how to run dropbear on a system with a R/O /dev?

Robert P. J. Day rpjday at crashcourse.ca
Tue Dec 23 00:51:26 WST 2008 

On Mon, 22 Dec 2008, Peter Korsgaard wrote:

> >>>>> "Robert" == Robert P J Day <rpjday at crashcourse.ca> writes:
>
> Hi,
>
>  Robert>   i suspect i already know the answer to this, but is there
>  Robert> any way to run dropbear on a system whose /dev directory is
>  Robert> part of a larger romfs?
>
> Yes, we do that all the time.
>
>  Robert>   ssh to such a system worked fine during development when
>  Robert> the root filesystem was NFS mounted and, therefore, writable.
>  Robert> but once that rootfs is flashed and is now mounted as a
>  Robert> romfs, not surprisingly, dropbear can no longer accept
>  Robert> incoming requests because (i'm guessing) while the
>  Robert> appropriate /dev/ttyp[0-9] device files are there, dropbear
>  Robert> has no ability to change their owner/perms, is that it?
>  Robert> which generates the log error message:
>
> Strange - Is this as root or any other user? We normally only use root,
> but I'm pretty sure I have done it before as non-root.
>
> We do have /dev/pts mounted, that may or may not make a difference
> (didn't check the code).

  i may do that at the earliest possible opportunity, but here's
what's happening.  certainly, without mounting /dev/pts, i expect a
login failure since all of /dev is read-only.

  however, after i mount /dev/pts RW, i can see that i have two char
device files under there:  /dev/pts[01].  and i've verified i can
change their permissions with "chmod".  so that's a good sign -- that
the contents under /dev/pts are modifiable, at least to that extent.

  however, when i try to ssh into that system from elsewhere and i
watch the destination system /var/log/messages, i can see that the
password authentication succeeds, after which i get an authpriv.warn
log message complaining about syslogin_perform_logout: logout(pts/2)
returned an error: No such file or directory

  well, that's not surprising since, after mounting /dev/pts, i have
only two /dev/pts device files: 0 and 1.  and even as root, i don't
seem to have permission to create extras with "mknod".  i tried to
create a corresponding /dev/pts/2 using busybox's mknod, and got
"Operation not permitted."  in fact, if i "cd" to /dev/pts, i can't
even touch a regular file:  "Permission denied".

  do i need to mount /dev/pts with some special perms to allow new
files to be created?  and am i on the right path, since it *seems*
that my attempts to ssh in are at least trying to do *something* with
/dev/pts/2, so i'm taking that as a good sign.

rday
--



========================================================================
Robert P. J. Day
Linux Consulting, Training and Annoying Kernel Pedantry:
    Have classroom, will lecture.

http://crashcourse.ca                          Waterloo, Ontario, CANADA
========================================================================

More information about the Dropbear mailing list