[ previous ] [ next ] [ threads ]
 From:  Peter Curran <peter at closeconsultants dot com>
 To:  "Fred Mol" <fredlist at xs4all dot nl>, m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Re: ssh module
 Date:  Fri, 16 Jul 2004 13:04:49 +0100
Hi All

> The main work has been to create a script that "upgrades" (not everybody
> will agree this is an upgrade :-)) a m0n0wall iso image with this module,
> sshd and related files and some executables (tcpdump, grep, vi, ...)
> that allows you to do something useful with that ssh access.
> The script does the following:
> - Unpacks the iso
> - Unpacks the mfsroot filesystem to a new, bigger, mfsroot filesystem
> - Updates mfsroot with sshd and other FreeBSD files
> - Creates an sshd_config file that's a copy of the default FreeBSD
> sshd_config with one modification: it has: PermitRootLogin yes
> - Generates ssh host key files, if not present yet (they are preserved
>   between runs of the script)
> - Creates the one-and-only-module-file: /etc/inc/ext/ssh/rc
> - Adds group sshd and login sshd to the m0nowall group and passwd databases
> - Creates a new iso image

Perhaps you could take a look at the script I did for the OpenVPN module and 
see how that differs from yours.  I would be very interested in creating a 
generic 'package manager' type approach to build a modified m0n0 image for 
any module.  If we do a good job, we may even be able to pursuade Manuel to 
put it into the standard distro so that it can be run from the CF, rather 
than having to modify the image directly.

Dinesh (I think it was) suggested a way of doing this a few days ago.

One big question on this SSH stuff is how big it is?  Are you basing it on 
OpenSSH (which ISTR is BIG) or an alternative.  There was mention of a small 
SSH implementation on the Soekris-tech list a few days ago?



This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.