Re: add empty /root/.ssh/authorized_keys to mtree/sets ?

2017-02-10 Thread Antoine Jacoutot 
On Fri, Feb 10, 2017 at 10:00:51AM +0100, Landry Breuil wrote:
> On Fri, Feb 10, 2017 at 09:36:16AM +0100, Antoine Jacoutot wrote:
> > On Thu, Feb 09, 2017 at 06:19:54PM +0100, Landry Breuil wrote:
> > > On Sun, Feb 05, 2017 at 08:37:31PM +, Stuart Henderson wrote:
> > > > On 2017/02/05 09:53, Robert Peichaer wrote:
> > > > > On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote:
> > > > > > Hi,
> > > > > > 
> > > > > > when installing 'throwaway' VMs (manually, not always using 
> > > > > > autoinstall for
> > > > > > $REASONS) i've often found myself having to do right after the 
> > > > > > install:
> > > > > > install -d -m 700 /root/.ssh
> > > > > > install -m 600 /dev/null /root/.ssh/authorized_keys
> > > > > > (or touch /root/.ssh/authorized_keys && chmod 600
> > > > > > /root/.ssh/authorized_keys, ymmv)
> > > > > > 
> > > > > > those are present in /etc/skel for "real" users, so why not creating
> > > > > > them for the root account ? install.sub also creates /mnt/root/.ssh 
> > > > > > when
> > > > > > using autoinstall and giving an ssh pubkey, so that'll be one less 
> > > > > > step
> > > > > > to do there.
> > > > > > 
> > > > > > We advise ppl to set prohibit-password for PermitRootLogin, so why 
> > > > > > not make it
> > > > > > easier to use it ? This ways, the correct modes are set.. i often 
> > > > > > fat-fingered
> > > > > > this, to see sshd complaining (rightly!) about bad modes on 
> > > > > > .ssh/authorized_keys.
> > > > > 
> > > > > Conceptually I'd like this going in.
> > > > 
> > > > +1. (On "managed" systems I use root-owned authorized_keys in a system 
> > > > directory,
> > > > but this doesn't get in the way, and it makes things easier on ad-hoc 
> > > > installed
> > > > systems).
> > > 
> > > Finally built a release with this, the empty file is created in
> > > /var/sysmerge/etc.tgz, and sysmerge didnt overwrite my own
> > > /root/.ssh/authorized_keys - so i think i can now explicitely ask for 
> > > okays.
> > > dtucker@ mentioned that in ${INSTALL} -c idiom the -c was a noop, but i 
> > > kept it
> > > for consistency.
> > > Hopefully more ppl can chime in and think of potential drawbacks this
> > > diff exposes...
> > > 
> > > Sets diff added too, modeled after what's done for
> > > /etc/skel/.ssh/authorized_keys - dunno if it should be commited along the 
> > > etc/
> > > change.
> > 
> > Can you add it to mtree/special please?
> 
> Sure ! Here's a new fuller diff touching files all around..
> 
> Index: etc/Makefile
> ===
> RCS file: /cvs/src/etc/Makefile,v
> retrieving revision 1.449
> diff -u -r1.449 Makefile
> --- etc/Makefile  2 Feb 2017 21:35:05 -   1.449
> +++ etc/Makefile  10 Feb 2017 08:59:27 -
> @@ -110,6 +110,8 @@
>   ${DESTDIR}/root/.Xdefaults; \
>   ${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \
>   ${DESTDIR}/root/.cvsrc; \
> + ${INSTALL} -c -o root -g wheel -m 600 /dev/null \
> + ${DESTDIR}/root/.ssh/authorized_keys; \
>   rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \
>   ${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \
>   ${DESTDIR}/.cshrc; \
> Index: etc/mtree/4.4BSD.dist
> ===
> RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
> retrieving revision 1.293
> diff -u -r1.293 4.4BSD.dist
> --- etc/mtree/4.4BSD.dist 27 Dec 2016 09:17:52 -  1.293
> +++ etc/mtree/4.4BSD.dist 10 Feb 2017 08:59:27 -
> @@ -118,6 +118,8 @@
>  mnt
>  ..
>  root mode=0700
> +.ssh uname=root mode=0700
> +..
>  ..
>  sbin
>  ..
> Index: etc/mtree/special
> ===
> RCS file: /cvs/src/etc/mtree/special,v
> retrieving revision 1.122
> diff -u -r1.122 special
> --- etc/mtree/special 27 Dec 2016 09:17:52 -  1.122
> +++ etc/mtree/special 10 Feb 2017 08:59:27 -
> @@ -121,6 +121,9 @@
>  .login   type=file mode=0644 uname=root gname=wheel
>  .profile type=file mode=0644 uname=root gname=wheel
>  .rhosts  type=file mode=0600 uname=root gname=wheel optional
> +.ssh type=dir mode=0700 uname=root gname=wheel
> +..   #.ssh

Comment should say:
#root/.ssh

The rest looks fine to me.

> +authorized_keys  type=file mode=0600 uname=root gname=wheel
>  ..   #root
>  
>  sbin type=dir mode=0755 uname=root gname=wheel ignore
> Index: distrib/miniroot/install.sub
> ===
> RCS file: /cvs/src/distrib/miniroot/install.sub,v
> retrieving revision 1.969
> diff -u -r1.969 install.sub
> --- distrib/miniroot/install.sub  8 Feb 2017 23:13:02 -   1.969
> +++ distrib/miniroot/install.sub  10 Feb 2017 08:59:27 -
> @@ -2868,7 +2868,6 @@
>   # During autoinstall, add root u

Re: add empty /root/.ssh/authorized_keys to mtree/sets ?

2017-02-10 Thread Landry Breuil 
On Fri, Feb 10, 2017 at 09:36:16AM +0100, Antoine Jacoutot wrote:
> On Thu, Feb 09, 2017 at 06:19:54PM +0100, Landry Breuil wrote:
> > On Sun, Feb 05, 2017 at 08:37:31PM +, Stuart Henderson wrote:
> > > On 2017/02/05 09:53, Robert Peichaer wrote:
> > > > On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote:
> > > > > Hi,
> > > > > 
> > > > > when installing 'throwaway' VMs (manually, not always using 
> > > > > autoinstall for
> > > > > $REASONS) i've often found myself having to do right after the 
> > > > > install:
> > > > > install -d -m 700 /root/.ssh
> > > > > install -m 600 /dev/null /root/.ssh/authorized_keys
> > > > > (or touch /root/.ssh/authorized_keys && chmod 600
> > > > > /root/.ssh/authorized_keys, ymmv)
> > > > > 
> > > > > those are present in /etc/skel for "real" users, so why not creating
> > > > > them for the root account ? install.sub also creates /mnt/root/.ssh 
> > > > > when
> > > > > using autoinstall and giving an ssh pubkey, so that'll be one less 
> > > > > step
> > > > > to do there.
> > > > > 
> > > > > We advise ppl to set prohibit-password for PermitRootLogin, so why 
> > > > > not make it
> > > > > easier to use it ? This ways, the correct modes are set.. i often 
> > > > > fat-fingered
> > > > > this, to see sshd complaining (rightly!) about bad modes on 
> > > > > .ssh/authorized_keys.
> > > > 
> > > > Conceptually I'd like this going in.
> > > 
> > > +1. (On "managed" systems I use root-owned authorized_keys in a system 
> > > directory,
> > > but this doesn't get in the way, and it makes things easier on ad-hoc 
> > > installed
> > > systems).
> > 
> > Finally built a release with this, the empty file is created in
> > /var/sysmerge/etc.tgz, and sysmerge didnt overwrite my own
> > /root/.ssh/authorized_keys - so i think i can now explicitely ask for okays.
> > dtucker@ mentioned that in ${INSTALL} -c idiom the -c was a noop, but i 
> > kept it
> > for consistency.
> > Hopefully more ppl can chime in and think of potential drawbacks this
> > diff exposes...
> > 
> > Sets diff added too, modeled after what's done for
> > /etc/skel/.ssh/authorized_keys - dunno if it should be commited along the 
> > etc/
> > change.
> 
> Can you add it to mtree/special please?

Sure ! Here's a new fuller diff touching files all around..

Index: etc/Makefile
===
RCS file: /cvs/src/etc/Makefile,v
retrieving revision 1.449
diff -u -r1.449 Makefile
--- etc/Makefile2 Feb 2017 21:35:05 -   1.449
+++ etc/Makefile10 Feb 2017 08:59:27 -
@@ -110,6 +110,8 @@
${DESTDIR}/root/.Xdefaults; \
${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \
${DESTDIR}/root/.cvsrc; \
+   ${INSTALL} -c -o root -g wheel -m 600 /dev/null \
+   ${DESTDIR}/root/.ssh/authorized_keys; \
rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \
${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \
${DESTDIR}/.cshrc; \
Index: etc/mtree/4.4BSD.dist
===
RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
retrieving revision 1.293
diff -u -r1.293 4.4BSD.dist
--- etc/mtree/4.4BSD.dist   27 Dec 2016 09:17:52 -  1.293
+++ etc/mtree/4.4BSD.dist   10 Feb 2017 08:59:27 -
@@ -118,6 +118,8 @@
 mnt
 ..
 root   mode=0700
+.ssh   uname=root mode=0700
+..
 ..
 sbin
 ..
Index: etc/mtree/special
===
RCS file: /cvs/src/etc/mtree/special,v
retrieving revision 1.122
diff -u -r1.122 special
--- etc/mtree/special   27 Dec 2016 09:17:52 -  1.122
+++ etc/mtree/special   10 Feb 2017 08:59:27 -
@@ -121,6 +121,9 @@
 .login type=file mode=0644 uname=root gname=wheel
 .profile   type=file mode=0644 uname=root gname=wheel
 .rhoststype=file mode=0600 uname=root gname=wheel optional
+.ssh   type=dir mode=0700 uname=root gname=wheel
+.. #.ssh
+authorized_keystype=file mode=0600 uname=root gname=wheel
 .. #root
 
 sbin   type=dir mode=0755 uname=root gname=wheel ignore
Index: distrib/miniroot/install.sub
===
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.969
diff -u -r1.969 install.sub
--- distrib/miniroot/install.sub8 Feb 2017 23:13:02 -   1.969
+++ distrib/miniroot/install.sub10 Feb 2017 08:59:27 -
@@ -2868,7 +2868,6 @@
# During autoinstall, add root user's public ssh key to authorized_keys.
[[ -n "$_rootkey" ]] && (
umask 077
-   mkdir /mnt/root/.ssh
print -r -- "$_rootkey" >>/mnt/root/.ssh/authorized_keys
)
 
Index: distrib/sets/lists/base/mi

Re: add empty /root/.ssh/authorized_keys to mtree/sets ?

2017-02-10 Thread Antoine Jacoutot 
On Thu, Feb 09, 2017 at 06:19:54PM +0100, Landry Breuil wrote:
> On Sun, Feb 05, 2017 at 08:37:31PM +, Stuart Henderson wrote:
> > On 2017/02/05 09:53, Robert Peichaer wrote:
> > > On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote:
> > > > Hi,
> > > > 
> > > > when installing 'throwaway' VMs (manually, not always using autoinstall 
> > > > for
> > > > $REASONS) i've often found myself having to do right after the install:
> > > > install -d -m 700 /root/.ssh
> > > > install -m 600 /dev/null /root/.ssh/authorized_keys
> > > > (or touch /root/.ssh/authorized_keys && chmod 600
> > > > /root/.ssh/authorized_keys, ymmv)
> > > > 
> > > > those are present in /etc/skel for "real" users, so why not creating
> > > > them for the root account ? install.sub also creates /mnt/root/.ssh when
> > > > using autoinstall and giving an ssh pubkey, so that'll be one less step
> > > > to do there.
> > > > 
> > > > We advise ppl to set prohibit-password for PermitRootLogin, so why not 
> > > > make it
> > > > easier to use it ? This ways, the correct modes are set.. i often 
> > > > fat-fingered
> > > > this, to see sshd complaining (rightly!) about bad modes on 
> > > > .ssh/authorized_keys.
> > > 
> > > Conceptually I'd like this going in.
> > 
> > +1. (On "managed" systems I use root-owned authorized_keys in a system 
> > directory,
> > but this doesn't get in the way, and it makes things easier on ad-hoc 
> > installed
> > systems).
> 
> Finally built a release with this, the empty file is created in
> /var/sysmerge/etc.tgz, and sysmerge didnt overwrite my own
> /root/.ssh/authorized_keys - so i think i can now explicitely ask for okays.
> dtucker@ mentioned that in ${INSTALL} -c idiom the -c was a noop, but i kept 
> it
> for consistency.
> Hopefully more ppl can chime in and think of potential drawbacks this
> diff exposes...
> 
> Sets diff added too, modeled after what's done for
> /etc/skel/.ssh/authorized_keys - dunno if it should be commited along the etc/
> change.

Can you add it to mtree/special please?


> Landry
> 
> Index: etc/Makefile
> ===
> RCS file: /cvs/src/etc/Makefile,v
> retrieving revision 1.449
> diff -u -r1.449 Makefile
> --- etc/Makefile  2 Feb 2017 21:35:05 -   1.449
> +++ etc/Makefile  9 Feb 2017 17:13:00 -
> @@ -110,6 +110,8 @@
>   ${DESTDIR}/root/.Xdefaults; \
>   ${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \
>   ${DESTDIR}/root/.cvsrc; \
> + ${INSTALL} -c -o root -g wheel -m 600 /dev/null \
> + ${DESTDIR}/root/.ssh/authorized_keys; \
>   rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \
>   ${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \
>   ${DESTDIR}/.cshrc; \
> Index: etc/mtree/4.4BSD.dist
> ===
> RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
> retrieving revision 1.293
> diff -u -r1.293 4.4BSD.dist
> --- etc/mtree/4.4BSD.dist 27 Dec 2016 09:17:52 -  1.293
> +++ etc/mtree/4.4BSD.dist 9 Feb 2017 17:13:00 -
> @@ -118,6 +118,8 @@
>  mnt
>  ..
>  root mode=0700
> +.ssh uname=root mode=0700
> +..
>  ..
>  sbin
>  ..
> 
> 
> Index: distrib/sets/lists/base/mi
> ===
> RCS file: /cvs/src/distrib/sets/lists/base/mi,v
> retrieving revision 1.820
> diff -u -r1.820 mi
> --- distrib/sets/lists/base/mi7 Feb 2017 21:32:48 -   1.820
> +++ distrib/sets/lists/base/mi9 Feb 2017 17:12:42 -
> @@ -232,6 +232,7 @@
>  ./home
>  ./mnt
>  ./root
> +./root/.ssh
>  ./sbin
>  ./sbin/atactl
>  ./sbin/badsect
> Index: distrib/sets/lists/etc/mi
> ===
> RCS file: /cvs/src/distrib/sets/lists/etc/mi,v
> retrieving revision 1.211
> diff -u -r1.211 mi
> --- distrib/sets/lists/etc/mi 1 Oct 2016 16:58:29 -   1.211
> +++ distrib/sets/lists/etc/mi 9 Feb 2017 17:12:42 -
> @@ -50,6 +50,7 @@
>  ./root/.cvsrc
>  ./root/.login
>  ./root/.profile
> +./root/.ssh/authorized_keys
>  ./var/crash/minfree
>  ./var/cron/at.deny
>  ./var/cron/cron.deny
> 

-- 
Antoine

Re: add empty /root/.ssh/authorized_keys to mtree/sets ?

2017-02-09 Thread Theo Buehler 
On Thu, Feb 09, 2017 at 06:19:54PM +0100, Landry Breuil wrote:
> On Sun, Feb 05, 2017 at 08:37:31PM +, Stuart Henderson wrote:
> > On 2017/02/05 09:53, Robert Peichaer wrote:
> > > On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote:
> > > > Hi,
> > > > 
> > > > when installing 'throwaway' VMs (manually, not always using autoinstall 
> > > > for
> > > > $REASONS) i've often found myself having to do right after the install:
> > > > install -d -m 700 /root/.ssh
> > > > install -m 600 /dev/null /root/.ssh/authorized_keys
> > > > (or touch /root/.ssh/authorized_keys && chmod 600
> > > > /root/.ssh/authorized_keys, ymmv)
> > > > 
> > > > those are present in /etc/skel for "real" users, so why not creating
> > > > them for the root account ? install.sub also creates /mnt/root/.ssh when
> > > > using autoinstall and giving an ssh pubkey, so that'll be one less step
> > > > to do there.
> > > > 
> > > > We advise ppl to set prohibit-password for PermitRootLogin, so why not 
> > > > make it
> > > > easier to use it ? This ways, the correct modes are set.. i often 
> > > > fat-fingered
> > > > this, to see sshd complaining (rightly!) about bad modes on 
> > > > .ssh/authorized_keys.
> > > 
> > > Conceptually I'd like this going in.
> > 
> > +1. (On "managed" systems I use root-owned authorized_keys in a system 
> > directory,
> > but this doesn't get in the way, and it makes things easier on ad-hoc 
> > installed
> > systems).
> 
> Finally built a release with this, the empty file is created in
> /var/sysmerge/etc.tgz, and sysmerge didnt overwrite my own
> /root/.ssh/authorized_keys - so i think i can now explicitely ask for okays.
> dtucker@ mentioned that in ${INSTALL} -c idiom the -c was a noop, but i kept 
> it
> for consistency.

Agree with that.

> Hopefully more ppl can chime in and think of potential drawbacks this
> diff exposes...

FWIW, I don't see a downside to this diff. 

> Sets diff added too, modeled after what's done for
> /etc/skel/.ssh/authorized_keys - dunno if it should be commited along the etc/
> change.

Yes, please commit the sets diff at the same time as the etc/Makefile
and the mtree diff, otherwise sysmerge won't pick it up. Also, please
commit this trivial diff for the installer at the same time so people
won't complain about autinstall warnings.

with that

ok tb

Index: install.sub
===
RCS file: /var/cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.969
diff -u -p -r1.969 install.sub
--- install.sub 8 Feb 2017 23:13:02 -   1.969
+++ install.sub 9 Feb 2017 19:25:09 -
@@ -2868,7 +2868,6 @@ do_install(){
# During autoinstall, add root user's public ssh key to authorized_keys.
[[ -n "$_rootkey" ]] && (
umask 077
-   mkdir /mnt/root/.ssh
print -r -- "$_rootkey" >>/mnt/root/.ssh/authorized_keys
)

Re: add empty /root/.ssh/authorized_keys to mtree/sets ?

2017-02-09 Thread Landry Breuil 
On Thu, Feb 09, 2017 at 06:19:54PM +0100, Landry Breuil wrote:
> On Sun, Feb 05, 2017 at 08:37:31PM +, Stuart Henderson wrote:
> > On 2017/02/05 09:53, Robert Peichaer wrote:
> > > On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote:
> > > > Hi,
> > > > 
> > > > when installing 'throwaway' VMs (manually, not always using autoinstall 
> > > > for
> > > > $REASONS) i've often found myself having to do right after the install:
> > > > install -d -m 700 /root/.ssh
> > > > install -m 600 /dev/null /root/.ssh/authorized_keys
> > > > (or touch /root/.ssh/authorized_keys && chmod 600
> > > > /root/.ssh/authorized_keys, ymmv)
> > > > 
> > > > those are present in /etc/skel for "real" users, so why not creating
> > > > them for the root account ? install.sub also creates /mnt/root/.ssh when
> > > > using autoinstall and giving an ssh pubkey, so that'll be one less step
> > > > to do there.
> > > > 
> > > > We advise ppl to set prohibit-password for PermitRootLogin, so why not 
> > > > make it
> > > > easier to use it ? This ways, the correct modes are set.. i often 
> > > > fat-fingered
> > > > this, to see sshd complaining (rightly!) about bad modes on 
> > > > .ssh/authorized_keys.
> > > 
> > > Conceptually I'd like this going in.
> > 
> > +1. (On "managed" systems I use root-owned authorized_keys in a system 
> > directory,
> > but this doesn't get in the way, and it makes things easier on ad-hoc 
> > installed
> > systems).
> 
> Finally built a release with this, the empty file is created in
> /var/sysmerge/etc.tgz, and sysmerge didnt overwrite my own
> /root/.ssh/authorized_keys - so i think i can now explicitely ask for okays.
> dtucker@ mentioned that in ${INSTALL} -c idiom the -c was a noop, but i kept 
> it
> for consistency.
> Hopefully more ppl can chime in and think of potential drawbacks this
> diff exposes...

One of the drawbacks i see is that ppl *might* get a security alert from
changelist if the (empty) file suddenly appears after an upgrade... but
i think we can/should live with that ?

Landry

Re: add empty /root/.ssh/authorized_keys to mtree/sets ?

2017-02-09 Thread Landry Breuil 
On Sun, Feb 05, 2017 at 08:37:31PM +, Stuart Henderson wrote:
> On 2017/02/05 09:53, Robert Peichaer wrote:
> > On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote:
> > > Hi,
> > > 
> > > when installing 'throwaway' VMs (manually, not always using autoinstall 
> > > for
> > > $REASONS) i've often found myself having to do right after the install:
> > > install -d -m 700 /root/.ssh
> > > install -m 600 /dev/null /root/.ssh/authorized_keys
> > > (or touch /root/.ssh/authorized_keys && chmod 600
> > > /root/.ssh/authorized_keys, ymmv)
> > > 
> > > those are present in /etc/skel for "real" users, so why not creating
> > > them for the root account ? install.sub also creates /mnt/root/.ssh when
> > > using autoinstall and giving an ssh pubkey, so that'll be one less step
> > > to do there.
> > > 
> > > We advise ppl to set prohibit-password for PermitRootLogin, so why not 
> > > make it
> > > easier to use it ? This ways, the correct modes are set.. i often 
> > > fat-fingered
> > > this, to see sshd complaining (rightly!) about bad modes on 
> > > .ssh/authorized_keys.
> > 
> > Conceptually I'd like this going in.
> 
> +1. (On "managed" systems I use root-owned authorized_keys in a system 
> directory,
> but this doesn't get in the way, and it makes things easier on ad-hoc 
> installed
> systems).

Finally built a release with this, the empty file is created in
/var/sysmerge/etc.tgz, and sysmerge didnt overwrite my own
/root/.ssh/authorized_keys - so i think i can now explicitely ask for okays.
dtucker@ mentioned that in ${INSTALL} -c idiom the -c was a noop, but i kept it
for consistency.
Hopefully more ppl can chime in and think of potential drawbacks this
diff exposes...

Sets diff added too, modeled after what's done for
/etc/skel/.ssh/authorized_keys - dunno if it should be commited along the etc/
change.

Landry

Index: etc/Makefile
===
RCS file: /cvs/src/etc/Makefile,v
retrieving revision 1.449
diff -u -r1.449 Makefile
--- etc/Makefile2 Feb 2017 21:35:05 -   1.449
+++ etc/Makefile9 Feb 2017 17:13:00 -
@@ -110,6 +110,8 @@
${DESTDIR}/root/.Xdefaults; \
${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \
${DESTDIR}/root/.cvsrc; \
+   ${INSTALL} -c -o root -g wheel -m 600 /dev/null \
+   ${DESTDIR}/root/.ssh/authorized_keys; \
rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \
${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \
${DESTDIR}/.cshrc; \
Index: etc/mtree/4.4BSD.dist
===
RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
retrieving revision 1.293
diff -u -r1.293 4.4BSD.dist
--- etc/mtree/4.4BSD.dist   27 Dec 2016 09:17:52 -  1.293
+++ etc/mtree/4.4BSD.dist   9 Feb 2017 17:13:00 -
@@ -118,6 +118,8 @@
 mnt
 ..
 root   mode=0700
+.ssh   uname=root mode=0700
+..
 ..
 sbin
 ..


Index: distrib/sets/lists/base/mi
===
RCS file: /cvs/src/distrib/sets/lists/base/mi,v
retrieving revision 1.820
diff -u -r1.820 mi
--- distrib/sets/lists/base/mi  7 Feb 2017 21:32:48 -   1.820
+++ distrib/sets/lists/base/mi  9 Feb 2017 17:12:42 -
@@ -232,6 +232,7 @@
 ./home
 ./mnt
 ./root
+./root/.ssh
 ./sbin
 ./sbin/atactl
 ./sbin/badsect
Index: distrib/sets/lists/etc/mi
===
RCS file: /cvs/src/distrib/sets/lists/etc/mi,v
retrieving revision 1.211
diff -u -r1.211 mi
--- distrib/sets/lists/etc/mi   1 Oct 2016 16:58:29 -   1.211
+++ distrib/sets/lists/etc/mi   9 Feb 2017 17:12:42 -
@@ -50,6 +50,7 @@
 ./root/.cvsrc
 ./root/.login
 ./root/.profile
+./root/.ssh/authorized_keys
 ./var/crash/minfree
 ./var/cron/at.deny
 ./var/cron/cron.deny

Re: add empty /root/.ssh/authorized_keys to mtree/sets ?

2017-02-05 Thread Stuart Henderson 
On 2017/02/05 09:53, Robert Peichaer wrote:
> On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote:
> > Hi,
> > 
> > when installing 'throwaway' VMs (manually, not always using autoinstall for
> > $REASONS) i've often found myself having to do right after the install:
> > install -d -m 700 /root/.ssh
> > install -m 600 /dev/null /root/.ssh/authorized_keys
> > (or touch /root/.ssh/authorized_keys && chmod 600
> > /root/.ssh/authorized_keys, ymmv)
> > 
> > those are present in /etc/skel for "real" users, so why not creating
> > them for the root account ? install.sub also creates /mnt/root/.ssh when
> > using autoinstall and giving an ssh pubkey, so that'll be one less step
> > to do there.
> > 
> > We advise ppl to set prohibit-password for PermitRootLogin, so why not make 
> > it
> > easier to use it ? This ways, the correct modes are set.. i often 
> > fat-fingered
> > this, to see sshd complaining (rightly!) about bad modes on 
> > .ssh/authorized_keys.
> 
> Conceptually I'd like this going in.

+1. (On "managed" systems I use root-owned authorized_keys in a system 
directory,
but this doesn't get in the way, and it makes things easier on ad-hoc installed
systems).

> > Conceptual (untested) diff below for discussion, i'll build a release with 
> > it
> > depending on the feedback/opinions..
> > 
> > Landry
> > 
> > Index: Makefile
> > ===
> > RCS file: /cvs/src/etc/Makefile,v
> > retrieving revision 1.449
> > diff -u -r1.449 Makefile
> > --- Makefile2 Feb 2017 21:35:05 -   1.449
> > +++ Makefile5 Feb 2017 09:34:58 -
> > @@ -110,6 +110,8 @@
> > ${DESTDIR}/root/.Xdefaults; \
> > ${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \
> > ${DESTDIR}/root/.cvsrc; \
> > +   ${INSTALL} -c -o root -g wheel -m 600 /dev/null \
> > +   ${DESTDIR}/root/.ssh/authorized_keys
> > rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \
> > ${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \
> > ${DESTDIR}/.cshrc; \
> > Index: mtree/4.4BSD.dist
> > ===
> > RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
> > retrieving revision 1.293
> > diff -u -r1.293 4.4BSD.dist
> > --- mtree/4.4BSD.dist   27 Dec 2016 09:17:52 -  1.293
> > +++ mtree/4.4BSD.dist   5 Feb 2017 09:34:58 -
> > @@ -118,6 +118,8 @@
> >  mnt
> >  ..
> >  root   mode=0700
> > +.ssh   uname=root mode=0700
> > +..
> >  ..
> >  sbin
> >  ..
> > 
>

Re: add empty /root/.ssh/authorized_keys to mtree/sets ?

2017-02-05 Thread Robert Peichaer 
On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote:
> Hi,
> 
> when installing 'throwaway' VMs (manually, not always using autoinstall for
> $REASONS) i've often found myself having to do right after the install:
> install -d -m 700 /root/.ssh
> install -m 600 /dev/null /root/.ssh/authorized_keys
> (or touch /root/.ssh/authorized_keys && chmod 600
> /root/.ssh/authorized_keys, ymmv)
> 
> those are present in /etc/skel for "real" users, so why not creating
> them for the root account ? install.sub also creates /mnt/root/.ssh when
> using autoinstall and giving an ssh pubkey, so that'll be one less step
> to do there.
> 
> We advise ppl to set prohibit-password for PermitRootLogin, so why not make it
> easier to use it ? This ways, the correct modes are set.. i often fat-fingered
> this, to see sshd complaining (rightly!) about bad modes on 
> .ssh/authorized_keys.

Conceptually I'd like this going in.

> Conceptual (untested) diff below for discussion, i'll build a release with it
> depending on the feedback/opinions..
> 
> Landry
> 
> Index: Makefile
> ===
> RCS file: /cvs/src/etc/Makefile,v
> retrieving revision 1.449
> diff -u -r1.449 Makefile
> --- Makefile  2 Feb 2017 21:35:05 -   1.449
> +++ Makefile  5 Feb 2017 09:34:58 -
> @@ -110,6 +110,8 @@
>   ${DESTDIR}/root/.Xdefaults; \
>   ${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \
>   ${DESTDIR}/root/.cvsrc; \
> + ${INSTALL} -c -o root -g wheel -m 600 /dev/null \
> + ${DESTDIR}/root/.ssh/authorized_keys
>   rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \
>   ${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \
>   ${DESTDIR}/.cshrc; \
> Index: mtree/4.4BSD.dist
> ===
> RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
> retrieving revision 1.293
> diff -u -r1.293 4.4BSD.dist
> --- mtree/4.4BSD.dist 27 Dec 2016 09:17:52 -  1.293
> +++ mtree/4.4BSD.dist 5 Feb 2017 09:34:58 -
> @@ -118,6 +118,8 @@
>  mnt
>  ..
>  root mode=0700
> +.ssh uname=root mode=0700
> +..
>  ..
>  sbin
>  ..
>

add empty /root/.ssh/authorized_keys to mtree/sets ?

2017-02-05 Thread Landry Breuil 
Hi,

when installing 'throwaway' VMs (manually, not always using autoinstall for
$REASONS) i've often found myself having to do right after the install:
install -d -m 700 /root/.ssh
install -m 600 /dev/null /root/.ssh/authorized_keys
(or touch /root/.ssh/authorized_keys && chmod 600
/root/.ssh/authorized_keys, ymmv)

those are present in /etc/skel for "real" users, so why not creating
them for the root account ? install.sub also creates /mnt/root/.ssh when
using autoinstall and giving an ssh pubkey, so that'll be one less step
to do there.

We advise ppl to set prohibit-password for PermitRootLogin, so why not make it
easier to use it ? This ways, the correct modes are set.. i often fat-fingered
this, to see sshd complaining (rightly!) about bad modes on 
.ssh/authorized_keys.

Conceptual (untested) diff below for discussion, i'll build a release with it
depending on the feedback/opinions..

Landry

Index: Makefile
===
RCS file: /cvs/src/etc/Makefile,v
retrieving revision 1.449
diff -u -r1.449 Makefile
--- Makefile2 Feb 2017 21:35:05 -   1.449
+++ Makefile5 Feb 2017 09:34:58 -
@@ -110,6 +110,8 @@
${DESTDIR}/root/.Xdefaults; \
${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \
${DESTDIR}/root/.cvsrc; \
+   ${INSTALL} -c -o root -g wheel -m 600 /dev/null \
+   ${DESTDIR}/root/.ssh/authorized_keys
rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \
${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \
${DESTDIR}/.cshrc; \
Index: mtree/4.4BSD.dist
===
RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
retrieving revision 1.293
diff -u -r1.293 4.4BSD.dist
--- mtree/4.4BSD.dist   27 Dec 2016 09:17:52 -  1.293
+++ mtree/4.4BSD.dist   5 Feb 2017 09:34:58 -
@@ -118,6 +118,8 @@
 mnt
 ..
 root   mode=0700
+.ssh   uname=root mode=0700
+..
 ..
 sbin
 ..