Changes

Jump to navigation Jump to search
revert to use Dropbear 0.49 from ESXi Distro
Line 49: Line 49:     
==== Configuring SSH and RSYNC on the ESX3i Host ====
 
==== Configuring SSH and RSYNC on the ESX3i Host ====
By default the SSH service is disabled and rsync is not installed. ESXi uses Dropbear rather than OpenSSL as the SSH Server. The installed Dropbear Version 0.49 has a bug that causes an incorrect return status of the executed command. Therefore it must be updated to Version 0.51. This version fixes the problem with wrong exit codes. Only with Dropbear Version 0.51 Affa can detect failures of rsync commands.
+
On ESXi the SSH service Dropbear is installed but disabled. To use rsync the SSH service must be enabled and the rsync program must be installed. To enable passwordless login a .ssh directory for storing the keys must be created.
    +
A script is provided that does this:
 
To set up ESXi for use with Affa we must:
 
To set up ESXi for use with Affa we must:
 
* enable SSH service by configuring inetd.conf and restarting the inetd service
 
* enable SSH service by configuring inetd.conf and restarting the inetd service
 
* install rsync (statically linked binary)
 
* install rsync (statically linked binary)
* update Dropbear to version 0.51
   
* create a /root home directory  with a .ssh sub directory to store the public keys for password-less login
 
* create a /root home directory  with a .ssh sub directory to store the public keys for password-less login
 
* link the .ssh directory to the non-volatile USB device
 
* link the .ssh directory to the non-volatile USB device
 
* add a command to /etc/rc.local that executes all the steps above at boot time
 
* add a command to /etc/rc.local that executes all the steps above at boot time
   −
The following script does this all:
+
 
 
<pre>
 
<pre>
 
# enable ssh service
 
# enable ssh service
sed -e 's/^#\(ssh.*\)/\1/' < /etc/inetd.conf > /etc/inetd.conf.affa
+
sed -ie 's/^#\(ssh.*\)/\1/' /etc/inetd.conf
mv -f /etc/inetd.conf.affa /etc/inetd.conf
  −
 
   
# reload inetd configuration
 
# reload inetd configuration
 
kill -HUP `ps | grep inetd | sed -e 's/ .*//'`
 
kill -HUP `ps | grep inetd | sed -e 's/ .*//'`
  −
# install Dropbear 0.51
  −
rm -f /sbin/dropbearmulti; cp -a /bootbank/bexi/dropbearmulti /sbin/dropbearmulti
  −
ln -fs /sbin/dropbearmulti /bin/ssh
  −
  −
# install sftp-server (needed for FUSE sshfs mount)
  −
cp -a /bootbank/bexi/sftp-server-static /usr/libexec/sftp-server
      
# install rsync 3.0.4 statically linked
 
# install rsync 3.0.4 statically linked
Line 88: Line 79:     
# set new home dir for user root
 
# set new home dir for user root
sed -e 's#^\(root:.*\)\(:/:\)\(.*\)#\1:/root:\3#' < /etc/passwd > /etc/passwd.affa
+
sed -ie 's#^\(root:.*\)\(:/:\)\(.*\)#\1:/root:\3#' /etc/passwd
mv -f /etc/passwd.affa /etc/passwd
      
# add execution of this script to rc.local
 
# add execution of this script to rc.local
grep -q "/bootbank/bexi/affa-setup.sh" < /etc/rc.local || echo "/bootbank/bexi/affa-setup.sh" >> /etc/rc.local
+
grep -v "#BEXI$" < /etc/rc.local > /etc/rc.local.affa; mv -f /etc/rc.local.affa /etc/rc.local
 +
echo "test -f /bootbank/bexi/affa-setup.sh && /bootbank/bexi/affa-setup.sh #BEXI" >> /etc/rc.local
 +
echo "test ! -d /root && sed -ie 's#^\(root:.*\)\(:/root:\)\(.*\)#\1:/:\3#' /etc/passwd  #BEXI" >> /etc/rc.local
 
</pre>
 
</pre>
    +
===== Download and install the skript =====
 
On the ESXi Server console hit Alt-F1 to get the service shell. Now blind-type the word '''unsupported''' to unlock the shell.  
 
On the ESXi Server console hit Alt-F1 to get the service shell. Now blind-type the word '''unsupported''' to unlock the shell.  
   Line 103: Line 96:  
Download the tarball. The tarball contains all binaries and the script.  
 
Download the tarball. The tarball contains all binaries and the script.  
 
  cd /bootbank
 
  cd /bootbank
  wget http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2/affa-esxi-setup-01.tgz  
+
  wget http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2/affa-esxi-setup-02.tgz  
 
Verify the download
 
Verify the download
   wget http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2/affa-esxi-setup-01.tgz.md5sum  
+
   wget http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2/affa-esxi-setup-02.tgz.md5sum  
 
   md5sum -c affa-esxi-setup-01.tgz.md5sum
 
   md5sum -c affa-esxi-setup-01.tgz.md5sum
 
Unpack it
 
Unpack it
  tar xzf affa-esxi-setup-01.tgz  
+
  tar xzf affa-esxi-setup-02.tgz  
  rm affa-esxi-setup-01.tgz*  
+
  rm affa-esxi-setup-02.tgz*  
 
and run the script
 
and run the script
 
  ./bexi/affa-setup.sh
 
  ./bexi/affa-setup.sh
Line 147: Line 140:  
=== Uninstall ===
 
=== Uninstall ===
 
SSH login as root on the ESXi host and run these commands '''carefully''':
 
SSH login as root on the ESXi host and run these commands '''carefully''':
  grep -v "/bootbank/bexi/affa-setup.sh" < /etc/rc.local >/etc/rc.local.affa; mv -f /etc/rc.local.affa /etc/rc.local
+
  grep -v "#BEXI" < /etc/rc.local >/etc/rc.local.affa; mv -f /etc/rc.local.affa /etc/rc.local
 
  sed -e 's#^\(root:.*\)\(:/root:\)\(.*\)#\1:/:\3#' < /etc/passwd > /etc/passwd.affa; mv -f /etc/passwd.affa /etc/passwd
 
  sed -e 's#^\(root:.*\)\(:/root:\)\(.*\)#\1:/:\3#' < /etc/passwd > /etc/passwd.affa; mv -f /etc/passwd.affa /etc/passwd
 
  sed -e 's/^\(ssh.*\)/#\1/' < /etc/inetd.conf > /etc/inetd.conf.affa; mv -f /etc/inetd.conf.affa /etc/inetd.conf
 
  sed -e 's/^\(ssh.*\)/#\1/' < /etc/inetd.conf > /etc/inetd.conf.affa; mv -f /etc/inetd.conf.affa /etc/inetd.conf
 
  kill -HUP `ps | grep inetd | sed -e 's/ .*//'`
 
  kill -HUP `ps | grep inetd | sed -e 's/ .*//'`
  rm -rf /bin/rsync /usr/libexec/sftp-server /root /bootbank/bexi
+
  rm -rf /bin/rsync /root /bootbank/bexi
 
  tar -C / -xzf /bootbank/environ.tgz sbin/dropbearmulti
 
  tar -C / -xzf /bootbank/environ.tgz sbin/dropbearmulti
    
=== Addtional Information ===
 
=== Addtional Information ===
===== How to make the Dropbearmulti 0.51 Binary and the statically linked Rsync Binary =====
+
===== How to make the statically linked Rsync Binary =====
If you want to make the binaries by yourself, run the following on a Centos4/SME7.3 box with devel RPMs installed:
  −
 
  −
'''Dropbear 0.51'''
  −
 
  −
1. download <tt>dropbear-0.51.tar.gz</tt> from http://matt.ucc.asn.au/dropbear/
  −
 
  −
2. unpack the tarball
  −
tar xzf dropbear-0.51.tar.gz
  −
cd dropbear-0.51
  −
 
  −
3. edit the file <tt>options.h</tt> and comment out line 40
  −
/*#define NON_INETD_MODE*/
  −
 
  −
4. configure and compile
  −
./configure --disable-zlib --disable-openpty
  −
make PROGRAMS="dropbear dbclient scp dropbearkey dropbearconvert" MULTI=1 STATIC=0 SCPPROGRESS=1
  −
strip dropbearmulti
  −
 
  −
 
  −
'''Rsync 3.0.4 statically linked'''
      
1. download the source from http://rsync.samba.org/
 
1. download the source from http://rsync.samba.org/
Line 185: Line 158:  
  make CFLAGS="-static" EXEEXT="-static"
 
  make CFLAGS="-static" EXEEXT="-static"
 
  strip rsync-static
 
  strip rsync-static
         
[[Category:Howto]]
 
[[Category:Howto]]
 
[[Category: Backup]]
 
[[Category: Backup]]
501

edits

Navigation menu