diff options
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/naskpass.initconf | 16 | ||||
| -rwxr-xr-x | scripts/naskpass.inithook | 18 | ||||
| -rwxr-xr-x | scripts/naskpass.post | 13 | ||||
| -rwxr-xr-x | scripts/naskpass.pre | 23 | ||||
| -rw-r--r-- | scripts/sshd_config | 40 |
5 files changed, 104 insertions, 6 deletions
diff --git a/scripts/naskpass.initconf b/scripts/naskpass.initconf index 2e16e82..63989a1 100755 --- a/scripts/naskpass.initconf +++ b/scripts/naskpass.initconf @@ -1,7 +1,15 @@ # initramfs naskpass config file -# network device -NETDEV=eth0 - # maximum ip wait time in seconds -MAXWAIT=10 +MAXWAIT=25 + +# kernel printk path +PRINTK=/proc/sys/kernel/printk +OLDPRINTK=/tmp/naskpass.oldprintk + +# network options +# NASK_IP, NASK_MAC requires NASK_DEV ! +#NASK_DEV=eth0 +# commenting out the following line will force debian's `configure_network` routine +#NASK_IP=192.168.0.11 +#NASK_MAC=66:66:66:66:66:66 diff --git a/scripts/naskpass.inithook b/scripts/naskpass.inithook index 6bb0cc1..ac67cf5 100755 --- a/scripts/naskpass.inithook +++ b/scripts/naskpass.inithook @@ -24,6 +24,24 @@ copy_exec /usr/share/naskpass/naskpass.pre /lib/cryptsetup copy_exec /usr/share/naskpass/naskpass.post /lib/cryptsetup copy_exec /usr/share/naskpass/naskpass.initconf /etc/naskpass.conf +copy_exec /usr/sbin/sshd /sbin/sshd +copy_exec /usr/bin/strace /bin/strace + +cp -R /etc/initramfs-tools/etc/ssh "${DESTDIR}/etc/" + +copy_exec /usr/lib/i386-linux-gnu/libnss_compat.so /usr/lib/i386-linux-gnu/ +if [ -r "${DESTDIR}/etc/nsswitch.conf" ]; then +echo << EOF >"${DESTDIR}/etc/nsswitch.conf" +passwd: compat +group: compat +shadow: compat +EOF +fi + +[ -r "${DESTDIR}/etc/passwd" ] || echo 'root:x:0:0:root:/root:/bin/sh' >"${DESTDIR}/etc/passwd" +[ -r "${DESTDIR}/etc/group" ] || echo 'root:x:0:' >"${DESTDIR}/etc/group" +[ -r "${DESTDIR}/etc/shadow" ] || echo 'root:*:16777:0:99999:7:::' >"${DESTDIR}/etc/shadow" + mkdir -p ${DESTDIR}/lib/terminfo/l cp /lib/terminfo/l/linux ${DESTDIR}/lib/terminfo/l/ diff --git a/scripts/naskpass.post b/scripts/naskpass.post index 0ea24a2..f76a4cc 100755 --- a/scripts/naskpass.post +++ b/scripts/naskpass.post @@ -1,3 +1,16 @@ #!/bin/sh . /etc/naskpass.conf + +if [ "x${OLDPRINTK}" != "x" ] && [ -r ${OLDPRINTK} ] && [ -w ${PRINTK} ]; then + cat ${OLDPRINTK} >${OLDPRINTK} +fi + +kill $(pidof sshd) + +for interface in $(ifconfig | grep -oE '^[a-zA-Z0-9]+\s+'); do + echo "disable ${interface}" + ifconfig ${interface} 0.0.0.0 + ifconfig ${interface} down +done + diff --git a/scripts/naskpass.pre b/scripts/naskpass.pre index f5acd96..032cc49 100755 --- a/scripts/naskpass.pre +++ b/scripts/naskpass.pre @@ -1,12 +1,30 @@ #!/bin/sh +. /scripts/functions . /etc/naskpass.conf +if [ "x${PRINTK}" != "x" ] && [ -r ${PRINTK} ] && [ -w ${PRINTK} ]; then + cat ${PRINTK} >${OLDPRINTK} + echo "0 0 0 0" >${PRINTK} +fi +sleep 0.2 + echo -n 'waiting for ip ' CURWAIT=$MAXWAIT -if [ -x /sbin/dropbear ]; then +if [ -x /sbin/sshd ]; then + +if [ "x${NASK_DEV}" != "x" ] && [ "x${NASK_MAC}" != "x" ]; then + ifconfig ${NASK_DEV} hw ether ${NASK_MAC} +fi + +if [ "x${NASK_DEV}" != "x" ] && [ "x${NASK_IP}" != "x" ]; then + ifconfig ${NASK_DEV} ${NASK_IP} +else + configure_networking & +fi + while ! $(ifconfig -a | grep -qoE 'inet addr:'); do echo -n '.' if [ $CURWAIT -le 0 ]; then @@ -14,8 +32,9 @@ while ! $(ifconfig -a | grep -qoE 'inet addr:'); do break fi CURWAIT=$(expr $CURWAIT - 1) - sleep 1 + sleep 0.5 done echo +/sbin/sshd fi diff --git a/scripts/sshd_config b/scripts/sshd_config new file mode 100644 index 0000000..256d2c0 --- /dev/null +++ b/scripts/sshd_config @@ -0,0 +1,40 @@ +Port 22 +ListenAddress :: +ListenAddress 0.0.0.0 +Protocol 2 + +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +UsePrivilegeSeparation no + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 4096 + +# Authentication: +LoginGraceTime 120 +PermitRootLogin yes +StrictModes yes +RSAAuthentication yes +PubkeyAuthentication yes +AuthorizedKeysFile /etc/ssh/authorized_keys + +IgnoreRhosts yes +RhostsRSAAuthentication no +HostbasedAuthentication no + +PermitEmptyPasswords no +ChallengeResponseAuthentication no +PasswordAuthentication no + +X11Forwarding no +PrintMotd no +PrintLastLog no +TCPKeepAlive yes +UseLogin no + +AcceptEnv LANG LC_* +ForceCommand /bin/sh + +UsePAM no |