编辑sshd_config文件的Debian Preseed late_command方式是什么?

huangapple go评论82阅读模式
英文:

how to edit sshd_config Debian Preseed late_command

问题

在自动化 Debian 12 安装的最后,我想运行以下命令:

d-i preseed/late_command string \
  in-target sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config; \
  in-target sed -i 's/#Port 22/Port 22/' /etc/ssh/sshd_config; \
  in-target systemctl restart ssh; \
  in-target ip a;

这个想法是在 Debian 安装后立即自动允许通过 SSH 登录 root 帐户。用例是通过 SSH 登录以完成产品安装。

从查看 BusyBox 控制台的情况来看,我猜想我可能需要挂载正确的分区或者执行某些命令以使这个命令生效。但当前安装完成后根本没有运行这个 late_command 命令,不确定是不是因为下面的命令导致的:

d-i debian-installer/exit/reboot boolean false

老实说,我看过其他关于这个问题的帖子,但它们没有真正回答我的问题,至少没有以我能理解的方式,因为我在这方面有点超出了我的专业领域。

如果我在控制台中直接运行这个命令,我会得到以下提示:dpkg-divert: warning diverting file '/sbin/start-stop-damon' from an Essential package with name is dangerous, use --no-rename。

如果需要进一步的帮助,请告诉我。

英文:

at the end of a automated debian 12 install I'd like to run the following:

d-i preseed/late_command string \
  in-target sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config; \
  in-target sed -i 's/#Port 22/Port 22/' /etc/ssh/sshd_config; \
  in-target systemctl restart ssh; \
  in-target ip a;

The Idea is to automatically allow a root login via ssh immediately after the debian installation. The use case is a service sshs in to complete the product installation.

from looking at the busybox console I'm guessing that I'd need to mnt the right partition or something for this command to work. But currently the installation completes without running the late command at all not sure if

d-i debian-installer/exit/reboot boolean false

is causing that.

Honestly I have seen other threads on this issue but they didn't really answer my question at least in a way I could understand as I'm working a bit outside my lane here.

if I run the command directly in the console I'll get: dpkg-divert: warning diverting file '/sbin/start-stop-damon' from an Essential package with name is dangerous, use --no-rename

any tips apperciated

答案1

得分: 0

我无法使 in-target 助手对我起作用,但我在使用 chroot 方面取得了一些成功。

另外,看起来 systemd 拒绝在此运行;它会抱怨 "Systemd has not been booted with systemd as init system (PID 1). Can't operate." 好消息是 service 命令可以正常工作。

另外一件事,我很确定你可以使用 d-i openssh-server/permit-root-login boolean true 来启用 root 登录,但我甚至建议创建另一个用户(如果你不为 root 设置密码,这个用户将拥有 sudo,但我认为你需要安装 sudo)。通过这样做,它将帮助你避免执行 sed 命令(Port 22 部分应该也不需要)。

再说一件事,我发现目标环境缺少一些挂载点(也许期望 in-target 来挂载它们),你需要挂载 /proc、/dev 和 /dev/pts,但这相当容易。

以下是我认为你可以这样做的方式(留下 sed 命令以防万一,我没有测试过,我有另一个用户):

d-i preseed/late_command string \
  chroot /target sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config; \
  chroot /target sed -i 's/#Port 22/Port 22/' /etc/ssh/sshd_config; \
  mount --bind /dev /target/dev; \
  mount --bind /dev/pts /target/dev/pts; \
  mount --bind /proc /target/proc; \
  chroot /target service ssh start; \
  ip a; # this last one doesn't require chroot

希望对你有所帮助。

英文:

I haven't been able to make the in-target helper work for me, but I've been having some success with chroot.

Also, it seems like systemd will refuse to run from here; it will complain with "Systemd has not been booted with systemd as init system (PID 1). Can't operate." The good news is that the service command does work.

On another note, I'm pretty sure you could use d-i openssh-server/permit-root-login boolean true to enable the root login, but I'd even suggest creating another user instead (if you don't put a password for root, this user will have sudo, but I think you'll need to install sudo.) By doing this, it'll save you from doing the sed lines (the Port 22 part shouldn't be required either.)

Yet another note, I found that the target environment is missing some mounts (maybe the in-target is expected to mount those,) you'll need to mount /proc, /dev and /dev/pts, but it's fairly easy.

Here's how I think you could do it (leaving the seds just in case, I didn't test that, I have another user):

d-i preseed/late_command string \
  chroot /target sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config; \
  chroot /target sed -i 's/#Port 22/Port 22/' /etc/ssh/sshd_config; \
  mount --bind /dev /target/dev; \
  mount --bind /dev/pts /target/dev/pts; \
  mount --bind /proc /target/proc; \
  chroot /target service ssh start; \
  ip a; # this last one doesn't require chroot

I hope it helps.

huangapple
  • 本文由 发表于 2023年7月3日 05:23:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/76600856.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定