Enable SSH access to tinyipa
might be useful sometimes, for example debugging in normal terminal is usually more pleasant than in QEMU console. Add env variables `ENABLE_SSH` and `SSH_PUBLIC_KEY`, documentation is amended accordingly. Change-Id: I71352c2087e1fb9a7174affb78fe695932a924d7
This commit is contained in:
parent
dd69ef3cd5
commit
2136ded582
imagebuild/tinyipa
releasenotes/notes
@ -77,3 +77,14 @@ instead of loading some things at runtime (this results in a slightly bigger
|
||||
ramdisk), before running make or build-tinyipa.sh run::
|
||||
|
||||
export BUILD_AND_INSTALL_TINYIPA=true
|
||||
|
||||
If you want to enable SSH access to the image, set ``ENABLE_SSH`` variable in
|
||||
your shell before building the tinyipa::
|
||||
|
||||
export ENABLE_SSH=true
|
||||
|
||||
By default it will use public RSA or DSA keys of the user running the build.
|
||||
To provide other public SSH key, export path to it in your shell before
|
||||
building tinyipa as follows::
|
||||
|
||||
export SSH_PUBLIC_KEY=<full-path-to-public-key>
|
||||
|
@ -9,6 +9,12 @@ date
|
||||
|
||||
export HOME=/root
|
||||
|
||||
# Start SSHd
|
||||
if [ -f /usr/local/etc/init.d/openssh ]; then
|
||||
echo "Starting OpenSSH server:"
|
||||
/usr/local/etc/init.d/openssh start
|
||||
fi
|
||||
|
||||
# Maybe save some RAM?
|
||||
#rm -rf /tmp/builtin
|
||||
|
||||
|
@ -6,6 +6,8 @@ BUILDDIR="$WORKDIR/tinyipabuild"
|
||||
FINALDIR="$WORKDIR/tinyipafinal"
|
||||
BUILD_AND_INSTALL_TINYIPA=${BUILD_AND_INSTALL_TINYIPA:-true}
|
||||
TINYCORE_MIRROR_URL=${TINYCORE_MIRROR_URL:-"http://repo.tinycorelinux.net/"}
|
||||
ENABLE_SSH=${ENABLE_SSH:-false}
|
||||
SSH_PUBLIC_KEY=${SSH_PUBLIC_KEY:-}
|
||||
|
||||
TC=1001
|
||||
STAFF=50
|
||||
@ -16,6 +18,27 @@ TC_CHROOT_CMD="sudo chroot --userspec=$TC:$STAFF $FINALDIR /usr/bin/env -i PATH=
|
||||
|
||||
echo "Finalising tinyipa:"
|
||||
|
||||
if $ENABLE_SSH ; then
|
||||
echo "Validating location of public SSH key"
|
||||
if [ -n "$SSH_PUBLIC_KEY" ]; then
|
||||
if [ -f "$SSH_PUBLIC_KEY" ]; then
|
||||
_found_ssh_key="$SSH_PUBLIC_KEY"
|
||||
fi
|
||||
else
|
||||
for fmt in rsa dsa; do
|
||||
if [ -f "$HOME/.ssh/id_$fmt.pub" ]; then
|
||||
_found_ssh_key="$HOME/.ssh/id_$fmt.pub"
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if [ -z $_found_ssh_key ]; then
|
||||
echo "Failed to find neither provided nor default SSH key"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
sudo -v
|
||||
|
||||
if [ -d "$FINALDIR" ]; then
|
||||
@ -68,6 +91,30 @@ while read line; do
|
||||
$TC_CHROOT_CMD tce-load -wic $line
|
||||
done < $WORKDIR/build_files/finalreqs.lst
|
||||
|
||||
if $ENABLE_SSH ; then
|
||||
# Install and configure bare minimum for SSH access
|
||||
$TC_CHROOT_CMD tce-load -wic openssh
|
||||
# Configure OpenSSH
|
||||
$CHROOT_CMD cp /usr/local/etc/ssh/sshd_config.orig /usr/local/etc/ssh/sshd_config
|
||||
echo "PasswordAuthentication no" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config
|
||||
# Generate and configure host keys - RSA, DSA, Ed25519
|
||||
# NOTE(pas-ha) ECDSA host key will still be re-generated fresh on every image boot
|
||||
$CHROOT_CMD ssh-keygen -t rsa -N "" -f /usr/local/etc/ssh/ssh_host_rsa_key
|
||||
$CHROOT_CMD ssh-keygen -t dsa -N "" -f /usr/local/etc/ssh/ssh_host_dsa_key
|
||||
$CHROOT_CMD ssh-keygen -t ed25519 -N "" -f /usr/local/etc/ssh/ssh_host_ed25519_key
|
||||
echo "HostKey /usr/local/etc/ssh/ssh_host_rsa_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config
|
||||
echo "HostKey /usr/local/etc/ssh/ssh_host_dsa_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config
|
||||
echo "HostKey /usr/local/etc/ssh/ssh_host_ed25519_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config
|
||||
|
||||
# setup user and SSH keys
|
||||
$CHROOT_CMD mkdir -p /home/tc
|
||||
$CHROOT_CMD chown -R tc.staff /home/tc
|
||||
$TC_CHROOT_CMD mkdir -p /home/tc/.ssh
|
||||
cat $_found_ssh_key | $TC_CHROOT_CMD tee /home/tc/.ssh/authorized_keys
|
||||
$CHROOT_CMD chown tc.staff /home/tc/.ssh/authorized_keys
|
||||
$TC_CHROOT_CMD chmod 600 /home/tc/.ssh/authorized_keys
|
||||
fi
|
||||
|
||||
$TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/tgt.tcz
|
||||
$TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/qemu-utils.tcz
|
||||
|
||||
|
6
releasenotes/notes/tinyipa-ssh-e8a3a01a3f3ff5f4.yaml
Normal file
6
releasenotes/notes/tinyipa-ssh-e8a3a01a3f3ff5f4.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
other:
|
||||
- When building the TinyIPA ramdisk, it is now possible to enable SSH
|
||||
access to it.
|
||||
Use ``ENABLE_SSH`` and ``SSH_PUBLIC_KEY`` environment variables
|
||||
for that (see TinyIPA's README for more details).
|
Loading…
x
Reference in New Issue
Block a user