Re: Booting NSLU2 without using the serial port

[Donald T Hayford <don%donhayford.com@localhost>]

Hubert Feyrer wrote:
> To login as root via ssh, you have to set "PermitRootLogin yes" in 
> /etc/ssh/sshd_config. For the password, just clear the second field in 
> .../nfsroot/etc/master.passwd and .../nfsroot/etc/passwd. If that's 
> not enough, rm the {s,}pwd.db files in there. The log in, and set a 
> root password - that will rebuild the {s,}pwd.db files.
>
> You can also try using pwd_mkdb(8), which may work as well.
>
> When you're logged in as root and have set your new root password, do 
> create a normal user account with useradd(8), give it a password. Add 
> the normal user account to the "wheel" group in /etc/group, then make 
> sure you can login as the user and use su(1) to switch to root. After 
> that, disable root logins again.
>
> BTW, if someone would come up with a full install doc for the NSLU, 
> that'd be very much appreciated!
>
>
>  - Hubert
Success at last:

$ telnet slug1
Trying 192.168.1.240...
Connected to slug1.
Escape character is '^]'.

NetBSD/evbarm (slug1) (ttyp0)

login: root
Last login: Sat Feb 16 18:10:54 2008 from nfsserver on ttyp0
Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
   2006, 2007, 2008
   The NetBSD Foundation, Inc.  All rights reserved.
Copyright (c) 1982, 1986, 1989, 1991, 1993
   The Regents of the University of California.  All rights reserved.

NetBSD 4.99.54 (NSLU2-nfs) #0: Fri Feb 15 23:04:29 EST 2008

Welcome to NetBSD!
<...snip...>
Terminal type is xterm.                                                
We recommend creating a non-root account and using su(1) for root access.
slug1#
<...snip...>

I generally followed the build procedure described in 
<http://mail-index.netbsd.org/port-arm/2008/02/14/msg000060.html>.
I used <http://www.netbsd.org/docs/network/netboot/index.html> & 
<http://www.netbsd.org/docs/network/netboot/files.nocons.html> to setup 
the nfs file system (host export file, client root and swap, client etc 
files and the like).  I then followed Hubert's advice above.  Still not 
quite.  But after some serious googling, it finally worked.  I think 
everything one needs is contained in the three links above and the info 
below.

Here is a (long) diff between the orig /etc directory (which I copied to 
/orig.etc before I started mucking around) and the one that finally let 
me telnet in as root.  I added some line feeds to make it more 
readable.  Probably a few of the changes are unnecessary - when I get 
more time, I'll trim this down to the bare essentials.
$ diff -u -r /orig.etc /etc

Only in etc: fstab

diff -r -u etc/group orig.etc/group
--- etc/group    2008-02-16 11:57:19.000000000 -0500
+++ orig.etc/group    2008-02-16 10:29:34.000000000 -0500
@@ -1,4 +1,4 @@
-wheel:*:0:root,tempuser
+wheel:*:0:root
daemon:*:1:daemon
kmem:*:2:root
sys:*:3:root

diff -r -u etc/hosts orig.etc/hosts
--- etc/hosts    2008-02-16 10:37:56.000000000 -0500
+++ orig.etc/hosts    2008-02-16 10:29:34.000000000 -0500
@@ -14,6 +14,3 @@
# 10.0.0.0    10.255.255.255
# 172.16.0.0    172.31.255.255
# 192.168.0.0    192.168.255.255
-192.168.1.102    nfsserver
-192.168.1.240    slug1
-

Only in etc: ifconfig.npe0

diff -r -u etc/inetd.conf orig.etc/inetd.conf
--- etc/inetd.conf    2008-02-16 12:17:17.000000000 -0500
+++ orig.etc/inetd.conf    2008-02-16 10:29:34.000000000 -0500
@@ -8,8 +8,8 @@
#http        stream    tcp6    nowait:600    _httpd    
/usr/libexec/httpd    httpd /var/www
#ftp        stream    tcp    nowait    root    /usr/libexec/ftpd    
ftpd -ll
#ftp        stream    tcp6    nowait    root    /usr/libexec/ftpd    
ftpd -ll
-telnet        stream    tcp    nowait    root    
/usr/libexec/telnetd    telnetd
-telnet        stream    tcp6    nowait    root    
/usr/libexec/telnetd    telnetd
+#telnet        stream    tcp    nowait    root    
/usr/libexec/telnetd    telnetd -a valid
+#telnet        stream    tcp6    nowait    root    
/usr/libexec/telnetd    telnetd -a valid
#shell        stream    tcp    nowait    root    /usr/libexec/rshd    
rshd -L
#shell        stream    tcp6    nowait    root    /usr/libexec/rshd    
rshd -L
#login        stream    tcp    nowait    root    
/usr/libexec/rlogind    rlogind -L

Only in etc/mail: aliases.db

diff -r -u etc/master.passwd orig.etc/master.passwd
--- etc/master.passwd    2008-02-16 11:56:54.000000000 -0500
+++ orig.etc/master.passwd    2008-02-16 10:29:34.000000000 -0500
@@ -16,4 +16,3 @@
_httpd:*:24:24::0:0:& pseudo-user:/var/www:/sbin/nologin
uucp:*:66:1::0:0:UNIX-to-UNIX Copy:/nonexistent:/sbin/nologin
nobody:*:32767:39::0:0:Unprivileged user:/nonexistent:/sbin/nologin
-tempuser::1000:100::0:0:Temporary:/home/tempuser:/bin/csh

diff -r -u etc/motd orig.etc/motd
--- etc/motd    2008-02-16 11:00:40.000000000 -0500
+++ orig.etc/motd    2008-02-16 10:29:34.000000000 -0500
@@ -1,4 +1,4 @@
-NetBSD 4.99.54 (NSLU2-nfs) #0: Fri Feb 15 23:04:29 EST 2008
+NetBSD ?.? (UNKNOWN)

Welcome to NetBSD!

Only in etc: orig.pwd.db
Only in etc: orig.spwd.db

diff -r -u etc/passwd orig.etc/passwd
--- etc/passwd    2008-02-16 13:10:17.000000000 -0500
+++ orig.etc/passwd    2008-02-16 10:29:34.000000000 -0500
@@ -16,4 +16,3 @@
_httpd:*:24:24:& pseudo-user:/var/www:/sbin/nologin
uucp:*:66:1:UNIX-to-UNIX Copy:/nonexistent:/sbin/nologin
nobody:*:32767:39:Unprivileged user:/nonexistent:/sbin/nologin
-tempuser:*:1000:100:Temporary:/home/tempuser:/bin/csh

Binary files etc/pwd.db and orig.etc/pwd.db differ

diff -r -u etc/rc.conf orig.etc/rc.conf
--- etc/rc.conf    2008-02-16 10:37:10.000000000 -0500
+++ orig.etc/rc.conf    2008-02-16 10:29:34.000000000 -0500
@@ -15,14 +15,7 @@

# If this is not set to YES, the system will drop into single-user mode.
#
-rc_configured=YES
+rc_configured=NO

# Add local overrides below
#
-sshd=YES
-hostname="slug1"
-defaultroute="192.168.1.1"
-nfs_client=YES
-auto_ifconfig=NO
-net_interfaces=""
-

diff -r -u etc/rc.local orig.etc/rc.local
--- etc/rc.local    2008-02-16 12:30:55.000000000 -0500
+++ orig.etc/rc.local    2008-02-16 10:29:34.000000000 -0500
@@ -19,5 +19,4 @@
#    /usr/pkg/etc/rc.d/apache start
#fi

-/usr/sbin/pwd_mkdb -p /etc/master.passwd
echo '.'

Binary files etc/spwd.db and orig.etc/spwd.db differ

diff -r -u etc/ssh/sshd_config orig.etc/ssh/sshd_config
--- etc/ssh/sshd_config    2008-02-16 12:42:15.000000000 -0500
+++ orig.etc/ssh/sshd_config    2008-02-16 10:29:34.000000000 -0500
@@ -38,7 +38,7 @@

# Slow machines or long keys may require more processing time.
LoginGraceTime 600
-PermitRootLogin yes
+#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

@@ -57,8 +57,8 @@
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no
-PermitEmptyPasswords yes
+#PasswordAuthentication yes
+#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
Only in etc/ssh: ssh_host_dsa_key
Only in etc/ssh: ssh_host_dsa_key.pub
Only in etc/ssh: ssh_host_key
Only in etc/ssh: ssh_host_key.pub
Only in etc/ssh: ssh_host_rsa_key
Only in etc/ssh: ssh_host_rsa_key.pub

diff -r -u etc/ttys orig.etc/ttys
--- etc/ttys    2008-02-16 13:09:22.000000000 -0500
+++ orig.etc/ttys    2008-02-16 10:29:34.000000000 -0500
@@ -5,12 +5,11 @@
# name    getty                type    status        comments
#
console    "/usr/libexec/getty default"    vt100    on secure
-ttyp0    "/usr/libexec/getty default"    vt100    off secure
ttyE0    "/usr/libexec/getty Pc"        vt220    off secure
ttyE1    "/usr/libexec/getty Pc"        vt220    off secure
ttyE2    "/usr/libexec/getty Pc"        vt220    off secure
ttyE3    "/usr/libexec/getty Pc"        vt220    off secure
-tty00    "/usr/libexec/getty default"    vt100    off secure
+tty00    "/usr/libexec/getty default"    unknown off secure
tty01    "/usr/libexec/getty default"    unknown off secure
tty02    "/usr/libexec/getty default"    unknown off secure
tty03    "/usr/libexec/getty default"    unknown off secure

Thanks all for your help, Don