View previous topic :: View next topic |
Author |
Message |
Zucca Moderator
Joined: 14 Jun 2007 Posts: 3698 Location: Rasi, Finland
|
Posted: Tue Mar 30, 2021 7:57 pm Post subject: Enable remote access in initramfs |
|
|
As some of you know I've been in custom initramfs frenzy lately.
Now I'm planning one for my server. It's mostly headless. Meaning I don't usually have any monitor attached to it.
So if an error occurs while on initramfs phase I have set an emergency shell to be spawned. But before that I'd like to start some simple remote login daemon. busybox has telnet, but I'd like avoid it. Then there's tinysshd and dropbear.
I'm now gathering opinions and ideas on how to implement it. Anyone of you have experience on setting such thing up? _________________ ..: Zucca :..
My gentoo installs: | init=/sbin/openrc-init
-systemd -logind -elogind seatd |
Quote: | I am NaN! I am a man! |
|
|
Back to top |
|
|
erm67 l33t
Joined: 01 Nov 2005 Posts: 653 Location: EU
|
|
Back to top |
|
|
sdauth l33t
Joined: 19 Sep 2018 Posts: 650 Location: Ásgarðr
|
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3431
|
Posted: Tue Mar 30, 2021 11:33 pm Post subject: |
|
|
Quote: | I'm now gathering opinions and ideas on how to implement it. Anyone of you have experience on setting such thing up? | Dunno. Maybe _just_ do it?
I went the lazy, tried and true way and simply dropped full blown openssh in there, along with glibc, and a bunch of other tools that allow me to install a brand new system starting with a piece of nothing, as long as the network connection comes up.
Handy thing. Did a few hundred automated installations already, and I'm going to bump that number by another ~300 very soon.
Some tricks used:
* Kernel boot command line is a great way to configure the init script. If you use key=value format, kernel will even convert those tokens to directly accessible variables. You can use it configure network, insert a public key for ssh login.
* Sshd generates its keys during startup. This requires quite a bit of entropy, which you don't have yet, since you're just booting up. Rumor says that you can write something to /dev/random or /dev/urandom to increase the entropy available, but that trick never worked for me. Haveged didn't work for me either. Flooding the default GW with 500 pings over a few seconds did. As a bonus, you're updating gw's ARP table, which is good in some corner cases. This will probably apply to dropbear too
* Give the whole thing some distinct name. It will help you notice some types of failures early, since it's a part of the standard prompt (and can be easily queried by applications, should you wish to run destructive commands unsupervised) |
|
Back to top |
|
|
Zucca Moderator
Joined: 14 Jun 2007 Posts: 3698 Location: Rasi, Finland
|
Posted: Wed Mar 31, 2021 8:39 am Post subject: |
|
|
szatox wrote: | * Kernel boot command line is a great way to configure the init script. If you use key=value format, kernel will even convert those tokens to directly accessible variables. You can use it configure network, insert a public key for ssh login. | Guess who just wrote a short parser for /proc/cmdline? Anyways. So kernel actually exports those variables to the environment? Nice!
szatox wrote: | * Sshd generates its keys during startup. This requires quite a bit of entropy, which you don't have yet, since you're just booting up. Rumor says that you can write something to /dev/random or /dev/urandom to increase the entropy available, but that trick never worked for me. Haveged didn't work for me either. Flooding the default GW with 500 pings over a few seconds did. As a bonus, you're updating gw's ARP table, which is good in some corner cases. This will probably apply to dropbear too | Yeah. I need to come up something which generates entropy...
Thanks for the tips!
As for the laziness... I'm too. I'm not gonna make a seperate environment for musl libc and friends just to build slightly smaller initramfs. In fact I think it might be safer to take the parts of a currenly running system, which works. Basically the initramfs then becomes a subset of the running system. ;)
Currently if I seek for faster boot times I'd need to look at the kernel. That's what's bloated if any. ;P _________________ ..: Zucca :..
My gentoo installs: | init=/sbin/openrc-init
-systemd -logind -elogind seatd |
Quote: | I am NaN! I am a man! |
|
|
Back to top |
|
|
Goverp Advocate
Joined: 07 Mar 2007 Posts: 2179
|
Posted: Wed Mar 31, 2021 11:09 am Post subject: |
|
|
Zucca wrote: | ...Yeah. I need to come up something which generates entropy... |
I recently noticed my kernel config omitted CONFIG_CRYPTO_JITTERENTROPY - not sure if it's a new one, but it's another source.
I decided to trust my cpu's hardware random number generator. Plenty of entropy to add to the pool. If GCHQ or the NSA wish to invade my machine, I'm sure they're already listening. (Hi Cheltenham!) _________________ Greybeard |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3431
|
Posted: Fri Apr 02, 2021 11:29 am Post subject: |
|
|
Zucca wrote: | szatox wrote: | * Kernel boot command line is a great way to configure the init script. If you use key=value format, kernel will even convert those tokens to directly accessible variables. You can use it configure network, insert a public key for ssh login. | Guess who just wrote a short parser for /proc/cmdline? Anyways. So kernel actually exports those variables to the environment? Nice!
|
Why, me, of course. Just a few years ago
And then I couldn't make it work the same way somewhere else.
And then I realized it didn't work in the first script either... And yet I could access all the variables I required..... |
|
Back to top |
|
|
Zucca Moderator
Joined: 14 Jun 2007 Posts: 3698 Location: Rasi, Finland
|
Posted: Fri Apr 02, 2021 12:29 pm Post subject: |
|
|
I wonder if you just set something on the kernel command line without "="... Then does kernel set said variable on the environment but with null/empty value. I guess I'll test it out soon and report back. _________________ ..: Zucca :..
My gentoo installs: | init=/sbin/openrc-init
-systemd -logind -elogind seatd |
Quote: | I am NaN! I am a man! |
|
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9824 Location: almost Mile High in the USA
|
Posted: Fri Apr 02, 2021 2:28 pm Post subject: |
|
|
As far as I can tell, anything typed in the grub command line is copied straight into cmdline. Whether your initramfs deals with that is the question.
I end up going old school and parsing the cmdline manually and having a
Code: | linux root=/dev/sda1 wtfbbqrescuemode init=/bin/bash |
detects in the initramfs and can be acted upon. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
|