Updated: April 19, 2023 |
OpenSSH SSH daemon
/usr/sbin/sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time] [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]
QNX Neutrino
See sshd in the NetBSD documentation.
The sshd (OpenSSH Daemon) is the daemon program for ssh. Together, these programs provide secure encrypted communications between two untrusted hosts over an insecure network.
This program uses the OpenSSL library for cryptography services.
For more information, see sshd in the NetBSD documentation.
Setting up SSH access to a QNX Neutrino target
Here's how you can enable access via SSH and SFTP on a plain system that doesn't have telnet or similar configured. A writable POSIX filesystem is a requirement (fs-qnx6, devf*, or fs-etfs*), and it must be mounted under /.
random -p
libcrypto.so.2 libz.so.2
mkdir passwd /usr/sbin/sshd=sshd ssh-keygen /usr/libexec/sftp-server=${QNX_TARGET}/${PROCESSOR}/usr/libexec/sftp-server # These env vars will be set when you log in via ssh; adjust as needed: /etc/profile = { PATH=/proc/boot:/bin:/usr/bin:/sbin:/usr/sbin LD_LIBRARY_PATH=/proc/boot:/lib:/usr/lib:/lib/dll }
You can also define your own versions of /etc/services and etc/ssh/sshd_config if the default versions aren't suitable.
mkdir -p /etc/ssh
sshd:x:15:6:sshd:/var/chroot/sshd:/bin/false
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' ssh-keygen -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N '' ssh-keygen -t ecdsa -b 521 -f /etc/ssh/ssh_host_ecdsa_key -N '' ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''
mkdir -p /var/chroot/sshd chmod 700 /var/chroot/sshd
/usr/sbin/sshd
You should now be able to access the target with an SSH client and via SFTP.
derive_type sshd_type privsep new_type;Where sshd_type is the security type sshd is running as and new_type is the type the child process should run as, with lowered privilege. If secpolgenerate is in use, everything necessary to use this feature will be added to the policy.
See Using Security Policies in the System Security Guide for more information.
Alternatively, because sshd searches for its PAM configuration based on its program name (passed as argv[0]), you can edit either the inetd configuration file, or the PAM configuration file for sshd, so that the program name and configuration file match. For more information, see the entry for /etc/inetd.conf and the PAM chapter in the System Security Guide.
NetBSD