Hello,

this technique for starting opensshd requires only a two-line edit in the current build scripts.

In the autosshd script, replace these two lines:

              if cat /proc/cmdline | grep -q "autosshd"; then
                      echo "root:lfs" | chpasswd

with:

              if [ -f /autosshd ] ; then

Then clean up /boot/isolinux/isolinux.cfg to always start linux, not linux-autosshd (you can drop linux-autosshd completely).

That's all! I was wrong about the need to swap anything in initramfs mount of unioinfs.

HOWTO use:

As you can see, there's no /autosshd file on the official LFS CD. You have to customize the CD by appending a second session to it.

First, burn the official ISO image in a multi-session mode:

cdrecord dev=/dev/cdrom driveropts=burnfree -v -multi -tao \
        lfslivecd-x86-6.1-1-rc1-with-this-mod.iso

Then, prepare a second session:

mkdir second-session
mkdir -m 700 second-session/root
mkdir second-session/root/.ssh
cp ~/.ssh/id_dsa.pub second-session/root/.ssh/authorized_keys
mkdir second-session/etc/sysconfig/network-devices/
# edit second-session/etc/sysconfig/network-devices/ifconfig.eth0
# edit second-session/etc/sysconfig/network
# add whatever else you want, e.g. modified /etc/shadow

The main thing:

touch second-session/autosshd

Create the ISO for the second session:

mkisofs -M lfslivecd-x86-6.1-1-rc1-with-this-mod.iso \
        -C `cdrecord -msinfo dev=/dev/cdrom` \
        -R -o second-session.iso second-session

Append it to the CD you just burned:

cdrecord dev=/dev/cdrom driveropts=burnfree -v -multi -tao \
        second-session.iso

Then boot the CD, and the SSH daemon will start. It will let you in with your SSH key or a password if you have modified /etc/shadow.

Advantages over the current autosshd method:

1) Better security: the LFS team and hackers who read the LFS lists don't know your password/key.
2) No unexpected autosshd startup.
3) Ability to configure the IP address (so that a DHCP server that hansd out a know address isn't needed). 4) Ability to supply supply your own ssh host keys instead of relying upon the generated ones.

--
Alexander E. Patrakov
--
http://linuxfromscratch.org/mailman/listinfo/livecd
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

Reply via email to