Hello,
I recently faced the problem of trying to install SmartOS on a Skylake
system. This means no keyboard on the remote console due to missing USB3
support. While hacking something together, I realized that the idea is
useful enough for remote emergency maintainance as well, i.e. when a
machine in the office has issues like a broken firewall config and all
the technical assistanec you have at hand boils down to "Select the
second item on the GRUB boot prompt". The patch adds a boot command line
option "run_sshd=true". If it is set, the following happens:
- all interfaces are configured automatically with DHCP
- ssh-keygen creates a set of SSH keys, the fingerprints are shown on
the console
- the root password is replaced with root_shadow (if present)
- sshd is started
The final three steps are skipped if sshd is already running. This is
useful for installation as it allows just starting the script again from
ssh. It is easier than using the answer file when dealing with a fresh
installation on a new server, as you often won't know the correct
answers in advance.
I have not added anything advanced like providing authorized_keys via
separate file, the primary goal for me is to have something at hand that
works out of the box without customizing the ISO image. It is certainly
possible to extend this somewhat as a second step, if deemed useful.
Joerg
--- smartos_prompt_config.sh.orig Thu May 5 17:54:19 2016
+++ smartos_prompt_config.sh Thu May 5 18:19:52 2016
@@ -921,6 +921,15 @@
touch /${SYS_ZPOOL}/.system_pool
}
+update_root_password()
+{
+ [[ -z "$1" ]] && return 0
+ sed -e "s|^root:[^\:]*:|root:$1:|" /etc/shadow \
+ > /etc/shadow.tmp && \
+ /usr/bin/chmod 400 /etc/shadow.tmp && \
+ /usr/bin/mv /etc/shadow.tmp /etc/shadow
+}
+
trap "" SIGINT
while getopts "f:" opt
@@ -968,6 +977,9 @@
# work when combined with the later dladm commands
for iface in $(dladm show-phys -pmo link); do
ifconfig $iface plumb 2>/dev/null
+ if [[ -n $(/bin/bootparams | grep "^run_sshd=true") ]]; then
+ ifconfig $iface dhcp
+ fi
done
updatenicstates
@@ -978,6 +990,17 @@
printheader "Copyright 2013, Joyent, Inc."
+if [[ -n $(/bin/bootparams | /usr/bin/grep "^run_sshd=true") ]] && \
+ [[ -z $(/usr/bin/ps -e -o comm | /usr/bin/grep sshd) ]]; then
+ /usr/bin/ssh-keygen -A
+ /usr/bin/ssh-keygen -l -f /var/ssh/ssh_host_dsa_key
+ /usr/bin/ssh-keygen -l -f /var/ssh/ssh_host_rsa_key
+ /usr/bin/ssh-keygen -l -f /var/ssh/ssh_host_ecdsa_key
+ /usr/bin/ssh-keygen -l -f /var/ssh/ssh_host_ed25519_key
+ update_root_password "$(/bin/bootparams | grep "^root_shadow=" | sed
"s,^[^=]*=,,")"
+ /usr/lib/ssh/sshd
+fi
+
message="
You must answer the following questions to configure your SmartOS node.
You will have a chance to review and correct your answers, as well as a
@@ -1246,9 +1269,7 @@
mv $tmp_config /usbkey/config || fatal "failed to persist configuration"
# set the root password
-root_shadow=$(/usr/lib/cryptpass "$root_shadow")
-sed -e "s|^root:[^\:]*:|root:${root_shadow}:|" /etc/shadow > /usbkey/shadow \
- && chmod 400 /usbkey/shadow
+update_root_password "$(/usr/lib/cryptpass "$root_shadow")"
[[ $? -eq 0 ]] || fatal "failed to preserve root pasword"
cp -rp /etc/ssh /usbkey/ssh || fatal "failed to set up preserve host keys"
-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com
