----- Original Message ----- > From: "Dave Young" <dyoung@xxxxxxxxxx> > To: "Pingfan Liu" <piliu@xxxxxxxxxx> > Cc: initramfs@xxxxxxxxxxxxxxx, kernelfans@xxxxxxxxx > Sent: Friday, May 26, 2017 11:23:30 AM > Subject: Re: [PATCH] modules.d: introduce ssh-server module to provide service > > Hi Pingfan, > On 05/24/17 at 10:39am, Pingfan Liu wrote: > > When debugging a remote system, sometimes we may experience disk > > failure. In this case, it makes debugging very unconformable if > > there is no console server to forward the dmesg. > > This new module install the sshd-required material in initramfs, > > so later, sshd service can be started and let debugger login. > > There is a Fedora bug below: > https://bugzilla.redhat.com/show_bug.cgi?id=524727 > > Also there is a dropbear solution here, maybe you can compare with that > solution see which one is better, dropbear seems using small memory but > openssh is more popular. > Yeah, that is a good solution. But it is a pity that it has not been accepted. It will be great helpful when debugging drivers etc Thanks, Pingfan > > > > Signed-off-by: Pingfan Liu <piliu@xxxxxxxxxx> > > --- > > 95ssh-server/module-setup.sh | 156 > > +++++++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 156 insertions(+) > > create mode 100755 95ssh-server/module-setup.sh > > > > diff --git a/95ssh-server/module-setup.sh b/95ssh-server/module-setup.sh > > new file mode 100755 > > index 0000000..65e1453 > > --- /dev/null > > +++ b/95ssh-server/module-setup.sh > > @@ -0,0 +1,156 @@ > > +#!/bin/bash > > +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- > > +# ex: ts=8 sw=4 sts=4 et filetype=sh > > + > > +# fixme: assume user is root > > + > > +check() { > > + > > + # If our prerequisites are not met, fail. > > + require_binaries sshd || return 1 > > +} > > + > > +depends() { > > + # We depend on network modules being loaded > > + echo network > > +} > > + > > + > > +copy_pam_conf() > > +{ > > + inst_simple /etc/pam.d/login > > + inst_simple /etc/pam.d/passwd > > + inst_simple /etc/pam.d/password-auth > > + inst_simple /etc/pam.d/password-auth-ac > > + inst_simple /etc/pam.d/sshd > > + inst_simple /etc/pam.d/sssd-shadowutils > > + inst_simple /etc/pam.d/system-auth > > + inst_simple /etc/pam.d/system-auth-ac > > + inst_simple /etc/pam.d/systemd-user > > + inst_simple /etc/pam.d/postlogin > > + inst_simple /etc/pam.d/postlogin-ac > > + inst_simple /etc/pam.d/remote > > + inst_simple /etc/pam.d/setup > > + > > + inst_simple /etc/security/access.conf > > + inst_simple /etc/security/chroot.conf > > + inst_simple /etc/security/console.apps > > + inst_simple /etc/security/console.handlers > > + inst_simple /etc/security/console.perms > > + inst_simple /etc/security/console.perms.d > > + inst_simple /etc/security/group.conf > > + inst_simple /etc/security/limits.conf > > + inst_simple /etc/security/limits.d > > + inst_simple /etc/security/namespace.conf > > + inst_simple /etc/security/namespace.d > > + inst_simple /etc/security/namespace.init > > + inst_simple /etc/security/opasswd > > + inst_simple /etc/security/pam_env.conf > > + inst_simple /etc/security/sepermit.conf > > + inst_simple /etc/security/time.conf > > +} > > + > > +copy_pam_binary() > > +{ > > + inst_simple /usr/lib64/security/pam_access.so > > + inst_simple /usr/lib64/security/pam_chroot.so > > + inst_simple /usr/lib64/security/pam_console.so > > + inst_simple /usr/lib64/security/pam_cracklib.so > > + inst_simple /usr/lib64/security/pam_debug.so > > + inst_simple /usr/lib64/security/pam_deny.so > > + inst_simple /usr/lib64/security/pam_echo.so > > + inst_simple /usr/lib64/security/pam_env.so > > + inst_simple /usr/lib64/security/pam_exec.so > > + inst_simple /usr/lib64/security/pam_faildelay.so > > + inst_simple /usr/lib64/security/pam_faillock.so > > + inst_simple /usr/lib64/security/pam_filter > > + inst_simple /usr/lib64/security/pam_filter.so > > + inst_simple /usr/lib64/security/pam_filter/upperLOWER > > + inst_simple /usr/lib64/security/pam_ftp.so > > + inst_simple /usr/lib64/security/pam_group.so > > + inst_simple /usr/lib64/security/pam_issue.so > > + inst_simple /usr/lib64/security/pam_keyinit.so > > + inst_simple /usr/lib64/security/pam_lastlog.so > > + inst_simple /usr/lib64/security/pam_limits.so > > + inst_simple /usr/lib64/security/pam_listfile.so > > + inst_simple /usr/lib64/security/pam_localuser.so > > + inst_simple /usr/lib64/security/pam_loginuid.so > > + inst_simple /usr/lib64/security/pam_mail.so > > + inst_simple /usr/lib64/security/pam_mkhomedir.so > > + inst_simple /usr/lib64/security/pam_motd.so > > + inst_simple /usr/lib64/security/pam_namespace.so > > + inst_simple /usr/lib64/security/pam_nologin.so > > + inst_simple /usr/lib64/security/pam_permit.so > > + inst_simple /usr/lib64/security/pam_postgresok.so > > + inst_simple /usr/lib64/security/pam_pwhistory.so > > + inst_simple /usr/lib64/security/pam_rhosts.so > > + inst_simple /usr/lib64/security/pam_rootok.so > > + inst_simple /usr/lib64/security/pam_securetty.so > > + inst_simple /usr/lib64/security/pam_selinux.so > > + inst_simple /usr/lib64/security/pam_selinux_permit.so > > + inst_simple /usr/lib64/security/pam_sepermit.so > > + inst_simple /usr/lib64/security/pam_shells.so > > + inst_simple /usr/lib64/security/pam_stress.so > > + inst_simple /usr/lib64/security/pam_succeed_if.so > > + inst_simple /usr/lib64/security/pam_tally2.so > > + inst_simple /usr/lib64/security/pam_time.so > > + inst_simple /usr/lib64/security/pam_timestamp.so > > + inst_simple /usr/lib64/security/pam_tty_audit.so > > + inst_simple /usr/lib64/security/pam_umask.so > > + inst_simple /usr/lib64/security/pam_unix.so > > + inst_simple /usr/lib64/security/pam_unix_acct.so > > + inst_simple /usr/lib64/security/pam_unix_auth.so > > + inst_simple /usr/lib64/security/pam_unix_passwd.so > > + inst_simple /usr/lib64/security/pam_unix_session.so > > + inst_simple /usr/lib64/security/pam_userdb.so > > + inst_simple /usr/lib64/security/pam_warn.so > > + inst_simple /usr/lib64/security/pam_wheel.so > > + inst_simple /usr/lib64/security/pam_xauth.so > > + inst_simple /usr/sbin/faillock > > + inst_simple /usr/sbin/mkhomedir_helper > > + inst_simple /usr/sbin/pam_console_apply > > + inst_simple /usr/sbin/pam_tally2 > > + inst_simple /usr/sbin/pam_timestamp_check > > + inst_simple /usr/sbin/pwhistory_helper > > + inst_simple /usr/sbin/unix_chkpwd > > + inst_simple /usr/sbin/unix_update > > +} > > + > > + > > +inst_pam() > > +{ > > + copy_pam_binary > > + copy_pam_conf > > +} > > + > > +inst_sshd() > > +{ > > + inst_simple /usr/sbin/sshd > > + inst_simple /usr/libexec/openssh/sshd-keygen > > + inst_simple /etc/ssh/sshd_config > > + inst_simple /etc/ssh/ssh_host_rsa_key.pub > > + inst_simple /etc/ssh/ssh_host_rsa_key > > + inst_simple /etc/ssh/ssh_host_ecdsa_key > > + inst_simple /etc/ssh/ssh_host_ecdsa_key.pub > > + inst_simple /etc/ssh/ssh_host_ed25519_key > > + inst_simple /etc/ssh/ssh_host_ed25519_key.pub > > + inst_dir /var/empty/sshd > > + grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd" > > + grep -E '^sshd:' /etc/group >> "$initdir/etc/group" > > + grep -E '^root:' /etc/passwd >> "$initdir/etc/passwd" > > + grep -E '^root:' /etc/group >> "$initdir/etc/group" > > + grep -E '^root:' /etc/shadow >> "$initdir/etc/shadow" > > + inst_simple /root/.ssh/authorized_keys > > + chmod 600 -R ${initdir}/etc/ssh/ > > + inst_simple /etc/sysconfig/sshd > > + inst_simple /usr/lib/systemd/system/sshd-keygen@.service > > + inst_simple /usr/lib/systemd/system/sshd-keygen.target > > + inst_simple /usr/lib/systemd/system/sshd.service > > + inst_simple /usr/lib/systemd/system/sshd@.service > > + inst_simple /usr/lib/systemd/system/sshd.socket > > +} > > + > > +install() { > > + inst_sshd > > + inst_pam > > +} > > -- > > 2.7.4 > > > > -- > > To unsubscribe from this list: send the line "unsubscribe initramfs" in > > the body of a message to majordomo@xxxxxxxxxxxxxxx > > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe initramfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
