#225 moving /etc/ssh/ to HDD

6 years ago · 760cbb4f7e
6 changed files with 62 additions and 1 deletions
--- a/FAQ.md
+++ b/FAQ.md
@ -46,4 +46,14 @@ But you can try to backup at your own risk. All your Lightning Node data is with

 ## How do I change the Name/Alias of my lightning node

-Use the "Change Name/Alias of Node" option in main menu. The RaspiBlitz will make a reboot after this.
+Use the "Change Name/Alias of Node" option in main menu. The RaspiBlitz will make a reboot after this.
+
+## What to do when on SSH I see "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"
+
+This means, that he public ssh key of the RaspiBlitz has changed to the one you logged in the last time under that IP.
+
+Its OK when happening during an update - when you changed the sd card image. If its really happening out of the blue - check your local network setup for a second. Maybe the local IP of your RaspiBlitz changed? Is there a second RaspiBlitz connected? Its a security warning, so at least take some time to check if anything is strange. But also dont get to panic - when its in your local network, normally its some network thing - not an intruder.
+
+To fix this and to be able to login with SSH again, you have to remove the old public key for that IP from your local client computer. Just run the following command (with the replaced IP of your RaspiBlitz): `ssh-keygen -R IP-OF-YOUR-RASPIBLITZ` or remove the line for this IP manually from the known_hosts file (path see in warning message).
+
+After that you should be able to login with SSH again.
--- a/build.sdcard/raspbianStretchDesktop.sh
+++ b/build.sdcard/raspbianStretchDesktop.sh
@ -509,6 +509,10 @@ echo ""
 echo "Maybe take the chance and look thru the output above if you can spot any errror."
 echo ""
 echo "After final reboot - your SD Card Image is ready."
+echo ""
+echo "IMPORTANT IF WANT TO MAKE A RELEASE IMAGE FROM THIS BUILD:"
+echo "login once after reboot without HDD and run 'XXprepareRelease.sh'"
+echo ""
 echo "Press ENTER to install LCD and reboot ..."
 read key

--- a/home.admin/40addHDD.sh
+++ b/home.admin/40addHDD.sh
@ -45,6 +45,14 @@ if [ ${existsHDD} -gt 0 ]; then
          echo "OK - HDD is mounted"
 	        echo ""

+          # move SSH pub keys to HDD so that they survive an update
+          echo "moving SSH pub keys to HDD"
+          sudo cp -r /etc/ssh /mnt/hdd/ssh
+          sudo rm -rf /etc/ssh
+          sudo ln -s /mnt/hdd/ssh /etc/ssh
+          echo "OK"
+          echo ""
+
          # set SetupState
          sudo sed -i "s/^setupStep=.*/setupStep=40/g" /home/admin/raspiblitz.info

--- a/home.admin/XXprepareRelease.sh
+++ b/home.admin/XXprepareRelease.sh
@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Just run this script once after a fresh sd card build
+# to prepare the image for release as a downloadable sd card image
+
+# SSH Pubkeys (make uniquie for every sd card image install)
+echo "deleting SSH Pub keys ..."
+echo "they will get recreated on fresh bootup, by _bootstrap.sh service"
+sudo rm /etc/ssh/ssh_host_*
+echo "OK"
+
+echo " "
+echo "Will shutdown now."
+echo "Wait until Respebarry LEDs show now activity anymore."
+echo "Then remove SD card and make an release image from it."
+sudo shutdown now
--- a/home.admin/_bootstrap.provision.sh
+++ b/home.admin/_bootstrap.provision.sh
@ -46,6 +46,17 @@ sudo umount -l /mnt/hdd >> ${logFile} 2>&1
 echo "Auto-Mounting HDD - calling script" >> ${logFile}
 /home/admin/40addHDD.sh >> ${logFile} 2>&1

+# link old SSH PubKeys
+# so that client ssh_known_hosts is not complaining after update
+if [ -d "/mnt/hdd/ssh" ]; then
+  echo "Old SSH PubKey exists on HDD > just linking them" >> ${logFile}
+else
+  echo "No SSH PubKey exists on HDD > copy from SD card and linking them" >> ${logFile}
+  sudo cp -r /etc/ssh /mnt/hdd/ssh >> ${logFile} 2>&1
+fi
+sudo rm -rf /etc/ssh >> ${logFile} 2>&1
+sudo ln -s /mnt/hdd/ssh /etc/ssh >> ${logFile} 2>&1
+
 # link and copy HDD content into new OS
 echo "Link HDD content for user bitcoin" >> ${logFile}
 sudo chown -R bitcoin:bitcoin /mnt/hdd/lnd >> ${logFile} 2>&1
--- a/home.admin/_bootstrap.sh
+++ b/home.admin/_bootstrap.sh
@ -43,6 +43,18 @@ echo "chain=" >> $infoFile
 echo "message=" >> $infoFile
 sudo chmod 777 ${infoFile}

+################################
+# GENERATE UNIQUE SSH PUB KEYS
+# on first boot up
+################################
+
+numberOfPubKeys=$(sudo ls /etc/ssh/ | grep -c 'ssh_host_')
+if [ ${numberOfPubKeys} -eq 0 ]; then
+  echo "*** Generating new SSH PubKeys" >> $logFile
+  sudo dpkg-reconfigure openssh-server
+  echo "OK" >> $logFile
+fi
+
 ################################
 # AFTER BOOT SCRIPT
 # when a process needs to