Port-arm archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Booting NSLU2 without using the serial port

Hubert Feyrer wrote:
To login as root via ssh, you have to set "PermitRootLogin yes" in /etc/ssh/sshd_config. For the password, just clear the second field in .../nfsroot/etc/master.passwd and .../nfsroot/etc/passwd. If that's not enough, rm the {s,}pwd.db files in there. The log in, and set a root password - that will rebuild the {s,}pwd.db files.

You can also try using pwd_mkdb(8), which may work as well.

When you're logged in as root and have set your new root password, do create a normal user account with useradd(8), give it a password. Add the normal user account to the "wheel" group in /etc/group, then make sure you can login as the user and use su(1) to switch to root. After that, disable root logins again.

BTW, if someone would come up with a full install doc for the NSLU, that'd be very much appreciated!

 - Hubert
Success at last:

$ telnet slug1
Connected to slug1.
Escape character is '^]'.

NetBSD/evbarm (slug1) (ttyp0)

login: root
Last login: Sat Feb 16 18:10:54 2008 from nfsserver on ttyp0
Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
   2006, 2007, 2008
   The NetBSD Foundation, Inc.  All rights reserved.
Copyright (c) 1982, 1986, 1989, 1991, 1993
   The Regents of the University of California.  All rights reserved.

NetBSD 4.99.54 (NSLU2-nfs) #0: Fri Feb 15 23:04:29 EST 2008

Welcome to NetBSD!
Terminal type is xterm. We recommend creating a non-root account and using su(1) for root access.

I generally followed the build procedure described in <http://mail-index.netbsd.org/port-arm/2008/02/14/msg000060.html>. I used <http://www.netbsd.org/docs/network/netboot/index.html> & <http://www.netbsd.org/docs/network/netboot/files.nocons.html> to setup the nfs file system (host export file, client root and swap, client etc files and the like). I then followed Hubert's advice above. Still not quite. But after some serious googling, it finally worked. I think everything one needs is contained in the three links above and the info below.

Here is a (long) diff between the orig /etc directory (which I copied to /orig.etc before I started mucking around) and the one that finally let me telnet in as root. I added some line feeds to make it more readable. Probably a few of the changes are unnecessary - when I get more time, I'll trim this down to the bare essentials.
$ diff -u -r /orig.etc /etc

Only in etc: fstab

diff -r -u etc/group orig.etc/group
--- etc/group    2008-02-16 11:57:19.000000000 -0500
+++ orig.etc/group    2008-02-16 10:29:34.000000000 -0500
@@ -1,4 +1,4 @@

diff -r -u etc/hosts orig.etc/hosts
--- etc/hosts    2008-02-16 10:37:56.000000000 -0500
+++ orig.etc/hosts    2008-02-16 10:29:34.000000000 -0500
@@ -14,6 +14,3 @@
-    nfsserver
-    slug1

Only in etc: ifconfig.npe0

diff -r -u etc/inetd.conf orig.etc/inetd.conf
--- etc/inetd.conf    2008-02-16 12:17:17.000000000 -0500
+++ orig.etc/inetd.conf    2008-02-16 10:29:34.000000000 -0500
@@ -8,8 +8,8 @@
#http stream tcp6 nowait:600 _httpd /usr/libexec/httpd httpd /var/www #ftp stream tcp nowait root /usr/libexec/ftpd ftpd -ll #ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll -telnet stream tcp nowait root /usr/libexec/telnetd telnetd -telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd +#telnet stream tcp nowait root /usr/libexec/telnetd telnetd -a valid +#telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd -a valid #shell stream tcp nowait root /usr/libexec/rshd rshd -L #shell stream tcp6 nowait root /usr/libexec/rshd rshd -L #login stream tcp nowait root /usr/libexec/rlogind rlogind -L

Only in etc/mail: aliases.db

diff -r -u etc/master.passwd orig.etc/master.passwd
--- etc/master.passwd    2008-02-16 11:56:54.000000000 -0500
+++ orig.etc/master.passwd    2008-02-16 10:29:34.000000000 -0500
@@ -16,4 +16,3 @@
_httpd:*:24:24::0:0:& pseudo-user:/var/www:/sbin/nologin
uucp:*:66:1::0:0:UNIX-to-UNIX Copy:/nonexistent:/sbin/nologin
nobody:*:32767:39::0:0:Unprivileged user:/nonexistent:/sbin/nologin

diff -r -u etc/motd orig.etc/motd
--- etc/motd    2008-02-16 11:00:40.000000000 -0500
+++ orig.etc/motd    2008-02-16 10:29:34.000000000 -0500
@@ -1,4 +1,4 @@
-NetBSD 4.99.54 (NSLU2-nfs) #0: Fri Feb 15 23:04:29 EST 2008

Welcome to NetBSD!

Only in etc: orig.pwd.db
Only in etc: orig.spwd.db

diff -r -u etc/passwd orig.etc/passwd
--- etc/passwd    2008-02-16 13:10:17.000000000 -0500
+++ orig.etc/passwd    2008-02-16 10:29:34.000000000 -0500
@@ -16,4 +16,3 @@
_httpd:*:24:24:& pseudo-user:/var/www:/sbin/nologin
uucp:*:66:1:UNIX-to-UNIX Copy:/nonexistent:/sbin/nologin
nobody:*:32767:39:Unprivileged user:/nonexistent:/sbin/nologin

Binary files etc/pwd.db and orig.etc/pwd.db differ

diff -r -u etc/rc.conf orig.etc/rc.conf
--- etc/rc.conf    2008-02-16 10:37:10.000000000 -0500
+++ orig.etc/rc.conf    2008-02-16 10:29:34.000000000 -0500
@@ -15,14 +15,7 @@

# If this is not set to YES, the system will drop into single-user mode.

# Add local overrides below

diff -r -u etc/rc.local orig.etc/rc.local
--- etc/rc.local    2008-02-16 12:30:55.000000000 -0500
+++ orig.etc/rc.local    2008-02-16 10:29:34.000000000 -0500
@@ -19,5 +19,4 @@
#    /usr/pkg/etc/rc.d/apache start

-/usr/sbin/pwd_mkdb -p /etc/master.passwd
echo '.'

Binary files etc/spwd.db and orig.etc/spwd.db differ

diff -r -u etc/ssh/sshd_config orig.etc/ssh/sshd_config
--- etc/ssh/sshd_config    2008-02-16 12:42:15.000000000 -0500
+++ orig.etc/ssh/sshd_config    2008-02-16 10:29:34.000000000 -0500
@@ -38,7 +38,7 @@

# Slow machines or long keys may require more processing time.
LoginGraceTime 600
-PermitRootLogin yes
+#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

@@ -57,8 +57,8 @@
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no
-PermitEmptyPasswords yes
+#PasswordAuthentication yes
+#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
Only in etc/ssh: ssh_host_dsa_key
Only in etc/ssh: ssh_host_dsa_key.pub
Only in etc/ssh: ssh_host_key
Only in etc/ssh: ssh_host_key.pub
Only in etc/ssh: ssh_host_rsa_key
Only in etc/ssh: ssh_host_rsa_key.pub

diff -r -u etc/ttys orig.etc/ttys
--- etc/ttys    2008-02-16 13:09:22.000000000 -0500
+++ orig.etc/ttys    2008-02-16 10:29:34.000000000 -0500
@@ -5,12 +5,11 @@
# name    getty                type    status        comments
console    "/usr/libexec/getty default"    vt100    on secure
-ttyp0    "/usr/libexec/getty default"    vt100    off secure
ttyE0    "/usr/libexec/getty Pc"        vt220    off secure
ttyE1    "/usr/libexec/getty Pc"        vt220    off secure
ttyE2    "/usr/libexec/getty Pc"        vt220    off secure
ttyE3    "/usr/libexec/getty Pc"        vt220    off secure
-tty00    "/usr/libexec/getty default"    vt100    off secure
+tty00    "/usr/libexec/getty default"    unknown off secure
tty01    "/usr/libexec/getty default"    unknown off secure
tty02    "/usr/libexec/getty default"    unknown off secure
tty03    "/usr/libexec/getty default"    unknown off secure

Thanks all for your help, Don

Home | Main Index | Thread Index | Old Index