start sshd before nfs

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

start sshd before nfs

matteo filippetto
Hi,

what do you think about starting sshd before mount NFS resources?



--- /etc/rc.orig        Thu Mar 14 19:50:29 2013
+++ /etc/rc     Fri Mar 15 15:38:04 2013
@@ -387,7 +387,7 @@

 echo -n 'starting early daemons:'
 start_daemon syslogd ldattach pflogd named nsd ntpd isakmpd iked sasyncd
-start_daemon ldapd npppd
+start_daemon ldapd npppd sshd
 echo '.'

 if [ X"${ipsec}" != X"NO" ]; then
@@ -481,7 +481,7 @@
 echo 'preserving editor files.';       /usr/libexec/vi.recover

 echo -n 'starting network daemons:'
-start_daemon ldomd sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated
+start_daemon ldomd snmpd ldpd ripd ospfd ospf6d bgpd ifstated
 start_daemon relayd dhcpd dhcrelay mrouted dvmrpd

 if ifconfig lo0 inet6 >/dev/null 2>&1; then


because if a NFS mount can't be mounted you can only access your box with
console...but if you have ssh access you can acces your box and solve the
problem....

Regards

--
Matteo Filippetto
http://www.op83.eu

<http://www.op83.eu>

Reply | Threaded
Open this post in threaded view
|

Re: start sshd before nfs

Theo de Raadt
> what do you think about starting sshd before mount NFS resources?

I see about 15 reasons between NFS startup and sshd startup.

Reply | Threaded
Open this post in threaded view
|

Re: start sshd before nfs

Ted Unangst-6
In reply to this post by matteo filippetto
On Tue, Mar 19, 2013 at 18:17, matteo filippetto wrote:
> Hi,
>
> what do you think about starting sshd before mount NFS resources?

ssh comes last because users are not allowed onto the system until the system is ready.

If your nfs server is that unreliable, use no auto and mount it manually.


>
>
>
> --- /etc/rc.orig        Thu Mar 14 19:50:29 2013
> +++ /etc/rc     Fri Mar 15 15:38:04 2013
> @@ -387,7 +387,7 @@
>
> echo -n 'starting early daemons:'
> start_daemon syslogd ldattach pflogd named nsd ntpd isakmpd iked sasyncd
> -start_daemon ldapd npppd
> +start_daemon ldapd npppd sshd
> echo '.'
>
> if [ X"${ipsec}" != X"NO" ]; then
> @@ -481,7 +481,7 @@
> echo 'preserving editor files.';       /usr/libexec/vi.recover
>
> echo -n 'starting network daemons:'
> -start_daemon ldomd sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated
> +start_daemon ldomd snmpd ldpd ripd ospfd ospf6d bgpd ifstated
> start_daemon relayd dhcpd dhcrelay mrouted dvmrpd
>
> if ifconfig lo0 inet6 >/dev/null 2>&1; then
>
>
> because if a NFS mount can't be mounted you can only access your box with
> console...but if you have ssh access you can acces your box and solve the
> problem....
>
> Regards

Reply | Threaded
Open this post in threaded view
|

Re: start sshd before nfs

matteo filippetto
ok, I understand what to do.

Thanks for your replies.

Regards


2013/3/19 Ted Unangst <[hidden email]>

> On Tue, Mar 19, 2013 at 18:17, matteo filippetto wrote:
> > Hi,
> >
> > what do you think about starting sshd before mount NFS resources?
>
> ssh comes last because users are not allowed onto the system until the
> system is ready.
>
> If your nfs server is that unreliable, use no auto and mount it manually.
>
>
> >
> >
> >
> > --- /etc/rc.orig        Thu Mar 14 19:50:29 2013
> > +++ /etc/rc     Fri Mar 15 15:38:04 2013
> > @@ -387,7 +387,7 @@
> >
> > echo -n 'starting early daemons:'
> > start_daemon syslogd ldattach pflogd named nsd ntpd isakmpd iked sasyncd
> > -start_daemon ldapd npppd
> > +start_daemon ldapd npppd sshd
> > echo '.'
> >
> > if [ X"${ipsec}" != X"NO" ]; then
> > @@ -481,7 +481,7 @@
> > echo 'preserving editor files.';       /usr/libexec/vi.recover
> >
> > echo -n 'starting network daemons:'
> > -start_daemon ldomd sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated
> > +start_daemon ldomd snmpd ldpd ripd ospfd ospf6d bgpd ifstated
> > start_daemon relayd dhcpd dhcrelay mrouted dvmrpd
> >
> > if ifconfig lo0 inet6 >/dev/null 2>&1; then
> >
> >
> > because if a NFS mount can't be mounted you can only access your box with
> > console...but if you have ssh access you can acces your box and solve the
> > problem....
> >
> > Regards
> >
>



--
Matteo Filippetto
http://www.op83.eu

Reply | Threaded
Open this post in threaded view
|

Re: start sshd before nfs

Stuart Henderson
In reply to this post by Ted Unangst-6
On 2013-03-19, Ted Unangst <[hidden email]> wrote:
> On Tue, Mar 19, 2013 at 18:17, matteo filippetto wrote:
>> Hi,
>>
>> what do you think about starting sshd before mount NFS resources?
>
> ssh comes last because users are not allowed onto the system until the system is ready.
>
> If your nfs server is that unreliable, use no auto and mount it manually.

or -b

Reply | Threaded
Open this post in threaded view
|

Re: start sshd before nfs

Christopher Sean Hilton
In reply to this post by Ted Unangst-6
On Mar 19, 2013, at 2:09 PM, Ted Unangst <[hidden email]> wrote:

> On Tue, Mar 19, 2013 at 18:17, matteo filippetto wrote:
>> Hi,
>>
>> what do you think about starting sshd before mount NFS resources?
>
> ssh comes last because users are not allowed onto the system until the system is ready.
>
> If your nfs server is that unreliable, use no auto and mount it manually.
>

noauto is a solution to this problem. The automounter was specifically designed for this situation.

[snip]

Chris Hilton                          e: chris /at/ vindaloo /dot/ com
------------------------------------------------------------------------
                "All I was doing was trying to get home from work!"
                                                 -- Rosa Parks

Reply | Threaded
Open this post in threaded view
|

Re: start sshd before nfs

matteo filippetto
In reply to this post by Stuart Henderson
2013/3/20 Stuart Henderson <[hidden email]>

> On 2013-03-19, Ted Unangst <[hidden email]> wrote:
> > On Tue, Mar 19, 2013 at 18:17, matteo filippetto wrote:
> >> Hi,
> >>
> >> what do you think about starting sshd before mount NFS resources?
> >
> > ssh comes last because users are not allowed onto the system until the
> system is ready.
> >
> > If your nfs server is that unreliable, use no auto and mount it manually.
>
> or -b
>
>
-b option is perfect

thanks


--
Matteo Filippetto
http://www.op83.eu

Reply | Threaded
Open this post in threaded view
|

Re: start sshd before nfs

Ted Unangst-6
In reply to this post by matteo filippetto
On Tue, Mar 19, 2013 at 18:09, Ted Unangst wrote:
> On Tue, Mar 19, 2013 at 18:17, matteo filippetto wrote:
>> Hi,
>>
>> what do you think about starting sshd before mount NFS resources?
>
> ssh comes last because users are not allowed onto the system until the
> system is ready.

oh, and if there were any doubts about what it means for the system to
be ready...

https://www.usenix.org/conference/usenixsecurity12/mining-your-ps-and-qs-detection-widespread-weak-keys-embedded-devices

key quote:

"Although Ubuntu
tries to restore entropy saved during the last shutdown,
this happens slightly after the point when sshd first reads
from urandom. With no entropic inputs, urandom produces
a deterministic output stream."

oops.