Setting date/time on firstboot - Re: Fedora-Xfce-armhfp-21-20140815-sda.raw.xz problems with sshd

[Robert Moskowitz <rgm@xxxxxxxxxxxxxxx>]

I would suspect that a number of armv7 boards lack an RTC, and an old 
date will be bad for a lot of processes beyound just SSH key generation.

So on first boot (and maybe any boot), check the system time.  If it is 
ZERO, then read some file that has the last boot date and update with 
that.  That will more than likely get the system close enough for 
services to start up better until NTP can get the current time.




On 08/15/2014 03:34 PM, Robert Moskowitz wrote:
> My cubieboard2 does not have an rtc, so at boot time the clock is at 
> the epoche start.  Once the network is up, then NTP sets the clock.
>
> So I tried connecting to SSH after the install and got:
>
> Read from socket failed: Connection reset by peer
>
> systemctl status sshd.service, said something about could not read 
> keys, so I checked and found:
>
> # ls /etc/ssh/ -ls
> total 252
> 240 -rw-r--r--. 1 root root     242153 Jul 18 19:50 moduli
>   4 -rw-r--r--. 1 root root       2121 Jul 18 19:50 ssh_config
>   8 -rw-------. 1 root root       4400 Aug 15 14:45 sshd_config
>   0 -rw-r-----. 1 root ssh_keys      0 Dec 31  1969 ssh_host_ecdsa_key
>   0 -rw-r--r--. 1 root root          0 Dec 31  1969 
> ssh_host_ecdsa_key.pub
>   0 -rw-r-----. 1 root ssh_keys      0 Dec 31  1969 ssh_host_ed25519_key
>   0 -rw-r--r--. 1 root root          0 Dec 31  1969 
> ssh_host_ed25519_key.pub
>   0 -rw-r-----. 1 root ssh_keys      0 Dec 31  1969 ssh_host_rsa_key
>   0 -rw-r--r--. 1 root root          0 Dec 31  1969 ssh_host_rsa_key.pub
>
>
> I stopped sshd, deleted the key files, restarted sshd and now:
>
> # ls /etc/ssh/ -ls
> total 272
> 240 -rw-r--r--. 1 root root     242153 Jul 18 19:50 moduli
>   8 -rw-------. 1 root root       4400 Aug 15 14:45 sshd_config
>   4 -rw-r-----. 1 root ssh_keys    227 Aug 15 14:53 ssh_host_ecdsa_key
>   4 -rw-r--r--. 1 root root        162 Aug 15 14:53 
> ssh_host_ecdsa_key.pub
>   4 -rw-r-----. 1 root ssh_keys    387 Aug 15 14:53 ssh_host_ed25519_key
>   4 -rw-r--r--. 1 root root         82 Aug 15 14:53 
> ssh_host_ed25519_key.pub
>   4 -rw-r-----. 1 root ssh_keys   1675 Aug 15 14:53 ssh_host_rsa_key
>   4 -rw-r--r--. 1 root root        382 Aug 15 14:53 ssh_host_rsa_key.pub
>
> And I can connect.
>
> So this is a problem with ssh that it will not properly make the keys 
> when the system date is that old.
>
> related, I move the sshd port, and update SELinux policy with:
>
> semanage port -a -t ssh_port_t -p tcp 1234
>
> and got the following messages:
>
> [ 1828.788735] SELinux:  Permission audit_read in class capability2 
> not defined in policy.
> [ 1828.796870] SELinux: the above unknown classes and permissions will 
> be allowed
> [ 1829.450779] SELinux:  Context 
> system_u:system_r:vbetool_t:s0-s0:c0.c1023 became invalid (unmapped).
> [ 1831.528160] SELinux:  Context 
> system_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid (unmapped).
> [ 1832.890157] SELinux:  Context 
> unconfined_u:system_r:vbetool_t:s0-s0:c0.c1023 became invalid (unmapped).
> [ 1834.966398] SELinux:  Context 
> unconfined_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid 
> (unmapped).
>
> But it seems to have worked.  That is SSH can be reached at the 
> changed port.  And yes, I also did the firewall-cmd for the new port 
> number.

_______________________________________________
arm mailing list
arm@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/arm