B153-2BB2DEA6B482>