9front - general discussion about 9front
 help / color / mirror / Atom feed
* [9front] Can additional keys be added to nvram?
@ 2022-02-14 14:48 Mack Wallace
  2022-02-14 22:11 ` Steve Simon
  0 siblings, 1 reply; 3+ messages in thread
From: Mack Wallace @ 2022-02-14 14:48 UTC (permalink / raw)
  To: 9front

I have some CPU servers that connect to some other devices via SSH. Being a CPU server, factotum doesn’t ask for passwords, and this CPU server is remote anyway and will running scripts to access the other hardware. 

While we could add the key (username, password, ssh thumb) to factotum through a script, it would be a lot nicer to have the other one or two keys loaded from nvram. I know the nvram partition is typically small (only 512 bytes), but I also know that a larger nvram partition could be made. So is there a way to add keys to the nvram?

I did try to use auth/factotum -k (with -S) to 'write’ factotum to nvram as stated in the man page. We also checked the secstore man page and tried the procedure outlined there (though lacked confidence that would work because it is specific for a secstore server) - that did not work either. 

Look forward to the response.

Thanks,

Mack


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [9front] Can additional keys be added to nvram?
  2022-02-14 14:48 [9front] Can additional keys be added to nvram? Mack Wallace
@ 2022-02-14 22:11 ` Steve Simon
  2022-02-15 18:46   ` Mack Wallace
  0 siblings, 1 reply; 3+ messages in thread
From: Steve Simon @ 2022-02-14 22:11 UTC (permalink / raw)
  To: 9front


cpu servers usually have a secstore key stored in an nvram partition on disk using auth/wrkey.

the secstore key is then used to populate the cpu servers’s factotum at boot.

once you have a populated factotum it can hold any keys you like.

beware: this is what i use on the labs distro, i believe it applies to 9front too, but if not i am sure someone will kindly correct me.

-Steve


> On 14 Feb 2022, at 7:27 pm, Mack Wallace <mackbw@mapinternet.com> wrote:
> 
> I have some CPU servers that connect to some other devices via SSH. Being a CPU server, factotum doesn’t ask for passwords, and this CPU server is remote anyway and will running scripts to access the other hardware. 
> 
> While we could add the key (username, password, ssh thumb) to factotum through a script, it would be a lot nicer to have the other one or two keys loaded from nvram. I know the nvram partition is typically small (only 512 bytes), but I also know that a larger nvram partition could be made. So is there a way to add keys to the nvram?
> 
> I did try to use auth/factotum -k (with -S) to 'write’ factotum to nvram as stated in the man page. We also checked the secstore man page and tried the procedure outlined there (though lacked confidence that would work because it is specific for a secstore server) - that did not work either. 
> 
> Look forward to the response.
> 
> Thanks,
> 
> Mack
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [9front] Can additional keys be added to nvram?
  2022-02-14 22:11 ` Steve Simon
@ 2022-02-15 18:46   ` Mack Wallace
  0 siblings, 0 replies; 3+ messages in thread
From: Mack Wallace @ 2022-02-15 18:46 UTC (permalink / raw)
  To: 9front

Thanks for the reply,

I believe there are no differences between distributions when it comes to the nvram mechanism. Upon first bootup as a CPU server auth/wrkey is run and one provides the hostowners credentials. And these credentials are automatically loaded into factotum on subsequent boots. Probably the only difference between 9front and the labs 9 is that two keys are stored for the host owner, one for p9sk1 protocol and one in dp9ik. 

What I am asking is, I want to add one or two additional keys to the nvram to be automatically loaded into factotum on boot. I just can’t seem to find the appropriate instructions or procedure for taking a factotum of the keys I want and getting them into  nvram. That’s what I am looking for.

Regards,

Mack

> On Feb 14, 2022, at 5:11 PM, Steve Simon <steve@quintile.net> wrote:
> 
> 
> cpu servers usually have a secstore key stored in an nvram partition on disk using auth/wrkey.
> 
> the secstore key is then used to populate the cpu servers’s factotum at boot.
> 
> once you have a populated factotum it can hold any keys you like.
> 
> beware: this is what i use on the labs distro, i believe it applies to 9front too, but if not i am sure someone will kindly correct me.
> 
> -Steve
> 
> 
>> On 14 Feb 2022, at 7:27 pm, Mack Wallace <mackbw@mapinternet.com> wrote:
>> 
>> I have some CPU servers that connect to some other devices via SSH. Being a CPU server, factotum doesn’t ask for passwords, and this CPU server is remote anyway and will running scripts to access the other hardware. 
>> 
>> While we could add the key (username, password, ssh thumb) to factotum through a script, it would be a lot nicer to have the other one or two keys loaded from nvram. I know the nvram partition is typically small (only 512 bytes), but I also know that a larger nvram partition could be made. So is there a way to add keys to the nvram?
>> 
>> I did try to use auth/factotum -k (with -S) to 'write’ factotum to nvram as stated in the man page. We also checked the secstore man page and tried the procedure outlined there (though lacked confidence that would work because it is specific for a secstore server) - that did not work either. 
>> 
>> Look forward to the response.
>> 
>> Thanks,
>> 
>> Mack
>> 


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-02-16 10:16 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-14 14:48 [9front] Can additional keys be added to nvram? Mack Wallace
2022-02-14 22:11 ` Steve Simon
2022-02-15 18:46   ` Mack Wallace

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).