how to run dropbear on a system with a R/O /dev?
Robert P. J. Day
rpjday at crashcourse.ca
Tue Dec 23 23:19:39 WST 2008
On Tue, 23 Dec 2008, Matt Johnston wrote:
> On Mon, Dec 22, 2008 at 10:51:26AM -0500, Robert P. J. Day wrote:
> > > We do have /dev/pts mounted, that may or may not make a
> > > difference (didn't check the code).
> >
> > i may do that at the earliest possible opportunity, but here's
> > what's happening. certainly, without mounting /dev/pts, i expect
> > a login failure since all of /dev is read-only.
> >
> > however, after i mount /dev/pts RW, i can see that i have two
> > char device files under there: /dev/pts[01]. and i've verified i
> > can change their permissions with "chmod". so that's a good sign
> > -- that the contents under /dev/pts are modifiable, at least to
> > that extent.
> >
> > however, when i try to ssh into that system from elsewhere and i
> > watch the destination system /var/log/messages, i can see that the
> > password authentication succeeds, after which i get an
> > authpriv.warn log message complaining about
> > syslogin_perform_logout: logout(pts/2) returned an error: No such
> > file or directory
>
> Devices in /dev/pts get "automatically" created by the
> openpty() call made by Dropbear - you don't create files
> there yourself.
here's the first issue. when i'm connecting to a system that has
its root FS mounted via NFS, i can connect one of two ways. if i
connect using busybox's telnetd running on the system, "tty" shows me
that telnetd uses one of the /dev/pts/ tty devices. if, however, i
connect to dropbear using "ssh", "tty" shows me that dropbear used one
of the /dev/ttyp? devices. what does this mean? that dropbear will
try to use one of those types, then the other if none are available?
or what?
i ask since you mentioned /dev/pts specifically above, but that's
not the device file that dropbear is using here. and that could make
a huge difference in what happens later.
rday
--
========================================================================
Robert P. J. Day
Linux Consulting, Training and Annoying Kernel Pedantry:
Have classroom, will lecture.
http://crashcourse.ca Waterloo, Ontario, CANADA
========================================================================
More information about the Dropbear
mailing list