debian-knoppix Starting SSH and Samba with floppyconfig
From:
Chris Liechti <cliechti>
I recently ran into a little problem: i wanted to copy away data from a PC without screen and keyboard, but knoppix needs these two...
solution: make a bootfloppy with a knoppix.sh script on it that sets the passwords and starts the servers. so what you find here is the result of these efforts.
to use them, create a knoppix bootfloppy and copy these two on it. Optionaly use the "hostname", "password" and/or "ip" boot options (see comments in knoppix.sh for more information)
knopper: maybe are the "hostname" and "ip" kernel cmd line options also useful for the normal knoppix-autoconfigure? btw i did not see where the ip/nm/gw options are used in knoppix-terminalserver... they are assigned to variables but never used?!? "hostname" could be useful in case somebody wants to start several knoppix machines with servers (apache, samba, etc)
have fun
chris
##############Code below, edit wiki to copy&paste properly ################
DEFAULT vmlinuz
APPEND ramdisk_size=100000 init=/etc/init lang=ch apm=power-off hda=scsi hdb=scsi hdc=scsi hdd=scsi hde=scsi hdf=scsi hdg=scsi hdh=scsi vga=normal initrd=miniroot.gz nomce quiet BOOT_IMAGE=knoppix floppyconfig 2
TIMEOUT 50
PROMPT 1
DISPLAY boot.msg
F1 boot.msg
F2 f2
LABEL knoppix
KERNEL vmlinuz
APPEND ramdisk_size=100000 init=/etc/init lang=ch apm=power-off hda=scsi hdb=scsi hdc=scsi hdd=scsi hde=scsi hdf=scsi hdg=scsi hdh=scsi vga=normal initrd=miniroot.gz nomce quiet BOOT_IMAGE=knoppix floppyconfig 2
/bin/sh
- Start SSH and Samba servers.
#
- This script can be used on a floppy (bootsflopyp + floppyconfig) to start a
- server without touching the keyboard. The parameters can be given on the
- boot cmd line. The intention is that you can use this to rescue data from
- a PC over the network and that box does not even need to have a minitor or
- keyboard, just a Knoppix CD and this script on a floppy is used.
#
- Installation
- 1. Create a bootfloppy "cat /cdrom/KNOPPIX/boot.img >/dev/fd0" on Knoppix
- 2. Copy this file to te floppy, name must be "knoppix.sh"
- 3. Edit syslinux.cfg and append "floppyconfig 2" to all the "APPEND" lines.
- 4. Optionaly add "ip", "hostname" or "password" to the "APPEND" lines too
- 5. Try i out by booting this floppy with Knoppix CD in the CDROM
#
- Security advice
- The default passowrd is "secret". It should be overriden with the
- "password" option. but still then it's a default password. Default
- passwords are always bad... and insecure.
- The Knoppix home is exported read/write over Samba and the /mnt dir
- is accessible. Somebody with the password could fill the ramdisks or
- access the mounted partitions.
- Because of these limitations, you should not use this script on machines
- with internet connection. This script is intended for experienced users
- only.
#
- Samba is started for two reasons:
- - Easily copy files to a Windows or Linux machine.
- - Use "nmblookup Knoppix" to discover the machine from a remote computer,
- which is useful if the server started with DHCp and no monitor...
- And the host is found by Windows machines with the name "\\Knoppix".
#
- SSH is started so that one can login and mount drives, start NFS exports,
- whatever needed.
#
- Kernel command line parameters used:
- ip=x.x.x.x use static IP instead of DHCP, may also use "nodhcp"
- password=x use given password instead of "secret"
- hostname=x use given hostname instead of "Knoppix"
#
- Tips and tricks:
- - Start your VNC desktop with "vncserver -geometry 800x600". Don't start it
- as root but as knoppix user because of the ramdisks size.
- - Change syslinux.cfg on the bootfloppy so that it ony starts to textmode
- and make sure that it runs "floppyconfig". This means appending
- "floppyconfig 2" to the "APPEND" lines(s)
- - Always supply your own "password".
#
- DISCLAIMER
- THIS IS EXPERIMENTAL SOFTWARE. USE AT YOUR OWN RISK. THE AUTHORS CAN
- NOT BE HELD LIABLE UNDER ANY CIRCUMSTANCES FOR DAMAGE TO HARDWARE OR
- SOFTWARE, LOST DATA, OR OTHER DIRECT OR INDIRECT DAMAGE RESULTING FROM
- THE USE OF THIS SOFTWARE. IF YOU DO NOT AGREE TO THESE CONDITIONS, YOU
- ARE NOT PERMITTED TO USE OR FURTHER DISTRIBUTE THIS SOFTWARE.
#
- BSD license
- (C) 2003 Chris Liechti <cliechti@gmx.net>
"`id -u`" = "0" || { echo "You need root privileges to modify the system!" >&2 ; exit 1; }
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANSI COLORS
CRE="
[K"
NORMAL="[0;39m"
- RED: Failure or error message
RED="[1;31m"
- GREEN: Success message
GREEN="[1;32m"
- YELLOW: Descriptions
YELLOW="[1;33m"
- BLUE: System messages
BLUE="[1;34m"
- MAGENTA: Found devices or drivers
MAGENTA="[1;35m"
- CYAN: Questions
CYAN="[1;36m"
- BOLD WHITE: Hint
WHITE="[1;37m"
- get the kernel command line
CMDLINE="$(cat /proc/cmdline)"
- some functions borrowed from knoppix-autoconfig
stringinstring()
{
case "$2" in *$1*) return 0;; esac
return 1
}
getbootparam()
{
stringinstring "$1=" "$CMDLINE" || return 1
result="${CMDLINE##*$1=}"
result="${result%%[ ]*}"
echo "$result"
return 0
}
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- password should be supplied on kernel command line
PASSWORD="`getbootparam password`"
- if no password is given, do a stupid thing, use a default.. and print a warning
if -z "$PASSWORD"; then
echo "${RED}WARNING: Using default password \"secret\"!${NORMAL}"
echo "This is verry insecure. Use \"knoppix password=xx\" as boot parameter"
PASSWORD="secret"
fi
- change password
echo "knoppix:$PASSWORD" | chpasswd
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- check if ip number is given
IP="`getbootparam ip`"
- if ip is given, set up eth0 appropiately
-n "$IP" && ifconfig eth0 $IP
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- check if hostname number is given
NEW_HOSTANME="`getbootparam hostname`"
- if hostname is given use it
if -n "$NEW_HOSTANME"; then
hostname $NEW_HOSTANME
rm -f /etc/hostname /etc/mailname /etc/hosts
echo "$NEW_HOSTANME" >/etc/hostname
echo "$NEW_HOSTANME" >/etc/mailname
cat /KNOPPIX/etc/hosts|sed s/Knoppix/$NEW_HOSTANME/ >/etc/hosts
fi
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- configure samba
- passwords must be a file, not a link
rm -f /etc/samba/smbpasswd
cp -a /KNOPPIX/etc/samba/smbpasswd /etc/samba/smbpasswd
- set password for user knoppix
echo -e "$PASSWORD\n$PASSWORD"|smbpasswd -a knoppix -s
- update samba config, make home writeable
rm -f /etc/samba/smb.conf
cat /KNOPPIX/etc/samba/smb.conf|sed "s/read only = yes/read only = no/" >/etc/samba/smb.conf
- make mounts accessible, but the partitions need to be mounted maually...
ln -s /mnt /home/knoppix/mnt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Start servers
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- echo "${BLUE}Starting SSH and Samba server...${NORMAL}"
/etc/init.d/ssh start
/etc/init.d/samba start
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- display short info with ip numbers of this machine
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
echo "${BLUE}Server listening on:${GREEN}"
/sbin/ifconfig|grep inet|cut -d " " -f 12
echo "${NORMAL}"
echo "${BLUE}Hostname is: ${GREEN}$('hostname')${NORMAL}"
- two beeps for those w/o monitor
echo -ne "\007" >/dev/tty1 ; usleep 200000
echo -ne "\007" >/dev/tty1