quico-os-setup/arch-zbm
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity

Add SSH to ZBM bootloader #6

New Issue
Closed
opened 2023-10-22 14:25:34 +00:00 by hygienic-books · 5 comments
hygienic-books commented 2023-10-22 14:25:34 +00:00
Owner
Copy Link
No description provided.
hygienic-books commented 2023-10-29 00:10:15 +00:00
Author
Owner
Copy Link

Findings:

Install mkinitcpio-nfs-utils
# Add net hook to mkinitcpio.conf
sed -e '/HOOKS=/a HOOKS+=(net)' -i /etc/zfsbootmenu/mkinitcpio.conf
# In config.yaml change Kernel.CommandLine, e.g.
# CommandLine: "ro quiet loglevel=0 ip=:::::eth0:dhcp"
Install dropbear
# Create custom key
dropbearkey -t ed25519 -f "/etc/dropbear/dropbear_ed25519_host_key"
# Add pub keys to /etc/dropbear/root_key
Install mkinitcpio-dropbear
# Adjust /usr/lib/initcpio/install/dropbear
# https://github.com/grazzolini/mkinitcpio-dropbear/pull/10/files
# Also maybe adjust port in /usr/lib/initcpio/hooks/dropbear
# Add dropbear hook to mkinitcpio.conf
sed -e '/HOOKS=/a HOOKS+=(dropbear)' -i /etc/zfsbootmenu/mkinitcpio.conf
generate-zbm

When done ZBM does not activate nor configure eth0. Can Ctrl+R into ZBM rescue shell then manually:

ip link set eth0 up
ip a a 1.1.1.2/24 dev eth0
ip route add default via 1.1.1.1

And also manually:

dropbear -E -s -j -k

Connections are then open, cannot connect with:

ssh root@1.1.1.2

Need to instead:

ssh root@1.1.1.2 "/bin/bash -i"
# And apparently also
export TERM=linux

But ZBM then doesn't find kernels to boot

Findings: ``` Install mkinitcpio-nfs-utils # Add net hook to mkinitcpio.conf sed -e '/HOOKS=/a HOOKS+=(net)' -i /etc/zfsbootmenu/mkinitcpio.conf # In config.yaml change Kernel.CommandLine, e.g. # CommandLine: "ro quiet loglevel=0 ip=:::::eth0:dhcp" Install dropbear # Create custom key dropbearkey -t ed25519 -f "/etc/dropbear/dropbear_ed25519_host_key" # Add pub keys to /etc/dropbear/root_key Install mkinitcpio-dropbear # Adjust /usr/lib/initcpio/install/dropbear # https://github.com/grazzolini/mkinitcpio-dropbear/pull/10/files # Also maybe adjust port in /usr/lib/initcpio/hooks/dropbear # Add dropbear hook to mkinitcpio.conf sed -e '/HOOKS=/a HOOKS+=(dropbear)' -i /etc/zfsbootmenu/mkinitcpio.conf generate-zbm ``` When done ZBM does not activate nor configure `eth0`. Can `Ctrl+R` into ZBM rescue shell then manually: ``` ip link set eth0 up ip a a 1.1.1.2/24 dev eth0 ip route add default via 1.1.1.1 ``` And also manually: ``` dropbear -E -s -j -k ``` Connections are then open, cannot connect with: ``` ssh root@1.1.1.2 ``` Need to instead: ``` ssh root@1.1.1.2 "/bin/bash -i" # And apparently also export TERM=linux ``` But ZBM then doesn't find kernels to boot
hygienic-books commented 2023-10-30 03:39:54 +00:00
Author
Owner
Copy Link
  • Explain ServerAliveCountMax and ServerAliveInterval
  • We want /usr/sbin/dropbear -E -s -j -k -K 1 -p <n>
  • ssh -o ServerAliveInterval=3 -o ServerAliveCountMax=0 <addr> -p <port>
  • Automatic patching
# https://wiki.archlinux.org/title/Mkinitcpio#Using_net
1  <client-ip>
2  <server-ip>
3  <gw-ip>
4  <netmask>
5  <hostname>
6  <device>
7  <autoconf>
8  <dns0-ip>
9  <dns1-ip>
10 <ntp0-ip>

# https://wiki.archlinux.org/title/Mkinitcpio#Using_net
# links to:
# https://docs.kernel.org/admin-guide/nfs/nfsroot.html
1  <client-ip>
2  <server-ip>
3  <gw-ip>
4  <netmask>
5  <hostname>
6  <device>
7  <autoconf>
8  <dns0-ip>
9  <dns1-ip>
10 <ntp0-ip>

# https://archlinux.org/packages/core/x86_64/mkinitcpio-nfs-utils/
# uses
# https://gitlab.archlinux.org/archlinux/packaging/packages/mkinitcpio-nfs-utils/-/blob/main/initcpio-install-net
1  <client-ip>
2  <server-ip>
3  <gw-ip>
4  <netmask>
5  <hostname>
6  <device>
7  <autoconf>

8  <dns0-ip>
9  <dns1-ip>
10 <ntp0-ip>
  • No 0-byte key files, Dropbear will hang
  • dropbearkey -t dss -f "/etc/dropbear/dropbear_dss_host_key"
  • Remove zfsbootmenu from HOOKS
- Explain `ServerAliveCountMax` and `ServerAliveInterval` - We want `/usr/sbin/dropbear -E -s -j -k -K 1 -p <n>` - `ssh -o ServerAliveInterval=3 -o ServerAliveCountMax=0 <addr> -p <port>` - Automatic patching ``` # https://wiki.archlinux.org/title/Mkinitcpio#Using_net 1 <client-ip> 2 <server-ip> 3 <gw-ip> 4 <netmask> 5 <hostname> 6 <device> 7 <autoconf> 8 <dns0-ip> 9 <dns1-ip> 10 <ntp0-ip> # https://wiki.archlinux.org/title/Mkinitcpio#Using_net # links to: # https://docs.kernel.org/admin-guide/nfs/nfsroot.html 1 <client-ip> 2 <server-ip> 3 <gw-ip> 4 <netmask> 5 <hostname> 6 <device> 7 <autoconf> 8 <dns0-ip> 9 <dns1-ip> 10 <ntp0-ip> # https://archlinux.org/packages/core/x86_64/mkinitcpio-nfs-utils/ # uses # https://gitlab.archlinux.org/archlinux/packaging/packages/mkinitcpio-nfs-utils/-/blob/main/initcpio-install-net 1 <client-ip> 2 <server-ip> 3 <gw-ip> 4 <netmask> 5 <hostname> 6 <device> 7 <autoconf> 8 <dns0-ip> 9 <dns1-ip> 10 <ntp0-ip> ``` - No 0-byte key files, Dropbear will hang - `dropbearkey -t dss -f "/etc/dropbear/dropbear_dss_host_key"` - Remove `zfsbootmenu` from `HOOKS`
hygienic-books commented 2023-10-31 00:41:52 +00:00
Author
Owner
Copy Link

Test if command='zfsbootmenu',no-agent-forwarding works

Test if `command='zfsbootmenu',no-agent-forwarding` works
hygienic-books commented 2023-10-31 16:57:11 +00:00
Author
Owner
Copy Link

zfsbootmenu hook must be last or not present at all

`zfsbootmenu` hook must be last or not present at all
hygienic-books commented 2023-11-03 02:23:24 +00:00
Author
Owner
Copy Link

Syslinux shouldn't have a CommandLine, try UEFI first for IP address

Syslinux shouldn't have a `CommandLine`, try UEFI first for IP address
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
hygienic-books
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: quico-os-setup/arch-zbm#6
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?