From: Mack Wallace <mackbw@mapinternet.com>
To: 9front@9front.org
Subject: Re: [9front] Can additional keys be added to nvram?
Date: Tue, 15 Feb 2022 18:46:34 +0000 [thread overview]
Message-ID: <0100017efeb52f8c-f83d0795-ccad-42b1-b128-9cffa7add2d5-000000@email.amazonses.com> (raw)
In-Reply-To: <22BDB269-25B6-4E0C-AF9C-23A0D81BC2BD@quintile.net>
Thanks for the reply,
I believe there are no differences between distributions when it comes to the nvram mechanism. Upon first bootup as a CPU server auth/wrkey is run and one provides the hostowners credentials. And these credentials are automatically loaded into factotum on subsequent boots. Probably the only difference between 9front and the labs 9 is that two keys are stored for the host owner, one for p9sk1 protocol and one in dp9ik.
What I am asking is, I want to add one or two additional keys to the nvram to be automatically loaded into factotum on boot. I just can’t seem to find the appropriate instructions or procedure for taking a factotum of the keys I want and getting them into nvram. That’s what I am looking for.
Regards,
Mack
> On Feb 14, 2022, at 5:11 PM, Steve Simon <steve@quintile.net> wrote:
>
>
> cpu servers usually have a secstore key stored in an nvram partition on disk using auth/wrkey.
>
> the secstore key is then used to populate the cpu servers’s factotum at boot.
>
> once you have a populated factotum it can hold any keys you like.
>
> beware: this is what i use on the labs distro, i believe it applies to 9front too, but if not i am sure someone will kindly correct me.
>
> -Steve
>
>
>> On 14 Feb 2022, at 7:27 pm, Mack Wallace <mackbw@mapinternet.com> wrote:
>>
>> I have some CPU servers that connect to some other devices via SSH. Being a CPU server, factotum doesn’t ask for passwords, and this CPU server is remote anyway and will running scripts to access the other hardware.
>>
>> While we could add the key (username, password, ssh thumb) to factotum through a script, it would be a lot nicer to have the other one or two keys loaded from nvram. I know the nvram partition is typically small (only 512 bytes), but I also know that a larger nvram partition could be made. So is there a way to add keys to the nvram?
>>
>> I did try to use auth/factotum -k (with -S) to 'write’ factotum to nvram as stated in the man page. We also checked the secstore man page and tried the procedure outlined there (though lacked confidence that would work because it is specific for a secstore server) - that did not work either.
>>
>> Look forward to the response.
>>
>> Thanks,
>>
>> Mack
>>
prev parent reply other threads:[~2022-02-16 10:16 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-14 14:48 Mack Wallace
2022-02-14 22:11 ` Steve Simon
2022-02-15 18:46 ` Mack Wallace [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0100017efeb52f8c-f83d0795-ccad-42b1-b128-9cffa7add2d5-000000@email.amazonses.com \
--to=mackbw@mapinternet.com \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).