Author Topic: annoying missing sshd corner case with manually edited users  (Read 5805 times)

hiryu

  • Newbie
  • *
  • Posts: 6
  • Karma: +2/-0
    • View Profile
annoying missing sshd corner case with manually edited users
« on: February 21, 2020, 12:15:33 am »
After some back and forth on twitter, the notes have been updated:
https://twitter.com/RaptorCompSys/status/1230723235961917440

But I will give a run down on how this seemed to occur to me.
a. /etc/passwd- was giving me a random "stale file handle" issue... Which was preventing me from writing to /etc/passwd, as /etc/passwd could not be backed up to /etc/passwd-
b. Restarting the BMC fixed this so this "stale file handle" issue is intermittent?
c. Ultimately the issue here is that /etc/passwd is persistent and I had added a user. The new version of the file which can be found here: /run/initramfs/ro/etc/passwd, has the sshd user.

From here... it's clear that useradd is _really_ broken. It complains:
useradd: PAM: Permission denied

Probably needs to be built without PAM support?

adduser won't give you a list of options it accepts and it's the busybox version so who knows? Turns out it seems to _mostly_ have parity with Debian 10's adduser.

Here is how I ultimately was able to get this working:
1. addgroup --system sshd
2. adduser --system --home /var/run/sshd --shell /bin/false sshd (ignore the error about the sshd group)
3. usermod -g sshd sshd
4. chown root:root /var/run/sshd

Theoretically and ideally, the above steps should be performed BEFORE the upgrade to avoid having to hook up a serial cable.

My steps won't provide the same UID/GID as in the release notes, but will use the next available system UID/GID, which will work just as well. You could also modify the user or add some CLI switches to match Raptor's settings.

(edited to make minor fix to step 2 adduser command)
« Last Edit: February 24, 2020, 03:16:59 pm by hiryu »

hiryu

  • Newbie
  • *
  • Posts: 6
  • Karma: +2/-0
    • View Profile
Re: annoying missing sshd corner case with manually edited users
« Reply #1 on: February 21, 2020, 03:24:17 pm »
So I decided to try and reflash the BMC using the risky technique described under known issues:
https://wiki.raptorcs.com/wiki/Talos_II/Firmware/2.00/Release_Notes

I removed /etc/passwd and /etc/group and immediately rebooted... It didn't work.

The good news is that after 4-5 hours, I finally figured out how to make tftpboot work from u-boot. The instructions on the wiki aren't 100% correct.

I'd like to be able to provide what needs to be fixed.

2 things from the top of my head:
a. Disabling the FPGA watchdog for the Blackbird isn't the same as the Talos. The procedure is the same, but the code is different as the BB has differing addresses.
b. The instructions to download and boot the BMC image aren't quite right.

hiryu

  • Newbie
  • *
  • Posts: 6
  • Karma: +2/-0
    • View Profile
Re: annoying missing sshd corner case with manually edited users
« Reply #2 on: February 21, 2020, 03:25:45 pm »
Here's the code to compile in order to disable the FPGA on a Blackbird system:
#include <stdint.h>
int main() {
    uint32_t* gpio_ctl_reg = 0x1e780024;
    uint32_t* gpio_data_reg = 0x1e780020;

    *gpio_ctl_reg |= 0x00010000;
    *gpio_data_reg &= ~0x00010000;
    return 0;
}

Otherwise the directions here work:
https://wiki.raptorcs.com/wiki/Debricking_the_BMC/Watchdog