From 760cbb4f7e64bf8a5995129d60d579ece348c55a Mon Sep 17 00:00:00 2001 From: rootzoll Date: Tue, 15 Jan 2019 02:37:14 +0100 Subject: [PATCH] #225 moving /etc/ssh/ to HDD --- FAQ.md | 12 +++++++++++- build.sdcard/raspbianStretchDesktop.sh | 4 ++++ home.admin/40addHDD.sh | 8 ++++++++ home.admin/XXprepareRelease.sh | 16 ++++++++++++++++ home.admin/_bootstrap.provision.sh | 11 +++++++++++ home.admin/_bootstrap.sh | 12 ++++++++++++ 6 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 home.admin/XXprepareRelease.sh diff --git a/FAQ.md b/FAQ.md index 4a54375..4dbd905 100644 --- a/FAQ.md +++ b/FAQ.md @@ -46,4 +46,14 @@ But you can try to backup at your own risk. All your Lightning Node data is with ## How do I change the Name/Alias of my lightning node -Use the "Change Name/Alias of Node" option in main menu. The RaspiBlitz will make a reboot after this. \ No newline at end of file +Use the "Change Name/Alias of Node" option in main menu. The RaspiBlitz will make a reboot after this. + +## What to do when on SSH I see "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" + +This means, that he public ssh key of the RaspiBlitz has changed to the one you logged in the last time under that IP. + +Its OK when happening during an update - when you changed the sd card image. If its really happening out of the blue - check your local network setup for a second. Maybe the local IP of your RaspiBlitz changed? Is there a second RaspiBlitz connected? Its a security warning, so at least take some time to check if anything is strange. But also dont get to panic - when its in your local network, normally its some network thing - not an intruder. + +To fix this and to be able to login with SSH again, you have to remove the old public key for that IP from your local client computer. Just run the following command (with the replaced IP of your RaspiBlitz): `ssh-keygen -R IP-OF-YOUR-RASPIBLITZ` or remove the line for this IP manually from the known_hosts file (path see in warning message). + +After that you should be able to login with SSH again. \ No newline at end of file diff --git a/build.sdcard/raspbianStretchDesktop.sh b/build.sdcard/raspbianStretchDesktop.sh index 5a76641..faf81d2 100644 --- a/build.sdcard/raspbianStretchDesktop.sh +++ b/build.sdcard/raspbianStretchDesktop.sh @@ -509,6 +509,10 @@ echo "" echo "Maybe take the chance and look thru the output above if you can spot any errror." echo "" echo "After final reboot - your SD Card Image is ready." +echo "" +echo "IMPORTANT IF WANT TO MAKE A RELEASE IMAGE FROM THIS BUILD:" +echo "login once after reboot without HDD and run 'XXprepareRelease.sh'" +echo "" echo "Press ENTER to install LCD and reboot ..." read key diff --git a/home.admin/40addHDD.sh b/home.admin/40addHDD.sh index c64bea2..2d35c7b 100755 --- a/home.admin/40addHDD.sh +++ b/home.admin/40addHDD.sh @@ -45,6 +45,14 @@ if [ ${existsHDD} -gt 0 ]; then echo "OK - HDD is mounted" echo "" + # move SSH pub keys to HDD so that they survive an update + echo "moving SSH pub keys to HDD" + sudo cp -r /etc/ssh /mnt/hdd/ssh + sudo rm -rf /etc/ssh + sudo ln -s /mnt/hdd/ssh /etc/ssh + echo "OK" + echo "" + # set SetupState sudo sed -i "s/^setupStep=.*/setupStep=40/g" /home/admin/raspiblitz.info diff --git a/home.admin/XXprepareRelease.sh b/home.admin/XXprepareRelease.sh new file mode 100644 index 0000000..3a4d3a6 --- /dev/null +++ b/home.admin/XXprepareRelease.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# Just run this script once after a fresh sd card build +# to prepare the image for release as a downloadable sd card image + +# SSH Pubkeys (make uniquie for every sd card image install) +echo "deleting SSH Pub keys ..." +echo "they will get recreated on fresh bootup, by _bootstrap.sh service" +sudo rm /etc/ssh/ssh_host_* +echo "OK" + +echo " " +echo "Will shutdown now." +echo "Wait until Respebarry LEDs show now activity anymore." +echo "Then remove SD card and make an release image from it." +sudo shutdown now diff --git a/home.admin/_bootstrap.provision.sh b/home.admin/_bootstrap.provision.sh index c171e47..cd31025 100644 --- a/home.admin/_bootstrap.provision.sh +++ b/home.admin/_bootstrap.provision.sh @@ -46,6 +46,17 @@ sudo umount -l /mnt/hdd >> ${logFile} 2>&1 echo "Auto-Mounting HDD - calling script" >> ${logFile} /home/admin/40addHDD.sh >> ${logFile} 2>&1 +# link old SSH PubKeys +# so that client ssh_known_hosts is not complaining after update +if [ -d "/mnt/hdd/ssh" ]; then + echo "Old SSH PubKey exists on HDD > just linking them" >> ${logFile} +else + echo "No SSH PubKey exists on HDD > copy from SD card and linking them" >> ${logFile} + sudo cp -r /etc/ssh /mnt/hdd/ssh >> ${logFile} 2>&1 +fi +sudo rm -rf /etc/ssh >> ${logFile} 2>&1 +sudo ln -s /mnt/hdd/ssh /etc/ssh >> ${logFile} 2>&1 + # link and copy HDD content into new OS echo "Link HDD content for user bitcoin" >> ${logFile} sudo chown -R bitcoin:bitcoin /mnt/hdd/lnd >> ${logFile} 2>&1 diff --git a/home.admin/_bootstrap.sh b/home.admin/_bootstrap.sh index f62fbbe..7549f6a 100644 --- a/home.admin/_bootstrap.sh +++ b/home.admin/_bootstrap.sh @@ -43,6 +43,18 @@ echo "chain=" >> $infoFile echo "message=" >> $infoFile sudo chmod 777 ${infoFile} +################################ +# GENERATE UNIQUE SSH PUB KEYS +# on first boot up +################################ + +numberOfPubKeys=$(sudo ls /etc/ssh/ | grep -c 'ssh_host_') +if [ ${numberOfPubKeys} -eq 0 ]; then + echo "*** Generating new SSH PubKeys" >> $logFile + sudo dpkg-reconfigure openssh-server + echo "OK" >> $logFile +fi + ################################ # AFTER BOOT SCRIPT # when a process needs to