Subject: ssh login via mgetty
To: None <netbsd-help@netbsd.org>
From: Gan Uesli Starling <oinkfreebiker@att.net>
List: netbsd-help
Date: 09/30/2001 10:18:00
I have found an instruction for ssh login via mgetty, but it is for
Red Hat Linux, here is the link...
http://etherboot.sourceforge.net/doc/html/sshterminal.html
...and below I'll quote text of that link. I suppose that this can be made
to work on NetBSD (of course?). Can someone tell me how I should do it
differently for NetBSD 1.5.1? I will be wanting to do it over a modem using
mgetty's auto-answer feature. I have had some difficulty getting ppp
authentication to work without SSH. I also have some questions.
Q1. Will SSH replace the PPP authentication or will it work in addition to
PPP authentication?
Q2. After I get it working so that a NetBSD client can call into NetBSD as
the server, will I be able to get a Win2K client to call into NetBSD as
the server? [Know that I can now already do this over ethernet. So the
question is: Will mgetty, used like this, get in the way?]
...Here below begins the text of the instruction for Red Hat Linux. I have
inserted, in brackets, a question or two, like so [Blah blah blah.]...
Serving SSH Sessions
Ken Yap, ken_yap@users.sourceforge.net7 January 1999
This document shows how to provide a login session that directly connects to
remote hosts with SSH.
I wanted a login program that would connect the user directly to a remote
host with SSH. At first I thought of writing my own login program, then I
remembered that mgetty could be configured to call any login program. So
here's what I did:
In /etc/mgetty+sendfax/login.config I added the line:
*@* sshguest @ /usr/local/etc/mgetty-ssh @
[ This goes in /usr/pkg/etc/mgetty+sendfax/login.config ?]
[ And I can put the script in /usr/pkg/etc/mgetty-ssh.pl ?]
------------------------------
In /etc/inittab I added the line:
8:35:respawn:/sbin/mgetty -r tty8
I picked a free virtual tty, you may want to expand this to other ttys later.
[ I can instead put this...
# tty00 is USR external modem with mgetty+sendfax running on it.
tty00 "/usr/pkg/sbin/mgetty -D -s 115200" dialup on insecure
...in /etc/ttys ? And it won't interfer with normal use of modem for dial
out? I can't be two places at once, so I'd never need to do both at once.
]
------------------------------
In /etc/mgetty+sendfax/mgetty.config I added the lines:
port tty8
toggle-dtr n
ignore-carrier y
blocking y
direct y
login-time -1
------------------------------
I added this user to /etc/passwd:
sshguest:*:199:199:SSH guest:/tmp:
If you are using shadow passwords you should also add an entry to
/etc/shadow.
[ I have no clue about this. Is it the same? ]
------------------------------
The mgetty-ssh Perl script mentioned above is:
#!/usr/bin/perl
die "No argument\n" if !defined($ARGV[0]);
($name, $host) = split /@/, $ARGV[0];
# remove leading non-alphanums from name and host to prevent
# masquerading as arguments
$name =~ s/^[^a-z0-9]*//;
$host =~ s/^[^a-z0-9]*//;
# remove whitespace as well
$name =~ s/[ \t\f]//g;
$host =~ s/[ \t\f]//g;
# limit length of strings
$name = substr($name, 0, 64);
$host = substr($host, 0, 256);
# do we have anything left?
die "Name or host null\n" if ($name eq '' or $host eq '');
exec '/usr/bin/ssh', '-e', 'none', '-o', 'FallBackToRsh=no',
'-o', 'StrictHostKeyChecking=yes', '-l', $name, $host;
Make sure this script is executable. If you are concerned that Perl takes up
too much resources for a transient script, feel free to write the C
equivalent.
------------------------------
Make sure any remote hosts you want to connect to have their public keys in
/etc/ssh/ssh_known_hosts
[ No problem here, I don't think.]
------------------------------
Now on tty8 enter user@remote as the login name. You will get the following:
Red Hat Linux release 5.2 (Apollo)
Kernel 2.0.36 on an i486
login: user@remote
user@remote's password:
Last login: Fri Dec 25 10:34:12 1998 from xterm.foo.com.au
No mail.
[user@remote user]$
[ This does not look like a dial-in event. It looks like they just pressed
CTRL-ALT-F8 or something. Would it be the same when mgetty answers the
telco line?
]
------------------------------