Networked single-user recovery (Was: Re: Background fsck is
broken)
Andre Guibert de Bruet
andy at siliconlandmark.com
Wed Dec 15 21:40:33 PST 2004
On Wed, 15 Dec 2004, Matthias Andree wrote:
> On Wed, 15 Dec 2004, Andre Guibert de Bruet wrote:
>
>> You realize that you're advocating a statically linked sshd in /rescue,
>> right? :-)
>
> Dropbear is a smaller SSH implementation than the fully-fledged OpenSSH.
> Only tried it on Linux so far, and that was a year ago. It appears to
> ship with some SSL stuff built-in, and it doesn't need much besides a
> host-key (generator is in the dropbear package) and /dev/random or
> something.
Dropbear appears to be put together from many pieces, all of which seem to
carry a BSD-compatible license (IANAL etc etc). It is currently in ports
(security/dropbear) and the built, stripped binary appear to "only" be 53K
smaller than the OpenSSH one. Because an sshd is a network daemon,
security is of course a concern -- Is the 53K of saved space in /rescue
(But additional space somewhere else for the convert and key utilities)
worth the hassles of tracking upstream distributions of two seperate
sshds? I personally tend to think not, but I'm open for comments on this
one.
I get my numbers from the following:
bling# ls -l dropbear* | grep r-x
-rwxr-xr-x 1 root wheel 126688 Dec 16 00:21 dropbear
-rwxr-xr-x 1 root wheel 134060 Dec 16 00:21 dropbearconvert
-rwxr-xr-x 1 root wheel 134928 Dec 16 00:21 dropbearkey
bling# ls -l /usr/sbin/sshd
-r-xr-xr-x 1 root wheel 179952 Dec 9 20:24 /usr/sbin/sshd
>> I've always wanted a network recovery mode, and am currently looking into
>> implementing such a beast (For racks devoid of serial console muxers and
>> annoying jungles of kvm wires, for example).
>
> Or when there's insufficient documentation on how to get the LOM client
> to work under Linux/Solaris/*BSD...
I hear you loud and clear on this one!
Regards,
Andy
| Andre Guibert de Bruet | Enterprise Software Consultant >
| Silicon Landmark, LLC. | http://siliconlandmark.com/ >
More information about the freebsd-current
mailing list