Discussion:
[Grml] Problem with grml autoconfig
Bojan Sukalo
2011-09-05 08:28:29 UTC
Permalink
Hello everyone!

Maybe this is not the right way to ask general user question (wrong mail list or something) so I'm sorry if made any problems.

I have an urgent situation to make ad-hoc openvpn server from usb stick. Using grml for some time as a live cd and recovery tool I think this can be done with grml.

So I have openvpn folder with all the necesary stuff, I formatted usb stick in following way:
1. 3GB FAT32 wiht grml on it (grml2usb --bootoptions="nodhcp") ? ? ? ?/dev/sdb1
2 1GB ext3 with GRMLCFG label with scripts dir and inside it grml.sh script ?/dev/sdb5

grml.sh script is chmod 755, so executable and readable by everyone.

basicaly the content of script is:


#!/bin/bash
ip link set dev eth0 up
ip addr add dev eth0 192.168.1.253/24
ip route add default via 192.168.1.254
#now I wont to copy the folder to rw fs in order to write status files and logs so
cp -r /mnt/grmlcfg/openvpn /root/?
cd /root/openvpn
openvpn --config /root/openvpn/server.conf &
echo 1 > /proc/sys/net/ipv4/ip_forward
#and to start ssh server to access the box
/etc/init.d/ssh start


The debug output says that GRMLCFG is detected and mounted to /mnt/grmlcfg as ro

When booting finished, nothing has happened, as the script had not been run.

Can anybody shed some light on this please?

Thank You.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mur.at/pipermail/grml/attachments/20110905/212ba735/attachment.html>
Lupe Christoph
2011-09-05 09:26:03 UTC
Permalink
Post by Bojan Sukalo
1. 3GB FAT32 wiht grml on it (grml2usb --bootoptions="nodhcp") ? ? ? ?/dev/sdb1
2 1GB ext3 with GRMLCFG label with scripts dir and inside it grml.sh script ?/dev/sdb5
--------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The grml.sh must be in the root of the filesystem, AFAIK. At least
that's what works for me(TM). I use about the same setup (except that I
use a physical partition for GRMLCFG).

HTH,
Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job |
| done, you should give it to someone who is already very busy. |
| Terry Pratchett, "Unseen Academicals" |
Bojan Sukalo
2011-09-05 13:50:05 UTC
Permalink
Thank You.

That helped a lot.

I know we supposed to finish this thread and start another but I need hint a bout ssh server.

Starting an sshd from script does the job but I have problem because root password is empty so I not access the server.

Is there a workaroud. bootoption ssh:mysecret does not seem to start the sshd or to change password for grml user.

Even if it does, will I abe able to change from grml to root without knowing the root pass.

What would be the solution here?


________________________________
From: Lupe Christoph <lupe at lupe-christoph.de>
To: Bojan Sukalo <shukalo83 at yahoo.com>
Cc: "grml at mur.at" <grml at mur.at>
Sent: Monday, September 5, 2011 11:26 AM
Subject: Re: [Grml] Problem with grml autoconfig
Post by Bojan Sukalo
1. 3GB FAT32 wiht grml on it (grml2usb --bootoptions="nodhcp") ? ? ? ?/dev/sdb1
2 1GB ext3 with GRMLCFG label with scripts dir and inside it grml.sh script ?/dev/sdb5
--------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The grml.sh must be in the root of the filesystem, AFAIK. At least
that's what works for me(TM). I use about the same setup (except that I
use a physical partition for GRMLCFG).

HTH,
Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job? ? |
| done, you should give it to someone who is already very busy.? ? ? ? ? |
| Terry Pratchett, "Unseen Academicals"? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mur.at/pipermail/grml/attachments/20110905/55146423/attachment.html>
Lupe Christoph
2011-09-05 14:17:31 UTC
Permalink
Post by Bojan Sukalo
Thank You.
That helped a lot.
You're welcome.
Post by Bojan Sukalo
I know we supposed to finish this thread and start another but I need hint a bout ssh server.
Starting an sshd from script does the job but I have problem because root password is empty so I not access the server.
I would propose that you use a key to access root on this server rather
than a password. While you could overwrite /etc/passwd from grml.sh or
config.tbz, I would not recommend to do that.

Here is what I do:

1) Create /root/.ssh/authorized_keys
2) Save these files and directories to /mnt/GRMLCFG/config.tbz:
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ecdsa_key.pub
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/root/.ssh
3) Log in with the key
Post by Bojan Sukalo
Is there a workaroud. bootoption ssh:mysecret does not seem to start the sshd or to change password for grml user.
That should be ssh=password not ssh:password.
Post by Bojan Sukalo
Even if it does, will I abe able to change from grml to root without knowing the root pass.
May I suggest "sudo su -"? The grml user has full sudoers rights,
without a password. But with the default /etc/shadow, "su -" does not
request a password.

If you want to use /mnt/GRMLCFG/config.tbz, here is what I use to manage
it. I write the file and directory names to /mnt/GRMLCFG/config.list and
run this little script (/mnt/GRMLCFG/save-config) to refresh
/mnt/GRMLCFG/config.tbz:

#!/bin/sh

tar cvfjpP /mnt/GRMLCFG/config.tbz -T /mnt/GRMLCFG/config.list

HTH,
Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job |
| done, you should give it to someone who is already very busy. |
| Terry Pratchett, "Unseen Academicals" |
Bojan Sukalo
2011-09-06 06:37:04 UTC
Permalink
Thank You once more.

Thing with keys works like a charm.

I tar all the dirs you mentioned to config.tbz on GRMLCFG labeled fs (preserving absolute path) and it gets restored on boot.
?

As for ssh:mysecret that was typo and ssh=mysecret doesn't do any good. Maybe it's a bug or I make mistake somewhere else along the way.

Also, to avoid these kind of problems it seems to me that configuration is somewhat misleading.

I'll quote from grml-autoconfig web page:

Without any additional boot parameters, the GCA at DCSDIR/config.tbz is automatically unpacked and DCSDIR/scrips/grml.sh is automatically executed on system startup


DCSDIR/scrips/grml.sh shoud be, according to my experience DCSDIR/grml.sh





________________________________
From: Lupe Christoph <lupe at lupe-christoph.de>
To: Bojan Sukalo <shukalo83 at yahoo.com>
Cc: "grml at mur.at" <grml at mur.at>
Sent: Monday, September 5, 2011 4:17 PM
Subject: Re: [Grml] Problem with grml autoconfig
Post by Bojan Sukalo
Thank You.
That helped a lot.
You're welcome.
Post by Bojan Sukalo
I know we supposed to finish this thread and start another but I need hint a bout ssh server.
Starting an sshd from script does the job but I have problem because root password is empty so I not access the server.
I would propose that you use a key to access root on this server rather
than a password. While you could overwrite /etc/passwd from grml.sh or
config.tbz, I would not recommend to do that.

Here is what I do:

1) Create /root/.ssh/authorized_keys
2) Save these files and directories to /mnt/GRMLCFG/config.tbz:
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ecdsa_key.pub
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/root/.ssh
3) Log in with the key
Post by Bojan Sukalo
Is there a workaroud. bootoption ssh:mysecret does not seem to start the sshd or to change password for grml user.
That should be ssh=password not ssh:password.
Post by Bojan Sukalo
Even if it does, will I abe able to change from grml to root without knowing the root pass.
May I suggest "sudo su -"? The grml user has full sudoers rights,
without a password. But with the default /etc/shadow, "su -" does not
request a password.

If you want to use /mnt/GRMLCFG/config.tbz, here is what I use to manage
it. I write the file and directory names to /mnt/GRMLCFG/config.list and
run this little script (/mnt/GRMLCFG/save-config) to refresh
/mnt/GRMLCFG/config.tbz:

#!/bin/sh

tar cvfjpP /mnt/GRMLCFG/config.tbz -T /mnt/GRMLCFG/config.list

HTH,
Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job? ? |
| done, you should give it to someone who is already very busy.? ? ? ? ? |
| Terry Pratchett, "Unseen Academicals"? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mur.at/pipermail/grml/attachments/20110905/8345f55a/attachment.html>
Ulrich Dangel
2011-09-06 07:01:45 UTC
Permalink
* Bojan Sukalo wrote [06.09.11 08:37]:
Hi,
Post by Bojan Sukalo
Thank You once more.
Thing with keys works like a charm.
I tar all the dirs you mentioned to config.tbz on GRMLCFG labeled fs (preserving absolute path) and it gets restored on boot.
?
As for ssh:mysecret that was typo and ssh=mysecret doesn't do any
good. Maybe it's a bug or I make mistake somewhere else along the way.
Just tested it and it works for me. Please note that the password is set
for the user grml.
Post by Bojan Sukalo
Also, to avoid these kind of problems it seems to me that
configuration is somewhat misleading.
Without any additional boot parameters, the GCA at DCSDIR/config.tbz
is automatically unpacked and DCSDIR/scrips/grml.sh is automatically
executed on system startup
DCSDIR/scrips/grml.sh shoud be, according to my experience DCSDIR/grml.sh
It seems to be a little bit more complicated. If you are not using the
GRMLCFG label i think it should have worked.
I think we can change that to check for DCSDIR/scripts/grml.sh first and
if not existant DSCDIR/grml.sh second.

Ulrich
--
twitter: @mr_ud | identica: @mru
IRCNet: mru | freenode: mrud
Lupe Christoph
2011-09-06 14:39:13 UTC
Permalink
Post by Ulrich Dangel
It seems to be a little bit more complicated. If you are not using the
GRMLCFG label i think it should have worked.
I think we can change that to check for DCSDIR/scripts/grml.sh first and
if not existant DSCDIR/grml.sh second.
May I suggest to print a warning if both exist, to avoid confusion?
(Maybe the current code does this already, I haven't checked.)

Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job |
| done, you should give it to someone who is already very busy. |
| Terry Pratchett, "Unseen Academicals" |
Lupe Christoph
2011-09-06 14:39:13 UTC
Permalink
Post by Ulrich Dangel
It seems to be a little bit more complicated. If you are not using the
GRMLCFG label i think it should have worked.
I think we can change that to check for DCSDIR/scripts/grml.sh first and
if not existant DSCDIR/grml.sh second.
May I suggest to print a warning if both exist, to avoid confusion?
(Maybe the current code does this already, I haven't checked.)

Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job |
| done, you should give it to someone who is already very busy. |
| Terry Pratchett, "Unseen Academicals" |
Lupe Christoph
2011-09-06 14:39:13 UTC
Permalink
Post by Ulrich Dangel
It seems to be a little bit more complicated. If you are not using the
GRMLCFG label i think it should have worked.
I think we can change that to check for DCSDIR/scripts/grml.sh first and
if not existant DSCDIR/grml.sh second.
May I suggest to print a warning if both exist, to avoid confusion?
(Maybe the current code does this already, I haven't checked.)

Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job |
| done, you should give it to someone who is already very busy. |
| Terry Pratchett, "Unseen Academicals" |
Ulrich Dangel
2011-09-06 07:01:45 UTC
Permalink
* Bojan Sukalo wrote [06.09.11 08:37]:
Hi,
Post by Bojan Sukalo
Thank You once more.
Thing with keys works like a charm.
I tar all the dirs you mentioned to config.tbz on GRMLCFG labeled fs (preserving absolute path) and it gets restored on boot.
?
As for ssh:mysecret that was typo and ssh=mysecret doesn't do any
good. Maybe it's a bug or I make mistake somewhere else along the way.
Just tested it and it works for me. Please note that the password is set
for the user grml.
Post by Bojan Sukalo
Also, to avoid these kind of problems it seems to me that
configuration is somewhat misleading.
Without any additional boot parameters, the GCA at DCSDIR/config.tbz
is automatically unpacked and DCSDIR/scrips/grml.sh is automatically
executed on system startup
DCSDIR/scrips/grml.sh shoud be, according to my experience DCSDIR/grml.sh
It seems to be a little bit more complicated. If you are not using the
GRMLCFG label i think it should have worked.
I think we can change that to check for DCSDIR/scripts/grml.sh first and
if not existant DSCDIR/grml.sh second.

Ulrich
--
twitter: @mr_ud | identica: @mru
IRCNet: mru | freenode: mrud
Ulrich Dangel
2011-09-06 07:01:45 UTC
Permalink
* Bojan Sukalo wrote [06.09.11 08:37]:
Hi,
Post by Bojan Sukalo
Thank You once more.
Thing with keys works like a charm.
I tar all the dirs you mentioned to config.tbz on GRMLCFG labeled fs (preserving absolute path) and it gets restored on boot.
?
As for ssh:mysecret that was typo and ssh=mysecret doesn't do any
good. Maybe it's a bug or I make mistake somewhere else along the way.
Just tested it and it works for me. Please note that the password is set
for the user grml.
Post by Bojan Sukalo
Also, to avoid these kind of problems it seems to me that
configuration is somewhat misleading.
Without any additional boot parameters, the GCA at DCSDIR/config.tbz
is automatically unpacked and DCSDIR/scrips/grml.sh is automatically
executed on system startup
DCSDIR/scrips/grml.sh shoud be, according to my experience DCSDIR/grml.sh
It seems to be a little bit more complicated. If you are not using the
GRMLCFG label i think it should have worked.
I think we can change that to check for DCSDIR/scripts/grml.sh first and
if not existant DSCDIR/grml.sh second.

Ulrich
--
twitter: @mr_ud | identica: @mru
IRCNet: mru | freenode: mrud
Bojan Sukalo
2011-09-06 06:37:04 UTC
Permalink
Thank You once more.

Thing with keys works like a charm.

I tar all the dirs you mentioned to config.tbz on GRMLCFG labeled fs (preserving absolute path) and it gets restored on boot.
?

As for ssh:mysecret that was typo and ssh=mysecret doesn't do any good. Maybe it's a bug or I make mistake somewhere else along the way.

Also, to avoid these kind of problems it seems to me that configuration is somewhat misleading.

I'll quote from grml-autoconfig web page:

Without any additional boot parameters, the GCA at DCSDIR/config.tbz is automatically unpacked and DCSDIR/scrips/grml.sh is automatically executed on system startup


DCSDIR/scrips/grml.sh shoud be, according to my experience DCSDIR/grml.sh





________________________________
From: Lupe Christoph <lupe at lupe-christoph.de>
To: Bojan Sukalo <shukalo83 at yahoo.com>
Cc: "grml at mur.at" <grml at mur.at>
Sent: Monday, September 5, 2011 4:17 PM
Subject: Re: [Grml] Problem with grml autoconfig
Post by Bojan Sukalo
Thank You.
That helped a lot.
You're welcome.
Post by Bojan Sukalo
I know we supposed to finish this thread and start another but I need hint a bout ssh server.
Starting an sshd from script does the job but I have problem because root password is empty so I not access the server.
I would propose that you use a key to access root on this server rather
than a password. While you could overwrite /etc/passwd from grml.sh or
config.tbz, I would not recommend to do that.

Here is what I do:

1) Create /root/.ssh/authorized_keys
2) Save these files and directories to /mnt/GRMLCFG/config.tbz:
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ecdsa_key.pub
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/root/.ssh
3) Log in with the key
Post by Bojan Sukalo
Is there a workaroud. bootoption ssh:mysecret does not seem to start the sshd or to change password for grml user.
That should be ssh=password not ssh:password.
Post by Bojan Sukalo
Even if it does, will I abe able to change from grml to root without knowing the root pass.
May I suggest "sudo su -"? The grml user has full sudoers rights,
without a password. But with the default /etc/shadow, "su -" does not
request a password.

If you want to use /mnt/GRMLCFG/config.tbz, here is what I use to manage
it. I write the file and directory names to /mnt/GRMLCFG/config.list and
run this little script (/mnt/GRMLCFG/save-config) to refresh
/mnt/GRMLCFG/config.tbz:

#!/bin/sh

tar cvfjpP /mnt/GRMLCFG/config.tbz -T /mnt/GRMLCFG/config.list

HTH,
Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job? ? |
| done, you should give it to someone who is already very busy.? ? ? ? ? |
| Terry Pratchett, "Unseen Academicals"? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ml.grml.org/pipermail/grml/attachments/20110905/8345f55a/attachment-0002.html>
Bojan Sukalo
2011-09-06 06:37:04 UTC
Permalink
Thank You once more.

Thing with keys works like a charm.

I tar all the dirs you mentioned to config.tbz on GRMLCFG labeled fs (preserving absolute path) and it gets restored on boot.
?

As for ssh:mysecret that was typo and ssh=mysecret doesn't do any good. Maybe it's a bug or I make mistake somewhere else along the way.

Also, to avoid these kind of problems it seems to me that configuration is somewhat misleading.

I'll quote from grml-autoconfig web page:

Without any additional boot parameters, the GCA at DCSDIR/config.tbz is automatically unpacked and DCSDIR/scrips/grml.sh is automatically executed on system startup


DCSDIR/scrips/grml.sh shoud be, according to my experience DCSDIR/grml.sh





________________________________
From: Lupe Christoph <lupe at lupe-christoph.de>
To: Bojan Sukalo <shukalo83 at yahoo.com>
Cc: "grml at mur.at" <grml at mur.at>
Sent: Monday, September 5, 2011 4:17 PM
Subject: Re: [Grml] Problem with grml autoconfig
Post by Bojan Sukalo
Thank You.
That helped a lot.
You're welcome.
Post by Bojan Sukalo
I know we supposed to finish this thread and start another but I need hint a bout ssh server.
Starting an sshd from script does the job but I have problem because root password is empty so I not access the server.
I would propose that you use a key to access root on this server rather
than a password. While you could overwrite /etc/passwd from grml.sh or
config.tbz, I would not recommend to do that.

Here is what I do:

1) Create /root/.ssh/authorized_keys
2) Save these files and directories to /mnt/GRMLCFG/config.tbz:
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ecdsa_key.pub
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/root/.ssh
3) Log in with the key
Post by Bojan Sukalo
Is there a workaroud. bootoption ssh:mysecret does not seem to start the sshd or to change password for grml user.
That should be ssh=password not ssh:password.
Post by Bojan Sukalo
Even if it does, will I abe able to change from grml to root without knowing the root pass.
May I suggest "sudo su -"? The grml user has full sudoers rights,
without a password. But with the default /etc/shadow, "su -" does not
request a password.

If you want to use /mnt/GRMLCFG/config.tbz, here is what I use to manage
it. I write the file and directory names to /mnt/GRMLCFG/config.list and
run this little script (/mnt/GRMLCFG/save-config) to refresh
/mnt/GRMLCFG/config.tbz:

#!/bin/sh

tar cvfjpP /mnt/GRMLCFG/config.tbz -T /mnt/GRMLCFG/config.list

HTH,
Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job? ? |
| done, you should give it to someone who is already very busy.? ? ? ? ? |
| Terry Pratchett, "Unseen Academicals"? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ml.grml.org/pipermail/grml/attachments/20110905/8345f55a/attachment-0003.html>
Ulrich Dangel
2011-09-05 16:35:32 UTC
Permalink
Post by Bojan Sukalo
Is there a workaroud. bootoption ssh:mysecret does not seem to start
the sshd or to change password for grml user.
The bootoption is ssh=mysecret (not : but =)
Post by Bojan Sukalo
Even if it does, will I abe able to change from grml to root without knowing the root pass.
Yes.

Ulrich
--
twitter: @mr_ud | identica: @mru
IRCNet: mru | freenode: mrud
Lupe Christoph
2011-09-05 14:17:31 UTC
Permalink
Post by Bojan Sukalo
Thank You.
That helped a lot.
You're welcome.
Post by Bojan Sukalo
I know we supposed to finish this thread and start another but I need hint a bout ssh server.
Starting an sshd from script does the job but I have problem because root password is empty so I not access the server.
I would propose that you use a key to access root on this server rather
than a password. While you could overwrite /etc/passwd from grml.sh or
config.tbz, I would not recommend to do that.

Here is what I do:

1) Create /root/.ssh/authorized_keys
2) Save these files and directories to /mnt/GRMLCFG/config.tbz:
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ecdsa_key.pub
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/root/.ssh
3) Log in with the key
Post by Bojan Sukalo
Is there a workaroud. bootoption ssh:mysecret does not seem to start the sshd or to change password for grml user.
That should be ssh=password not ssh:password.
Post by Bojan Sukalo
Even if it does, will I abe able to change from grml to root without knowing the root pass.
May I suggest "sudo su -"? The grml user has full sudoers rights,
without a password. But with the default /etc/shadow, "su -" does not
request a password.

If you want to use /mnt/GRMLCFG/config.tbz, here is what I use to manage
it. I write the file and directory names to /mnt/GRMLCFG/config.list and
run this little script (/mnt/GRMLCFG/save-config) to refresh
/mnt/GRMLCFG/config.tbz:

#!/bin/sh

tar cvfjpP /mnt/GRMLCFG/config.tbz -T /mnt/GRMLCFG/config.list

HTH,
Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job |
| done, you should give it to someone who is already very busy. |
| Terry Pratchett, "Unseen Academicals" |
Ulrich Dangel
2011-09-05 16:35:32 UTC
Permalink
Post by Bojan Sukalo
Is there a workaroud. bootoption ssh:mysecret does not seem to start
the sshd or to change password for grml user.
The bootoption is ssh=mysecret (not : but =)
Post by Bojan Sukalo
Even if it does, will I abe able to change from grml to root without knowing the root pass.
Yes.

Ulrich
--
twitter: @mr_ud | identica: @mru
IRCNet: mru | freenode: mrud
Lupe Christoph
2011-09-05 14:17:31 UTC
Permalink
Post by Bojan Sukalo
Thank You.
That helped a lot.
You're welcome.
Post by Bojan Sukalo
I know we supposed to finish this thread and start another but I need hint a bout ssh server.
Starting an sshd from script does the job but I have problem because root password is empty so I not access the server.
I would propose that you use a key to access root on this server rather
than a password. While you could overwrite /etc/passwd from grml.sh or
config.tbz, I would not recommend to do that.

Here is what I do:

1) Create /root/.ssh/authorized_keys
2) Save these files and directories to /mnt/GRMLCFG/config.tbz:
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ecdsa_key.pub
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/root/.ssh
3) Log in with the key
Post by Bojan Sukalo
Is there a workaroud. bootoption ssh:mysecret does not seem to start the sshd or to change password for grml user.
That should be ssh=password not ssh:password.
Post by Bojan Sukalo
Even if it does, will I abe able to change from grml to root without knowing the root pass.
May I suggest "sudo su -"? The grml user has full sudoers rights,
without a password. But with the default /etc/shadow, "su -" does not
request a password.

If you want to use /mnt/GRMLCFG/config.tbz, here is what I use to manage
it. I write the file and directory names to /mnt/GRMLCFG/config.list and
run this little script (/mnt/GRMLCFG/save-config) to refresh
/mnt/GRMLCFG/config.tbz:

#!/bin/sh

tar cvfjpP /mnt/GRMLCFG/config.tbz -T /mnt/GRMLCFG/config.list

HTH,
Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job |
| done, you should give it to someone who is already very busy. |
| Terry Pratchett, "Unseen Academicals" |
Ulrich Dangel
2011-09-05 16:35:32 UTC
Permalink
Post by Bojan Sukalo
Is there a workaroud. bootoption ssh:mysecret does not seem to start
the sshd or to change password for grml user.
The bootoption is ssh=mysecret (not : but =)
Post by Bojan Sukalo
Even if it does, will I abe able to change from grml to root without knowing the root pass.
Yes.

Ulrich
--
twitter: @mr_ud | identica: @mru
IRCNet: mru | freenode: mrud
Bojan Sukalo
2011-09-05 13:50:05 UTC
Permalink
Thank You.

That helped a lot.

I know we supposed to finish this thread and start another but I need hint a bout ssh server.

Starting an sshd from script does the job but I have problem because root password is empty so I not access the server.

Is there a workaroud. bootoption ssh:mysecret does not seem to start the sshd or to change password for grml user.

Even if it does, will I abe able to change from grml to root without knowing the root pass.

What would be the solution here?


________________________________
From: Lupe Christoph <lupe at lupe-christoph.de>
To: Bojan Sukalo <shukalo83 at yahoo.com>
Cc: "grml at mur.at" <grml at mur.at>
Sent: Monday, September 5, 2011 11:26 AM
Subject: Re: [Grml] Problem with grml autoconfig
Post by Bojan Sukalo
1. 3GB FAT32 wiht grml on it (grml2usb --bootoptions="nodhcp") ? ? ? ?/dev/sdb1
2 1GB ext3 with GRMLCFG label with scripts dir and inside it grml.sh script ?/dev/sdb5
--------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The grml.sh must be in the root of the filesystem, AFAIK. At least
that's what works for me(TM). I use about the same setup (except that I
use a physical partition for GRMLCFG).

HTH,
Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job? ? |
| done, you should give it to someone who is already very busy.? ? ? ? ? |
| Terry Pratchett, "Unseen Academicals"? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ml.grml.org/pipermail/grml/attachments/20110905/55146423/attachment-0002.html>
Bojan Sukalo
2011-09-05 13:50:05 UTC
Permalink
Thank You.

That helped a lot.

I know we supposed to finish this thread and start another but I need hint a bout ssh server.

Starting an sshd from script does the job but I have problem because root password is empty so I not access the server.

Is there a workaroud. bootoption ssh:mysecret does not seem to start the sshd or to change password for grml user.

Even if it does, will I abe able to change from grml to root without knowing the root pass.

What would be the solution here?


________________________________
From: Lupe Christoph <lupe at lupe-christoph.de>
To: Bojan Sukalo <shukalo83 at yahoo.com>
Cc: "grml at mur.at" <grml at mur.at>
Sent: Monday, September 5, 2011 11:26 AM
Subject: Re: [Grml] Problem with grml autoconfig
Post by Bojan Sukalo
1. 3GB FAT32 wiht grml on it (grml2usb --bootoptions="nodhcp") ? ? ? ?/dev/sdb1
2 1GB ext3 with GRMLCFG label with scripts dir and inside it grml.sh script ?/dev/sdb5
--------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The grml.sh must be in the root of the filesystem, AFAIK. At least
that's what works for me(TM). I use about the same setup (except that I
use a physical partition for GRMLCFG).

HTH,
Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job? ? |
| done, you should give it to someone who is already very busy.? ? ? ? ? |
| Terry Pratchett, "Unseen Academicals"? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ml.grml.org/pipermail/grml/attachments/20110905/55146423/attachment-0003.html>
Bojan Sukalo
2011-09-05 08:28:29 UTC
Permalink
Hello everyone!

Maybe this is not the right way to ask general user question (wrong mail list or something) so I'm sorry if made any problems.

I have an urgent situation to make ad-hoc openvpn server from usb stick. Using grml for some time as a live cd and recovery tool I think this can be done with grml.

So I have openvpn folder with all the necesary stuff, I formatted usb stick in following way:
1. 3GB FAT32 wiht grml on it (grml2usb --bootoptions="nodhcp") ? ? ? ?/dev/sdb1
2 1GB ext3 with GRMLCFG label with scripts dir and inside it grml.sh script ?/dev/sdb5

grml.sh script is chmod 755, so executable and readable by everyone.

basicaly the content of script is:


#!/bin/bash
ip link set dev eth0 up
ip addr add dev eth0 192.168.1.253/24
ip route add default via 192.168.1.254
#now I wont to copy the folder to rw fs in order to write status files and logs so
cp -r /mnt/grmlcfg/openvpn /root/?
cd /root/openvpn
openvpn --config /root/openvpn/server.conf &
echo 1 > /proc/sys/net/ipv4/ip_forward
#and to start ssh server to access the box
/etc/init.d/ssh start


The debug output says that GRMLCFG is detected and mounted to /mnt/grmlcfg as ro

When booting finished, nothing has happened, as the script had not been run.

Can anybody shed some light on this please?

Thank You.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ml.grml.org/pipermail/grml/attachments/20110905/212ba735/attachment-0002.html>
Lupe Christoph
2011-09-05 09:26:03 UTC
Permalink
Post by Bojan Sukalo
1. 3GB FAT32 wiht grml on it (grml2usb --bootoptions="nodhcp") ? ? ? ?/dev/sdb1
2 1GB ext3 with GRMLCFG label with scripts dir and inside it grml.sh script ?/dev/sdb5
--------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The grml.sh must be in the root of the filesystem, AFAIK. At least
that's what works for me(TM). I use about the same setup (except that I
use a physical partition for GRMLCFG).

HTH,
Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job |
| done, you should give it to someone who is already very busy. |
| Terry Pratchett, "Unseen Academicals" |
Bojan Sukalo
2011-09-05 08:28:29 UTC
Permalink
Hello everyone!

Maybe this is not the right way to ask general user question (wrong mail list or something) so I'm sorry if made any problems.

I have an urgent situation to make ad-hoc openvpn server from usb stick. Using grml for some time as a live cd and recovery tool I think this can be done with grml.

So I have openvpn folder with all the necesary stuff, I formatted usb stick in following way:
1. 3GB FAT32 wiht grml on it (grml2usb --bootoptions="nodhcp") ? ? ? ?/dev/sdb1
2 1GB ext3 with GRMLCFG label with scripts dir and inside it grml.sh script ?/dev/sdb5

grml.sh script is chmod 755, so executable and readable by everyone.

basicaly the content of script is:


#!/bin/bash
ip link set dev eth0 up
ip addr add dev eth0 192.168.1.253/24
ip route add default via 192.168.1.254
#now I wont to copy the folder to rw fs in order to write status files and logs so
cp -r /mnt/grmlcfg/openvpn /root/?
cd /root/openvpn
openvpn --config /root/openvpn/server.conf &
echo 1 > /proc/sys/net/ipv4/ip_forward
#and to start ssh server to access the box
/etc/init.d/ssh start


The debug output says that GRMLCFG is detected and mounted to /mnt/grmlcfg as ro

When booting finished, nothing has happened, as the script had not been run.

Can anybody shed some light on this please?

Thank You.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ml.grml.org/pipermail/grml/attachments/20110905/212ba735/attachment-0003.html>
Lupe Christoph
2011-09-05 09:26:03 UTC
Permalink
Post by Bojan Sukalo
1. 3GB FAT32 wiht grml on it (grml2usb --bootoptions="nodhcp") ? ? ? ?/dev/sdb1
2 1GB ext3 with GRMLCFG label with scripts dir and inside it grml.sh script ?/dev/sdb5
--------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The grml.sh must be in the root of the filesystem, AFAIK. At least
that's what works for me(TM). I use about the same setup (except that I
use a physical partition for GRMLCFG).

HTH,
Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job |
| done, you should give it to someone who is already very busy. |
| Terry Pratchett, "Unseen Academicals" |
Loading...