Ssh server in initrd

Is there any way to start a ssh server inside initrd??

In theory, yes, but I lack the expertise to give much advice. The initrd size matters, and likely you’d need a statically linked server. There is a lot going on in ssh, so I suspect it would not be easy.

i statically built a dropbear server but i am getting a login error…“Login attempt from non existent user”.

Does your initrd contain the user login content from “/etc”? In general, default initrd content is just for booting and then pivot root to the main rootfs. No login content would normally exist until the pivot root. I am guessing you would need not only the following files in the initrd, but also various programs which use this (e.g., PAM):

gshadow  gshadow-
passwd  passwd-
shadow  shadow-
group  group-

So basically you’d need to manually figure out and add support for user login before an ssh front end to a login could work.

Almost forgot: You would also need that user’s home directory or login location.

I added those files but still showing the same error…

Can you please list down the programs which uses user?

That’s something I can’t answer, the topic is quite broad. However, I can give you a tool to investigate with (but I fear the answer will be daunting since the programs listed in packages are not statically linked in most cases).

You can find the owner package of a file with:
dpkg -S /where/ever/the/file/is

An example is:

# dpkg -S /etc/pam.conf 
libpam-runtime: /etc/pam.conf
# dpkg -S /bin/login
login: /bin/login
# dpkg -S /lib/aarch64-linux-gnu/ 
libpam0g:arm64: /lib/aarch64-linux-gnu/

(then find out what is in those packages and put it in the initrd)

The list goes on and on. You would need to become something of an expert at how PAM and login works. Normally, at this early stage, you would only need something like a bash shell, but ssh needs a lot of security help (this is why the answer is not simple). You’re basically in need of adding all of that user account and security content to the initrd.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.