View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001469 | BuildRoot | Production/Installation | public | 2012-11-29 11:12 | 2014-07-10 15:42 |
| Reporter | Keller | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | resolved | Resolution | fixed | ||
| Product Version | fss5pv210-V2.0 | ||||
| Target Version | fss5pv210-V2.1 | Fixed in Version | fsvybrid-V1.1 | ||
| Summary | 0001469: OpenSSH key generation fails because root filesystem is read-only | ||||
| Description | Currently the root filesystem is mounted read-only by default. However the startup-script /etc/init.d/S50sshd generates a public/private key pair for OpenSSH if it is not existent yet. This computation takes quite some time during installation but is useless as the keys can not be stored on the read-only filesystem. We should have a way to mount the root filesystem read-write once during the installation procedure to allow the key generation to succeed. However then we have to shutdown Linux correctly with "halt" instead of just switching off the power. Maybe we can solve this with a separate script that is only called once via the kernel command in LinuxDownload.txt, remounts the root-filesystem read/write, calls /etc/init.d/S50sshd with argument start, waits for the key generation to complete and then remounts the filesystem read-only again so that it is save to switch off the power. | ||||
| Steps To Reproduce | Use the installation procedure for any armStoneA8/NetDCU14/PicoMOD7A in V2.0 which has the OpenSSH package included in the rootfs. After Linux is started, you see the following messages (with errors) and sshd exits. Generating RSA Key... Generating public/private rsa1 key pair. open /etc/ssh_host_key failed: Read-only file system. Saving the key failed: /etc/ssh_host_key. Generating RSA Key... Generating public/private rsa key pair. open /etc/ssh_host_rsa_key failed: Read-only file system. Saving the key failed: /etc/ssh_host_rsa_key. Generating DSA Key... THIS CAN TAKE A MINUTE OR TWO DEPENDING ON YOUR PROCESSOR! Generating public/private dsa key pair. open /etc/ssh_host_dsa_key failed: Read-only file system. Saving the key failed: /etc/ssh_host_dsa_key. Generating ECDSA Key... THIS CAN TAKE A MINUTE OR TWO DEPENDING ON YOUR PROCESSOR! Generating public/private ecdsa key pair. open /etc/ssh_host_ecdsa_key failed: Read-only file system. Saving the key failed: /etc/ssh_host_ecdsa_key. Starting sshd: Could not load host key: /etc/ssh_host_rsa_key Could not load host key: /etc/ssh_host_dsa_key Could not load host key: /etc/ssh_host_ecdsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available -- exiting. | ||||
| Additional Information | An easy way to do this would be to only generate the keys in S50sshd, if the filesystem in general and the key files are writable, adding some additional tests. However this would mean that we have our own version of this script and always need to remember updating it if it changes in BuildRoot. Is there a better way of doing this? Maybe we could try to get such an S50sshd modification included in mainline BuildRoot? | ||||
| Forum Link | |||||
