Updated June 11, 2003
Created May 29, 2003
Autogenerated Site Map
Search this Site!:
Here are the instructions for getting sshd to run starting in the %pre section of the kickstart file and is suitable for Red Hat Linux 7.2, AS 2.1, 7.3, 8.0 and 9.
Later I'll chop all this out of my %pre section and place it in its own script that gets downloaded and then run in the %pre section.
%pre
# Make device nodes for virtual console
# Not needed to get sshd running, but if you want
# to look at any screens while you're ssh'ed in
# then you'll be glad to have them.
if [ ! -e /dev/vcs ]; then mknod /dev/vcs c 7 0; fi
for X in 1 2 3 4 5 6 7 8 9 10 11 12; do
if [ ! -e /dev/vcs$X ]; then mknod /dev/vcs$X c 7 $X; fi
done
# /dev/tty is a good thing to have for sshd
if [ ! -e /dev/tty ]; then mknod /dev/tty c 5 0; fi
# We will drop all our sshd stuff into /dev/ram2, so here goes:
# make device node for another ramdisk
if [ ! -e /dev/ram2 ]; then mknod /dev/ram2 b 1 2; fi
# format the ramdisk
mke2fs /dev/ram2
# Mount the ramdisk
mkdir /mnt/new
mount /dev/ram2 /mnt/new
# Set up a ramdisk so we can unpack some files into it.
cd /mnt/new
cat <<EOF>~/.netrc
machine 172.48.0.1 login anonymous password ftp
macdef init
bin
hash
cd pub/rh72-ssh
lcd /mnt/new
get packages.tgz
get rh9-sshd.tgz
quit
default login anonymous password ftp
#
# packages.tgz has initlog built statically, and
# openssh built without PAM, on Red Hat 7.2
# These binaries work on RH72 - RH9.
#
# rh9-sshd.tgz is a required library that looks
# to have been removed from the anaconda environment
# in RHL9. This package (rh9-sshd.tgz) is not needed
# for any of the others (RH72 - RH80).
EOF
##
#Begin the download
##
# /etc/services has to be populated for ftp, ssh, rsh, etc. to work right.
if [ ! -e /etc/services ]; then cp /mnt/runtime/etc/services /etc; fi
cd /mnt/new
# Due to the ~/.netrc, we don't have to interract with ftp, the files
# will be automatically downloaded.
ftp 172.48.0.1
# Unpack the files
tar -xzf packages.tgz
tar -xzf rh9-sshd.tgz
# Set the library path so RH9 can access its needed library
# This won't hurt the other versions (RH72 - RH80)
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/mnt/new/rh9
# Let's link our sshd files into the anaconda ramdisk
for X in `find . -type d | grep -v /usr/ | grep -v '^.$' | grep -v 'lost+found' | sed -e 's,^\./,,'`; do mkdir -p /$X; done
for X in `find . -type f | grep -v /usr/ | grep -v passwd | sed -e 's,^\./,,'`; do ln -s /mnt/new/$X /$X; done
for X in `find usr/ -type d | sed -e 's,usr/,,'`; do mkdir -p /$X; done
for X in `find usr/ -type f | sed -e 's,usr/,,'`; do ln -s /mnt/new/usr/$X /$X; done
mv /etc/passwd /etc/passwd.old
ln -s /mnt/new/etc/passwd /etc/passwd
mkdir -p /var/log
touch /var/log/lastlog
chmod 0400 /var/log/lastlog
mkdir -p /var/lock/subsys
# /dev/urandom is needed to generate ssh keys
# you could also pack static keys in the above downloads just as well.
if [ ! -e /dev/urandom ]; then mknod /dev/urandom c 1 9; fi
# Root should have his own home directory
mkdir /root
# Start up the sshd server - which will generate keys and then start
# You could just bring in already configured keys just as well.
/etc/rc.d/init.d/sshd start
Here's the contents of packages.tgz
[riblack@box1 rh72-ssh]$ tar -tzvf packages.tgz
drwxr-xr-x riblack/ftpadmin 0 2003-05-23 18:32:17 ./
drwx------ riblack/ftpadmin 0 2003-05-23 18:28:49 ./etc/
drwxr-xr-x riblack/ftpadmin 0 2003-05-23 16:58:23 ./etc/ssh/
-rw------- riblack/ftpadmin 26287 2003-05-23 10:07:38 ./etc/ssh/primes
-rw-r--r-- riblack/ftpadmin 1073 2003-05-23 10:07:38 ./etc/ssh/ssh_config
-rw------- riblack/ftpadmin 1771 2003-05-23 10:07:38 ./etc/ssh/sshd_config
drwx------ riblack/ftpadmin 0 2003-05-23 16:58:23 ./etc/pam.d/
-rw------- riblack/ftpadmin 452 2003-05-23 10:07:38 ./etc/pam.d/sshd
drwx------ riblack/ftpadmin 0 2003-05-23 16:58:23 ./etc/rc.d/
drwx------ riblack/ftpadmin 0 2003-05-23 17:47:30 ./etc/rc.d/init.d/
-rwxr-xr-x riblack/ftpadmin 2424 2003-05-23 17:20:35 ./etc/rc.d/init.d/sshd
-rwxr-xr-x riblack/ftpadmin 10068 2002-07-14 01:39:59 ./etc/rc.d/init.d/functions
-rw-r--r-- riblack/ftpadmin 130 2003-05-23 18:28:34 ./etc/passwd
drwx------ riblack/ftpadmin 0 2003-05-23 16:58:23 ./usr/
drwx------ riblack/ftpadmin 0 2003-05-23 16:58:23 ./usr/bin/
-rwxr-xr-x riblack/ftpadmin 24940 2003-05-23 10:07:38 ./usr/bin/scp
-rwxr-xr-x riblack/ftpadmin 69196 2003-05-23 10:07:38 ./usr/bin/ssh-keygen
-rwxr-xr-x riblack/ftpadmin 41900 2003-05-23 10:07:38 ./usr/bin/sftp
lrwxrwxrwx riblack/ftpadmin 0 2003-05-23 17:05:14 ./usr/bin/slogin -> ssh
-rwxr-xr-x riblack/ftpadmin 209948 2003-05-23 10:07:37 ./usr/bin/ssh
-rwxr-xr-x riblack/ftpadmin 64588 2003-05-23 10:07:38 ./usr/bin/ssh-add
-rwxr-xr-x riblack/ftpadmin 39564 2003-05-23 10:07:38 ./usr/bin/ssh-agent
-rwxr-xr-x riblack/ftpadmin 34572 2003-05-23 10:07:38 ./usr/bin/ssh-keyscan
-rwxr-xr-x riblack/ftpadmin 14076 2001-08-14 14:47:06 ./usr/bin/fold
drwx------ riblack/ftpadmin 0 2003-05-23 16:58:23 ./usr/libexec/
drwxr-xr-x riblack/ftpadmin 0 2003-05-23 16:58:23 ./usr/libexec/openssh/
-rwxr-xr-x riblack/ftpadmin 23244 2003-05-23 10:07:38 ./usr/libexec/openssh/sftp-server
drwx------ riblack/ftpadmin 0 2003-05-23 16:59:07 ./usr/share/
drwx------ riblack/ftpadmin 0 2003-05-23 16:58:23 ./usr/sbin/
-rwxr-xr-x riblack/ftpadmin 237420 2003-05-23 10:07:38 ./usr/sbin/sshd
drwxr-xr-x riblack/ftpadmin 0 2003-05-23 18:24:29 ./sbin/
-rwxr-xr-x riblack/ftpadmin 502120 2003-05-23 12:21:03 ./sbin/initlog
-rwxr-xr-x riblack/ftpadmin 2944 2001-09-09 02:10:40 ./sbin/consoletype
lrwxrwxrwx riblack/ftpadmin 0 2003-05-23 18:24:25 ./sbin/pidof -> killall5
-rwxr-xr-x riblack/ftpadmin 8464 2001-08-28 21:30:58 ./sbin/killall5
-rwxr-xr-x riblack/ftpadmin 7564 2003-05-30 17:31:19 ./sbin/halt
-rwxr-xr-x riblack/ftpadmin 7564 2003-05-30 17:31:22 ./sbin/reboot
Note: I later added in "fold", "halt", and "reboot" and I have added their entries into the above listing. I needed fold to break lines at column 80. Halt and reboot were needed so I can reboot the system at any given time after the %pre section.
./sbin/initlog and ./sbin/sshd were both rebuilt. All other files were taken from a live RH72 system. And ./etc/rc.d/init.d/sshd was modified to remove any references to /usr, i.e. /usr/sbin becomes /sbin, I think there are only 3 such entries in the sshd start script:
rpm -ivh /var/ftp/pub/rh72/enigma-SRPMS-disc1.iso.dir/SRPMS/initscripts-6.40-1.src.rpm
Here's the changes I made to the SPEC file for initscripts, it's just 2 lines -- go
ahead and modify the SPEC file by hand (/usr/src/redhat/SPECS)
diff -Naur initscripts-6.40.SPECS.old/initscripts.spec initscripts-6.40.SPECS.new/initscripts.spec
--- initscripts-6.40.SPECS.old/initscripts.spec 2001-09-09 02:10:25.000000000 -0500
+++ initscripts-6.40.SPECS.new/initscripts.spec 2003-05-29 16:11:50.000000000 -0500
@@ -6,6 +6,7 @@
Release: 1
Source: initscripts-%{version}.tar.bz2
Patch0: initscripts-s390.patch
+Patch1: initscripts-Makefile.patch
BuildRoot: /%{_tmppath}/%{name}-%{version}-%{release}-root
Requires: mingetty, /bin/awk, /bin/sed, mktemp, e2fsprogs >= 1.15
Requires: procps >= 2.0.7-7, sysklogd >= 1.3.31
@@ -31,6 +32,7 @@
%ifarch s390 s390x
%patch0 -p1 -b .s390init
%endif
+%patch1 -p1 -b .Makefile
%build
make
Then drop the following patch into the /usr/src/redhat/SOURCES directory. For this
you should place the following contents in the SOURCES directory and be named:
intiscripts-Makefile.patch (so that it matches the above).
diff -Naur initscripts-6.40.old/Makefile initscripts-6.40.new/Makefile
--- initscripts-6.40.old/Makefile 2001-07-24 18:25:08.000000000 -0500
+++ initscripts-6.40.new/Makefile 2003-05-29 16:17:22.000000000 -0500
@@ -1,6 +1,7 @@
ROOT=/
SUPERUSER=root
SUPERGROUP=root
+LDFLAGS=-static
VERSION=$(shell awk '/Version:/ { print $$2 }' initscripts.spec)
CVSTAG = r$(subst .,-,$(VERSION))
diff -Naur initscripts-6.40.old/src/Makefile initscripts-6.40.new/src/Makefile
--- initscripts-6.40.old/src/Makefile 2001-06-20 16:16:44.000000000 -0500
+++ initscripts-6.40.new/src/Makefile 2003-05-29 16:17:10.000000000 -0500
@@ -1,4 +1,5 @@
CFLAGS+=$(RPM_OPT_FLAGS) -Wall -D_GNU_SOURCE
+LDFLAGS=-static
PROGS=usernetctl doexec netreport testd usleep ipcalc initlog minilogd \
getkey ppp-watch consoletype
Then give it a build (this is of course on an actual RH72 machine):
rpm -bb SPECS/initscripts.spec
When it completes successfully, then grab from the build directory the file called: initlog
Now rebuild the openssh-server without PAM:
rpm -ivh /var/ftp/pub/rh72/enigma-SRPMS-disc2.iso.dir/SRPMS/openssh-2.9p2-7.src.rpm
To the best of my knowledge, the following changes are the only ones I made in order to build the new SSHD without PAM:
Just apply the following changes by hand to the openssh.spec file
diff -Naur openssh-old/openssh.spec openssh-new/openssh.spec
--- openssh-old/openssh.spec 2001-09-06 08:12:42.000000000 -0500
+++ openssh-new/openssh.spec 2003-05-29 16:29:03.000000000 -0500
@@ -2,10 +2,10 @@
%define aversion 1.2.2
# Do we want to disable building of x11-askpass? (1=yes 0=no)
-%define no_x11_askpass 0
+%define no_x11_askpass 1
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
-%define no_gnome_askpass 0
+%define no_gnome_askpass 1
# Reserve options to override askpass settings with:
# rpm -ba|--rebuild --define 'skip_xxx 1'
@@ -189,7 +189,7 @@
%if %{rescue}
--without-pam --with-md5-passwords
%else
- --with-kerberos5=/usr/kerberos --with-pam
+ --with-kerberos5=/usr/kerberos --without-pam
%endif
make
Then build a new openssh:
rpm -bb SPECS/openssh.spec
Then grab sshd from the build directory and take it over to "packages.tgz"
Here's the contents of rh9-sshd.tgz
[riblack@box1 rh72-ssh]$ tar -tzvf rh9-sshd.tgz
drwxr-xr-x riblack/ftpadmin 0 2003-05-27 18:04:00 rh9/
lrwxrwxrwx riblack/ftpadmin 0 2003-05-27 17:53:07 rh9/libcrypto.so.2 -> libcrypto.so.0.9.6b
-rwxr-xr-x riblack/ftpadmin 990234 2002-08-06 13:34:57 rh9/libcrypto.so.0.9.6b
This libcrypto was accidentally taken from RH80 (any version should work RH72? RHL9?) and was not rebuilt, only taken as is.
Search this Site!:
Homepage: http://www.cpqlinux.com
Site Map: http://www.cpqlinux.com/sitemap.html