NetBSD/share/man/man8/creds_msdos.8

.\"	$NetBSD: creds_msdos.8,v 1.1 2019/06/12 09:03:32 mrg Exp $
.\"
.\" Copyright (c) 2019 Matthew R. Green
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote products
.\"    derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd June 10, 2019
.Dt CREDS_MSDOS 8
.Os
.Sh NAME
.Nm creds_msdos
.Nd automatically add login credentials from MSDOS partition
.Sh SYNOPSIS
.Nm
.Ar start
.Sh DESCRIPTION
The
.Nm
rc.d script allows automatic addition of login credentials during boot
using a special file found on the MSDOS partition of a bootable image.
This script is not distributed with the normal system and is only
included with pre-installed bootable images.
The goal is to allow remote access of the system without having to
edit the primary root file system (which may not be accessible from
the host the image is being written from), but place this information
in the MSDOS partition that most platforms can easily access.
.Pp
Typically, an installable image (such as
.Pa arm64.img )
is written to an SD card or similar media, and has both a native FFS
partition as well as an MSDOS partition for booting.
If this script is enabled and has been pointed at the boot partition
it will inspect the file
.Pa creds.txt
for any credentials to be added to the system.
.Pp
These are the supported options in the credentials files:
.Bl -tag -compact -width "sshkeyfilepl" -offset indent
.It Sy sshkeyfile Ar user Ar keyfile
.It Sy sshkey Ar user Ar keystring
.It Sy useraddpwhash Ar user Ar pwhash
.It Sy useradd Ar user Ar password
.El
.Pp
In all cases
.Ar user
is the username to be added, and the user will be
added to the
.Dq wheel
group.
.Pp
The sshkeyfile method looks in the MSDOS boot partition for
the specified file and merges ssh keys from this file into
.Ar user Ap s
.Pa ~/.ssh/authorized_keys
file.
.Pp
The sshkey method adds the
.Ar keystring
to the
.Ar user Ap s
.Pa ~/.ssh/authorized_keys
file.
.Pp
The useraddpwhash method uses
.Ar pwhash
as the
.Ar users Ap s
password hash.
.Pp
The above three methods are the preferred methods.
.Pp
For the useradd method
.Ar password
is an unencrypted raw password that will be hashed and added to the system.
This method is not recommended as it leaves unencrypted passwords
around until such time that the script runs.
If this method is used then the
.Pa creds.txt
file will be shredded and deleted using
.Dq rm -P
after the credentials are updated.
.Sh FILES
.Pa /boot/creds.txt
.Sh SEE ALSO
.Xr pwhash 1 ,
.Xr rm 1 ,
.Xr ssh 1 ,
.Xr ssh_config 5 ,
.Xr mount_msdos 8 ,
.Xr sshd 8 ,
.Xr useradd 8
.Sh HISTORY
The
.Nm
script appeared in
.Nx 9.0 .
.Sh AUTHORS
.An Matthew R. Green Aq Mt mrg@eterna.com.au .