December 2, 2009, 1:28 pm
How to enable sshd from the FreeBSD 8 install’s fixit environemnt?
So there are lots of documents out there on how to do something in fixit and some times (most the time) those are long drawn out processes with a lot of typing.
What if you could copy and paste? Well, you can’t. But you could if you could ssh in right.
So lets boot to the FreeBSD 8 Installation DVD and see if we can enable sshd.
I just got it to work so let me document my steps:
- Run
ifconfig
to find what ethernet controller you have. Mine was em0
.
fixit# ifconfig
- Now assign an IP address. Make sure to find an open IP Address that is not already in use.
fixit# ifconfig em0 inet 192.168.0.25 netmask 255.255.255.0
That is it for configuring your IP address. You may be asking yourself, what about the DNS server and the default route? Well, you only need those if you are connecting from a different subnet and since you are booted to a fixit environment, I assume you are on the same subnet. Just in case you aren’t, you can enable DNS and give yourself a default route with these commands:
fixit#
fixit# |
echo nameserver 192.168.0.1 > /etc/resolv.conf
route add default 192.168.0.1 |
- Create the directory where the default sshd configuration and keys are stored.
fixit# mkdir /etc/ssh
- Copy the sshd_config to this directory.
fixit# cp /dist/etc/ssh/sshd_config /etc/ssh
- Change the configuration file to allow root logins.
fixit# echo PermitRootLogin yes >> /etc/ssh/sshd_config
- Create the rsa1, rsa, and dsa keys.
fixit#
fixit#
fixit# |
ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ”
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ”
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ” |
- Make sure that root can find a shell.
fixit# ln -s /mnt2/bin/csh /bin/csh
- Make sure root has a home directory.
fixit# mkdir /root
- Start the
sshd
daemon.
fixit# /mnt2/usr/sbin/sshd
- Prepare the environment for login. We probably want similar environment variables, because the defaults won’t work, since most our binary files are in subdirectories of /mnt2.
fixit#
fixit#
fixit# |
env > /root/env
echo ‘setenv ENV $HOME/env’ > /root/.cshrc
echo sh >> /root/.cshrc |
- Now try to connect using ssh and the root user. There should be no password requested. If you need a windows ssh client, use PuTTY.Note: There may be some errors on setting the environment variables when you log in but they aren’t going to hurt anything and the ones you need should work.
Well, that was a lot easier than I thought it would be. Only took me a short time to figure out.
Hopefully if you search any search engine for this term, you will find this post:
freebsd fixit sshd
Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.
December 2, 2009, 12:30 pm
How to configure ssh to allow certificate authentication to FreeBSD?
So supposedly you can configure SSH so that you can connect without having to type in a user name and password, but instead authenticate with a certificate. Lets see if we can set this up..
Questions
- Do I need to modify the /etc/sshd_config?
No.
Here is what I had to do…
- Install FreeBSD and when prompted to enable SSH choose yes.
How do I install FreeBSD?
Ok, now you have a FreeBSD server.
I had problems creating the key using PuTTYgen, (see this post) so I am going to create the keys on the server.
- Log in as a non-root user.
- Create the RSA keys with this command: (You can use dsa keys by replacing any instance of rsa with dsa.)
ssh-keygen -t rsa
Accept the default file locations and hit enter.
In your home folder you now have two files:
.ssh/id_rsa
.ssh/id_rsa.pub
- Add the public key to the .ssh/authorized_keys file.
cat .ssh/id_rsa.pub >> .ssh/authorized_keys
You can delete the public key, .ssh/id_rsa.pub, now if you want from the FreeBSD server as it is stored in the .ssh/authorized_keys file.
- From the workstation that you want to connect to this machine with, use an sftp tool to copy the private key, the .ssh/id_rsa file, to the local workstation.
Example 1 -If you are on windows, you could use WinSCP to connect to the FreeBSD server. Then you can use the key to connect. If you are using PuTTY, then also use PuTTYgen to load the key and save it in PuTTY’s format.
Example 2 – If you are on another FreeBSD server or workstation, then copy the private key to the .ssh directory (with the same name id_rsa) for the user you want to automatically connect.
Now you are done.
If you have questions, this blog helped me a lot: How to set up SSH keys: Frustration with “Server refused our key”
Just SSH in and you will not be prompted.
Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.
November 24, 2009, 5:33 pm
Hey this was really easy. Really, it is just a matter of aliasing your ls
commands. However, it is only really easy if you know how to do it. When you forget, it is annoying. So here is another post to store the info I once knew but forgot and had to learn again.
Using sh
, the default shell
- Edit your .shrc file in your home folder:
# ee /usr/home/username/.shrc
- Add/Change the alias commands as follows:
alias ls=’ls -G’
alias ll=’ls -laFoG’
alias l=’ls -lG’
The first one I added, the second two I only added the -G parameter to the already existing aliases for ls
.
- Save and close the file.
- Logout and login and your shell should have colors when you use
ls
.
Using bash
- Edit your .shrc file in your home folder:
# ee /usr/home/username/.shrc
- Add/Change the alias commands as follows:
alias ls=’ls -G’
alias ll=’ls -laFoG’
alias l=’ls -lG’
The first one I added, the second two I only added the -G parameter to the already existing aliases for ls
.
- Save and close the file.
- Copy the .profile file to .bash_profile.
# cp /usr/home/username/.profile /usr/home/username/.bash_profile
- Edit the .bash_profile and add the following:
# Source the .shrc
source .shrc
- Logout and login and your bash shell should have colors when you use
ls
.
Using csh
, the default shell for root
- As root, edit your .cshrc file in either your home folder or in the home folder for root:
Your home folder:
# ee /usr/home/username/.cshrc
Home folder for root:
# ee /root/.cshrc
- Add/Change the alias commands as follows: (The syntax is slightly different than for sh or bash)
alias ls ls -G
alias la ls -aG
alias lf ls -FAG
alias ll ls -lAG
The first one I added, the others I only added the -G parameter to the already existing aliases for ls
.
- Save and close the file.
- Logout and login and your shell should have colors when you use
ls
.
bash
and sh
for all users
- Edit your .shrc file in your home folder:
# ee /usr/home/username/.shrc
- Add/Change the alias commands as follows:
alias ls=’ls -G’
alias ll=’ls -laFoG’
alias l=’ls -lG’
The first one I added, the second two I only added the -G parameter to the already existing aliases for ls
.
- Save and close the file.
- Cat this file to
/etc/profile
.
# cat /usr/home/username/.shrc > /etc/profile
- Logout and login and your shell should have colors when you use
ls
.
csh
for all users
- As root, edit your .cshrc file in either your home folder or in the home folder for root:
Your home folder:
# ee /usr/home/username/.cshrc
Home folder for root:
# ee /root/.cshrc
- Add/Change the alias commands as follows: (The syntax is slightly different than for sh or bash)
alias ls ls -G
alias la ls -aG
alias lf ls -FAG
alias ll ls -lAG
The first one I added, the others I only added the -G parameter to the already existing aliases for ls
.
- Save and close the file.
- Cat this file to
/etc/csh.cshrc
.
# cat /usr/home/username/.cshrc > /etc/csh.cshrc
- Logout and login and your shell should have colors when you use
ls
.
Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.