how to run dropbear on a system with a R/O /dev?
Robert P. J. Day
rpjday at crashcourse.ca
Tue Dec 23 00:51:26 WST 2008
On Mon, 22 Dec 2008, Peter Korsgaard wrote:
> >>>>> "Robert" == Robert P J Day <rpjday at crashcourse.ca> writes:
>
> Hi,
>
> Robert> i suspect i already know the answer to this, but is there
> Robert> any way to run dropbear on a system whose /dev directory is
> Robert> part of a larger romfs?
>
> Yes, we do that all the time.
>
> Robert> ssh to such a system worked fine during development when
> Robert> the root filesystem was NFS mounted and, therefore, writable.
> Robert> but once that rootfs is flashed and is now mounted as a
> Robert> romfs, not surprisingly, dropbear can no longer accept
> Robert> incoming requests because (i'm guessing) while the
> Robert> appropriate /dev/ttyp[0-9] device files are there, dropbear
> Robert> has no ability to change their owner/perms, is that it?
> Robert> which generates the log error message:
>
> Strange - Is this as root or any other user? We normally only use root,
> but I'm pretty sure I have done it before as non-root.
>
> We do have /dev/pts mounted, that may or may not make a difference
> (didn't check the code).
i may do that at the earliest possible opportunity, but here's
what's happening. certainly, without mounting /dev/pts, i expect a
login failure since all of /dev is read-only.
however, after i mount /dev/pts RW, i can see that i have two char
device files under there: /dev/pts[01]. and i've verified i can
change their permissions with "chmod". so that's a good sign -- that
the contents under /dev/pts are modifiable, at least to that extent.
however, when i try to ssh into that system from elsewhere and i
watch the destination system /var/log/messages, i can see that the
password authentication succeeds, after which i get an authpriv.warn
log message complaining about syslogin_perform_logout: logout(pts/2)
returned an error: No such file or directory
well, that's not surprising since, after mounting /dev/pts, i have
only two /dev/pts device files: 0 and 1. and even as root, i don't
seem to have permission to create extras with "mknod". i tried to
create a corresponding /dev/pts/2 using busybox's mknod, and got
"Operation not permitted." in fact, if i "cd" to /dev/pts, i can't
even touch a regular file: "Permission denied".
do i need to mount /dev/pts with some special perms to allow new
files to be created? and am i on the right path, since it *seems*
that my attempts to ssh in are at least trying to do *something* with
/dev/pts/2, so i'm taking that as a good sign.
rday
--
========================================================================
Robert P. J. Day
Linux Consulting, Training and Annoying Kernel Pedantry:
Have classroom, will lecture.
http://crashcourse.ca Waterloo, Ontario, CANADA
========================================================================
More information about the Dropbear
mailing list