Commits on Mar 13, 2024

1. TOR class to allow remote SSH access over deep networks …

   This class configures an onion service to access the SSH server over
   Tor. This is useful when you have a box behind NAT or some firewall
   that is broken or unknown, and you need to get a rescue shell on the
   host.
   
   With this, you give an operator a thumb drive, who only needs to
   figure out how to boot into GRML, and then after a while you get a
   shell, pretty much regardless of where the box is.
   
   This is not enabled by default, naturally, otherwise the secret key
   would leak in default GRML builds: this is solely designed to be run
   in an ad-hoc, one-time fashion. It also generates the SSH keys for the
   same reason: those are shown in the build logs and can be used to
   authenticate the remote host (a redundant measure to the onion service
   name, of course).
   
   I also enable `DEFAULT_BOOT_OPTIONS=ssh` in my builds, but that hasn't
   been done here (although maybe it's possible to enable that in the
   class? to be investigated).
   
   Finally, another shim is required here to inject a valid SSH public
   key in the image, so you can login over SSH. In my case, I have an
   extra CLASS that only has this one script which does:
   
       gpg --export-ssh-key [email protected] | tee -a $target/root/.ssh/authorized_keys
   
   This could also be folded in the TOR class, but I'm not sure how to do
   variables yet, so that's not yet standardized.

   

   anarcat committed Mar 13, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 017064b
   • Browse repository at this point

   Copy the full SHA

   017064b View commit details

   Browse the repository at this point in the history