preserve ssh cert and user base across boots?


Forum: Other Help Topics
Topic: preserve ssh cert and user base across boots?
started by: bjhbjh

Posted by bjhbjh on June 23 2008,01:38
Hi,

I am booting from the cd with no hd installed and a thumb drive as my repository for settings etc. My files and IP settings are saved across reboots but my SSH certificate and my ssh user's and passwords go missing when I reboot.

How can I preserve these for use after a reboot?


Thanks,

Brian H.
Uxbridge Ont.

Posted by ^thehatsrule^ on June 23 2008,02:41
Save the keys from /etc/ssh and user/passwords from /etc/shadow and /etc/passwd then start the daemon from bootlocal.sh (add '/etc/init.d/ssh start') iirc
or if not, there's a forum search :)

Posted by bjhbjh on June 23 2008,14:51
Thanks, that all works great !

Is there a way to suppress the CD eject at a reboot ?

Brian H.
Uxbridge Ont

Posted by curaga on June 23 2008,15:37
The cheatcode "noeject" :)
Posted by bjhbjh on June 23 2008,18:21
Quote
The cheatcode "noeject"


How do I invoke that at a reboot?

How do I invoke that at an ssh session reboot?

Or was this a joke ? I don't see 'noeject' in the < DSL Wiki list > of cheat  codes.

I need something that will persist across reboots so I don't have to  remember to do it if I reboot remotely a year from now.

Thanks,

Brian H.

Posted by chaostic on June 23 2008,18:26
Quote (bjhbjh @ June 23 2008,14:21)
Quote
The cheatcode "noeject"


How do I invoke that at a reboot?

How do I invoke that at an ssh session reboot?

Or was this a joke ? I don't see 'noeject' in the < DSL Wiki list > of cheat  codes.

I need something that will persist across reboots so I don't have to  remember to do it if I reboot remotely a year from now.

Thanks,

Brian H.

Just because it's not in the wiki (yet) does not mean it is not used/true.

For a reboot, you would have to enter it in again at the boot menu, within the 30 second timeout, or it will use the default options, which does not include "noeject".

Same thing for an ssh session reboot.

Or, you can always launch with the cheatcode "frugal", which also skips the cd ejection at the end (Along with alot of other things)

Posted by curaga on June 23 2008,18:58
As the wiki is user-maintained, it tends to be out of sync (a lot unfortunately). Some cheatcodes have never been mentioned anywhere near here, but can be found when adventuring deep in DSL ;)

It's no joke, it works. You can also edit your bootloader config file to include it among the other bootcodes.

Posted by bjhbjh on June 24 2008,16:12
Quote
For a reboot, you would have to enter it in again at the boot menu, within the 30 second timeout, or it will use the default options, which does not include "noeject".

Same thing for an ssh session reboot.


Ok, I seem to be missing something here. Please bear with me if I am being stupid.

If I am at a remote ssh session, perhaps miles away, and I call for a reboot, how do I enter the 'noeject' cheatcode at the local boot menu ?

Or perhaps I didn't make my intent clear from the outset. I want to make this thing come back to life, as configured, un attended in the event of either a local power interruption or a user invoked reboot from an ssh remote session.

So far I can do all this EXCEPT that the cd ejects and waits for someone to put it back in when the system is rebooted remotely.

How can I stop this from happening that does not require local console user intervention?

Thanks,

Brian H.

Posted by Jason W on June 24 2008,16:37
I have this kind of setup with my server, and there are several ways of going about it.  But if you are wanting to run the cd as a live cd (no frugal or regular install) then the easiest thing to do is to do a remaster and alter the /boot/isolinux/isolinux.cfg file to default boot with your preferences.
Posted by chaostic on June 24 2008,17:36
Quote (bjhbjh @ June 24 2008,12:12)
Quote
For a reboot, you would have to enter it in again at the boot menu, within the 30 second timeout, or it will use the default options, which does not include "noeject".

Same thing for an ssh session reboot.


Ok, I seem to be missing something here. Please bear with me if I am being stupid.

If I am at a remote ssh session, perhaps miles away, and I call for a reboot, how do I enter the 'noeject' cheatcode at the local boot menu ?

Or perhaps I didn't make my intent clear from the outset. I want to make this thing come back to life, as configured, un attended in the event of either a local power interruption or a user invoked reboot from an ssh remote session.

So far I can do all this EXCEPT that the cd ejects and waits for someone to put it back in when the system is rebooted remotely.

How can I stop this from happening that does not require local console user intervention?

Thanks,

Brian H.

Aside from remastering like Jason suggested, you can also install to a flash drive, which would get rid of the ejecting problem, allow for easier (imho) changes to the default boot settings, and some extra storage space.


But, as a side note, all my computers have, without fail, forced closed the cd drive if it is open on boot/reboot.

Or is your problem really about the "Remove cd and press enter to finish rebooting/shutting down" message (Which afaik, wasn't required on reboot, only on shutdown, but I've been on a usb boot for so long I've forgotten.)

Posted by ^thehatsrule^ on June 24 2008,18:49
You can edit the shutdown scripts (in /etc/rc0.d/ - esp see S90knoppix-halt)
or somehow change your boot options (/proc/cmdline - probably will need some remounting magic)

Posted by curaga on June 24 2008,19:47
You can write to /proc/cmdline? How? Never heard of that being possible..
Posted by bjhbjh on June 25 2008,14:40
Quote
Or is your problem really about the "Remove cd and press enter to finish rebooting/shutting down" message


Yes, that is the issue I'd like to avoid.

Not a problem when the power fails and returns but it IS a problem if I issue a 'restart' / 'reboot' (can't remember which is correct but you get my drift) command from a remote SSH session.

I'll try your install to MemKey suggestion, since I don't have an HD present on this box.

Thanks,

Brian H.

Posted by ^thehatsrule^ on June 25 2008,17:04
Quote (curaga @ June 24 2008,19:47)
You can write to /proc/cmdline? How? Never heard of that being possible..

Never did it before... searchstring "write to /proc" gave me < this >

Guess it's more complicated than I thought.

Posted by chaostic on June 26 2008,01:17
Quote (bjhbjh @ June 25 2008,10:40)
Quote
Or is your problem really about the "Remove cd and press enter to finish rebooting/shutting down" message


Yes, that is the issue I'd like to avoid.

Not a problem when the power fails and returns but it IS a problem if I issue a 'restart' / 'reboot' (can't remember which is correct but you get my drift) command from a remote SSH session.

I'll try your install to MemKey suggestion, since I don't have an HD present on this box.

Thanks,

Brian H.

I made a quick script you can use to prevent the ejecting. You just need a way of running it before you issue a reboot.


Code Sample

#!/bin/bash
#
# Quickly change knoppix-reboot to prevent cd eject
#

# Remove sym-link to /KNOPPIX/ copy from /ramdisk/ copy
sudo rm -r /etc/init.d/knoppix-reboot &&

# Copy original RC script to /ramdisk/ copy
# sudo cp /KNOPPIX/etc/init.d/knoppix-reboot /etc/init.d/knoppix-reboot &&
sudo cat  > /tmp/knoppix-reboot << COSMIC &&
#!/bin/sh

PATH=/sbin:/bin:/usr/bin:/usr/sbin
export PATH

exec >/dev/console 2>&1 </dev/console

NORMAL="^[[0;39m"
RED="^[[1;31m"
GREEN="^[[1;32m"
YELLOW="^[[1;33m"
BLUE="^[[1;34m"
MAGENTA="^[[1;35m"
CYAN="^[[1;36m"
WHITE="^[[1;37m"
                                       
stringinstring(){
 case "$2" in *$1*) return 0;; esac
 return 1
}

INSTALLED=""
TORAM=""
FRUGAL=""
[ -e /KNOPPIX/bin/ash ] || INSTALLED=yes

if [ -e /etc/sysconfig/toram ]; then
 INSTALLED=yes
 TORAM=yes
fi
if [ -e /etc/sysconfig/frugal ]; then
 INSTALLED=yes
 FRUGAL=yes
fi

case "$0" in
 *halt)
       message="
${YELLOW}DSL halted.${NORMAL}"
       command="halt"
       options="-p -d -i -f"
       ;;
 *reboot)
       message="${GREEN}Preparing for reboot...${NORMAL}"
       command="reboot"
       options="-r -d -i -f"
       ;;
 *)
       echo "$0: call this script as \"halt\" or \"reboot\" please!"
       exit 1
       ;;
esac

[ -n "$INSTALLED" ] || options="$options -n"

mysleep() {
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
do
usleep 75000
echo -n "$1.${NORMAL}"
done
echo ""
}

if [ -x /opt/powerdown.sh ]; then
 /opt/powerdown.sh
fi

echo "0" > /proc/sys/kernel/printk

if pidof cardmgr >/dev/null 2>&1; then
echo -n "${BLUE}Shutting down PCMCIA devices...${NORMAL}"
cardctl eject >/dev/null 2>&1
sleep 2
echo ""
fi

killall5 -15
sleep 1
echo -n "${BLUE}Sent all processes the TERM signal...${NORMAL}"
mysleep "$BLUE"

killall5 -9
sleep 1
echo -n "${RED}Sent all processes the KILL signal...${NORMAL}"
mysleep "$RED"

NETMOUNTS="$(awk '{if($1~/:/){print $2}}' /proc/mounts 2>/dev/null)"
if [ -n "$NETMOUNTS" ]; then
echo "${BLUE}Unmounting network filesystems.${NORMAL}"
umount -t nfs -arvf 2>/dev/null
fi

NETDEVICES="$(awk -F: '/eth.:/{print $1}' /proc/net/dev 2>/dev/null)"
if [ -n "$NETDEVICES" ]; then
pidof pump >/dev/null 2>&1 && { pump -k; sleep 2; }
echo -n "${BLUE}Shutting down network device${NORMAL}"
for n in $NETDEVICES; do
echo -n " ${MAGENTA}$n${NORMAL}
ifconfig $n down
done
echo ""
fi

NOPROMPT=""
read CMDLINE <<EOT
$(cat /proc/cmdline 2>/dev/null)
EOT
case "$CMDLINE" in *noprompt*) NOPROMPT="yes";;; esac
FINALCMD="/sbin/$command"
if [ -z "$INSTALLED" -a -z "$NOPROMPT" ]; then
[ -x /etc/init ] || cp -p /sbin/init /etc/
[ -x /etc/init ] && FINALCMD="/etc/init"
fi

if [ -n "$FRUGAL" ]; then
  stringinstring "KNOPPIX" "$FINALCMD" || FINALCMD="/KNOPPIX$FINALCMD"
fi
if [ -n "$TORAM" ]; then
  stringinstring "KNOPPIX" "$FINALCMD" || FINALCMD="/KNOPPIX$FINALCMD"
fi

swapoff -a >/dev/null 2>&1

echo "${BLUE}Unmounting file systems.${NORMAL}"
NOEJECT=""
read CMDLINE <<EOT
$(cat /proc/cmdline 2>/dev/null)
EOT
case "$CMDLINE" in *noeject*) NOEJECT="yes";;; esac
for dev in /proc/sys/dev/cdrom*/lock; do [ -f "$dev" ] && echo 0 > "$dev"; done

cd /

umount -arvf 2>/dev/null
if [ "$?" != "0" ]; then
for i in /dev/loop*; do losetup -d $i 2>/dev/null; done
umount -arf 2>/dev/null
fi

rmmod -a >/dev/null 2>&1

[ -n "$INSTALLED" ] && mount -o remount,ro / 2>/dev/null

echo "$message" >/dev/console

exec $FINALCMD $options 2>/dev/null
COSMIC

# Move temp file to final spot
sudo mv /tmp/knoppix-reboot /etc/init.d/knoppix-reboot &&

# Recreate symlink from RC6.d to /ramdisk/ copy instead of to /KNOPPIX/ copy
sudo ln -sf /etc/init.d/knoppix-reboot /etc/rc6.d/S90knoppix-reboot &&

echo "Should be done. Enjoy :)" || echo "Something failed :("


Copy that entire thing into a file, and then "chmod 755 [filename]".

Everything uses sudo. If it fails, it should tell you. All it does, is removes the original symlink, creates a new temp copy (I tried to use a diff/patch, but it kept failing for no reason, only inside of the script), moves it over, then replaces a second symlink. Let me know if it works.

The gist of it is that I removed the actions of ejecting the cd and waiting for enter to be pressed.

It would still be better to try a usb flash drive, imho.

Edit: This copy of the reboot script is from 3.4.11, so I don't know if 4.x has any differences.

Posted by Jason W on June 26 2008,02:18
Were drifting off topic, but another trick for a remote reboot without ejecting cd would be these commands through an ssh terminal:

# rm /etc/init.d/knoppix-reboot
# cp /KNOPPIX/etc/init.d/knoppix-reboot /etc/init.d/
# sed -i "151,153d" /ramdisk/etc/init.d/knoppix-reboot
# reboot

Pretty much does the same thing.

Posted by chaostic on June 26 2008,03:26
Quote (Jason W @ June 25 2008,22:18)
Were drifting off topic, but another trick for a remote reboot without ejecting cd would be these commands through an ssh terminal:

# rm /etc/init.d/knoppix-reboot
# cp /KNOPPIX/etc/init.d/knoppix-reboot /etc/init.d/
# sed -i "151,153d" /ramdisk/etc/init.d/knoppix-reboot
# reboot

Pretty much does the same thing.

Well, yea, if you want to do it the easy way >_>

Also, those need to be done as sudo or as root.
*Note to self, kill sed*

Anyway, does dsl not use the rc6.d scripts?

Posted by Jason W on June 26 2008,10:36
I'm sure it uses the /etc/rc6.d/S90knoppix-reboot script as it is a symlink to the one in /etc/init.d.
Posted by bjhbjh on June 26 2008,11:16
Thanks for all the good suggestions folks.

Tried installing to a memkey but since my mobo is old I can't boot from USB so I think that is out.

I bit the bullet and slapped an HD into the box and installed to that. Now I can reboot without an eject and my other settings all persist so I think I am happy.

Thanks again for all the help.

Brian H.
Uxbridge Ont

Posted by chaostic on June 26 2008,12:42
Quote (Jason W @ June 26 2008,06:36)
I'm sure it uses the /etc/rc6.d/S90knoppix-reboot script as it is a symlink to the one in /etc/init.d.

Atleast on my frugal 3.4.11 install, the /etc/rc6.d/S90knoppix-reboot script is actually symlinked to /KNOPPIC/etc/init.d/knoppix-reboot (as is every other file in /etc/rc*.d/ and /etc/init.d/)
Posted by Jason W on June 26 2008,18:13
Good point.  I was using version 4.4.2 which I thought symlinks to /etc/init.d.  So replacing the symlink in /etc/rc6.d  with one pointing to /etc/init.d may be the way to go for DSL 3.x.  If I was going to reboot a live cd from a distance with any degree of regularity I would opt for the remaster if there is no option for a frugal or traditional HD install.  Less risky.  But these tricks could come in handy for an unplanned remote reboot.
Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.