Tiny Core Linux

Tiny Core Base => Raspberry Pi => Topic started by: Pengo on January 12, 2016, 06:16:03 AM

Title: edit ssh_config and sshd_config
Post by: Pengo on January 12, 2016, 06:16:03 AM

Hi,

First of all big thumbs up for piCore 7rc2; it's working fine  (except for the already covered openssl update issue).

I am running 7rc2 as a mini server, serving 3 websites on 3 different ipaddresses / interfaces. All working absolutely fine!!

For administration purposes I want to restrict ssh logins to one of these ip addfresses (thus make the ListenAddress specific in sshd_config)

I see however that the /usr/local/etc/ssh/sshd_config is not editable.
Now my question; What is the cleanest way to solve this issue and be able to change the sshd_config?

Kind regards,
Pengo

Title: Re: edit ssh_config and sshd_config
Post by: patrikg on January 12, 2016, 07:07:29 AM

Have you tried sudo ?
And not to forget to add this files into your backup files list file.

Title: Re: edit ssh_config and sshd_config
Post by: Juanito on January 12, 2016, 07:11:49 AM

You can create a (or add to an existing) start-up script in the extension that looks something like this:

Code: [Select]

#!/bin/sh

if [ ! -d /usr/local/etc/app_name ]; then
  mkdir -p /usr/local/etc/app_name
fi

if [ ! -f /usr/local/etc/app_name/app.conf ]; then
  cp -p /usr/local/share/app_name/files/app.conf /usr/local/etc/app_name
fi

Where app.conf is the default config file for the app.

Title: Re: edit ssh_config and sshd_config
Post by: Pengo on January 12, 2016, 07:17:21 AM

Hi patrikg,

Thanks for your reply.

Indeed i tried sudo and also added to to list of files to backup.
But the sshd_config is not editable (it's a link to a file in /tmp/tcloop/openssh/usr/local/etc/ssh/sshd_config  ; hence coming from the openssh extension and I guess therefor not editable?).

I saw a reply from Juanito in the meantime; will try that one later...  (which also seems to be advised in the corebook)

Next to that (now that I think of it) I can also call sshd with commandline overides (-o ListenAddress-x.x.x.x -o port=yyyy)

Pengo

Title: Re: edit ssh_config and sshd_config
Post by: Misalf on January 12, 2016, 07:44:23 AM

sudo cp  from the extensions mount point to the actual directory, overwriting the symlink with the real file, then edit and backup.

Title: Re: edit ssh_config and sshd_config
Post by: Juanito on January 12, 2016, 07:46:45 AM

This will only work until the next reboot when the extension will overwrite the backup - hence the start-up script above.

Title: Re: edit ssh_config and sshd_config
Post by: Pengo on January 12, 2016, 08:01:18 AM

for now i changed /opt/bootlocal.sh to call sshd like this:

/usr/local/sbin/sshd -o ListenAddress=x.x.x.x -o port=yyy

after backup; reboot; this seems to work 
It's not the cleanest solution; that one came from Juanito but fit for purpose for now.

Thanks to all people who replied!

Kind regards,
Pengo

Title: Re: edit ssh_config and sshd_config
Post by: Misalf on January 12, 2016, 08:17:00 AM

Glad you got it working.

Quote from: Juanito on January 12, 2016, 07:46:45 AM

This will only work until the next reboot when the extension will overwrite the backup - hence the start-up script above.

That confuses me. Isn't the opposite is true? Extensions don't replace files (apart from their startup scripts possibly, but they should as well only  [ ! -f ... ] && cp ... ) and restoration of the backup is done after extension loading.

Title: Re: edit ssh_config and sshd_config
Post by: Juanito on January 12, 2016, 11:51:44 PM

I wasn't thinking of extensions loaded on boot, but those loaded at some random point later  :)