SSH-enabled installation CD
From Gentoo Linux Wiki
Contents |
[edit] Introduction
This article will explain how you can modify Gentoo installation CD to accept ssh connections with public key authentication straight from boot. Modified CD could be used to install Gentoo without keyboard and display.
[edit] Requirements
- A running Gentoo Linux system
- app-cdr/cdrtools
- sys-fs/squashfs-tools
[edit] Install tools
Install required tools unless already installed.
emerge cdrtools squashfs-tools
[edit] Download CD
Get CD from nearest mirror. Mirrors
cd ~/download wget <<YOUR FAVORITE MIRROR>>/gentoo/releases/x86/current/installcd/install-x86-minimal-2008.0.iso
[edit] Unpack ISO and squashfs image
Unpack CD image and copy files to temporary directory.
modprobe loop mount -t iso9660 -o loop ~/download/install-x86-minimal-2006.1.iso /mnt/cdrom mkdir ~/bootcd cp -a /mnt/cdrom/* ~/bootcd umount /mnt/cdrom
Unpack squashfs image.
cd ~/bootcd unsquashfs image.squashfs mv ./squashfs-root ~/squashroot
Or alternative way to unpack squashfs image.
modprobe squashfs mount -t squashfs -o loop ~/bootcd/image.squashfs /mnt/cdrom mkdir ~/squashroot cp -a /mnt/cdrom/* ~/squashroot/ umount /mnt/cdrom
[edit] Generate SSHD keys
Follow Gentoo Linux Keychain Guide to generate public and private key pair. You can also generate SSHD host keys if you don't want new keys to be generated on every boot. Generate SSH Keys
/usr/bin/ssh-keygen -t rsa1 -b 1024 -f ~/squashroot/etc/ssh/ssh_host_key -N '' /usr/bin/ssh-keygen -d -f ~/squashroot/etc/ssh/ssh_host_dsa_key -N '' /usr/bin/ssh-keygen -t rsa -f ~/squashroot/etc/ssh/ssh_host_rsa_key -N ''
[edit] Modifications to enable SSHD with public key authentication
Copy keys and enable SSHD:
mkdir ~/squashroot/root/.ssh cp ~/.ssh/authorized_keys ~/squashroot/root/.ssh/ sed -i 's/^SSHD="no"/SSHD="yes"/' ~/squashroot/etc/init.d/autoconfig
[edit] Setting your own root password and disable new password generation
If you want to login directly from ssh you need your own root password since it's quite hard guessing the random generated one.
Remove the random password generator and set password:
sed -i 's/^PASSWD="yes"/PASSWD="no"\nPASSWORD="secret"/' ~/squashroot/etc/init.d/autoconfig
[edit] Disable IPv6
This might be needed after 2007.0 to get IPv4 address from DHCP-Server.
sed -i 's/# alias net-pf-10 off/alias net-pf-10 off/' ~/squashroot/etc/modprobe.d/aliases
[edit] Repack squashfs and iso
Remove old squashfs image, pack new image and make iso.
rm ~/bootcd/image.squashfs mksquashfs ~/squashroot/ ~/bootcd/image.squashfs mkisofs -R -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -iso-level 4 -hide-rr-moved -c isolinux/boot.cat -o livecd.iso ~/bootcd/
Some architectures use Grub boot loader:
mkisofs -R -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 4 -boot-info-table -iso-level 4 -hide-rr-moved -c boot/boot.cat -o livecd.iso ~/bootcd/
