In message <43574.1103107578_at_critter.freebsd.dk> it was mentioned that in message <m33by7zula.fsf_at_merlin.emma.line.org>, Matthias Andree wrote: >On my wishlist, I've always wanted a "networked single user mode" >(i. e. only sshd running, only root login with key possible), and I've >always wondered why the whole system recovery is focused so much on the >principle of a "single-user console". To which "Poul-Henning Kamp" <phk_at_phk.freebsd.dk> responds: Implement it! I've wanted that for a long time too. We have something like this is our STYX system (STYX is a Remote Managed Firewall Service based is a hardened/reduced FreeBSD System). What we do is create two files /boot/maint/k.gz /boot/maint/fs.gz which are loaded via /boot/maint/loader.rc which contains: unload load /boot/maint/k load -t md_image /boot/maint/fs autoboot this boots the system into a ramdisk "maintenance" mode, networked and running a sshd. If you replace /boot/loader.rc with /boot/maint/loader.rc and reboot, you go into this maintenance mode. You can then ssh as root with the correct SSH private key, and from there, you can mess up the system at will. This has been working nicely on 4.x and recently we got "STYX 5.3" build working for "-current" (after we burnt the bridge to not support having the full /boot/* including /boot/maint/* on one floppy). I was hoping to get geom gmirror/gbde to work in the ramdisk crunch environment, but the geom_* programs are practically impossible to crunch. We haven't evangelized this work too much for lack of time, but I'd be happy to furnish the scripts if there is interest. Adrian _______________________________________________ Adrian Steinmann Apollostrasse 21 8032 Zurich Tel +41 44 380 30 80 Mailto:ast_at_marabu.chReceived on Wed Dec 15 2004 - 16:16:19 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:24 UTC