Ssh server in initrd

ingeniero · February 18, 2022, 8:54am

Is there any way to start a ssh server inside initrd??

linuxdev · February 19, 2022, 6:27pm

In theory, yes, but I lack the expertise to give much advice. The initrd size matters, and likely you’d need a statically linked server. There is a lot going on in ssh, so I suspect it would not be easy.

ingeniero · February 21, 2022, 6:05am

i statically built a dropbear server but i am getting a login error…“Login attempt from non existent user”.

linuxdev · February 21, 2022, 4:50pm

Does your initrd contain the user login content from “/etc”? In general, default initrd content is just for booting and then pivot root to the main rootfs. No login content would normally exist until the pivot root. I am guessing you would need not only the following files in the initrd, but also various programs which use this (e.g., PAM):

gshadow  gshadow-
passwd  passwd-
shadow  shadow-
group  group-

So basically you’d need to manually figure out and add support for user login before an ssh front end to a login could work.

Almost forgot: You would also need that user’s home directory or login location.

ingeniero · February 22, 2022, 3:20am

I added those files but still showing the same error…

ingeniero · February 22, 2022, 4:53am

Can you please list down the programs which uses user?

linuxdev · February 22, 2022, 5:57pm

That’s something I can’t answer, the topic is quite broad. However, I can give you a tool to investigate with (but I fear the answer will be daunting since the programs listed in packages are not statically linked in most cases).

You can find the owner package of a file with:
dpkg -S /where/ever/the/file/is

An example is:

# dpkg -S /etc/pam.conf 
libpam-runtime: /etc/pam.conf
# dpkg -S /bin/login
login: /bin/login
# dpkg -S /lib/aarch64-linux-gnu/libpam.so.0.83.1 
libpam0g:arm64: /lib/aarch64-linux-gnu/libpam.so.0.83.1

(then find out what is in those packages and put it in the initrd)

The list goes on and on. You would need to become something of an expert at how PAM and login works. Normally, at this early stage, you would only need something like a bash shell, but ssh needs a lot of security help (this is why the answer is not simple). You’re basically in need of adding all of that user account and security content to the initrd.

system · March 9, 2022, 5:03am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.