9front - general discussion about 9front
 help / color / mirror / Atom feed
From: Steve Simon <steve@quintile.net>
To: 9front@9front.org
Subject: Re: [9front] Can additional keys be added to nvram?
Date: Mon, 14 Feb 2022 22:11:55 +0000	[thread overview]
Message-ID: <22BDB269-25B6-4E0C-AF9C-23A0D81BC2BD@quintile.net> (raw)
In-Reply-To: <0100017ef8b49b77-efd8ac91-87b4-4754-96ff-4842b10dcb2a-000000@email.amazonses.com>

cpu servers usually have a secstore key stored in an nvram partition on disk using auth/wrkey.

the secstore key is then used to populate the cpu servers’s factotum at boot.

once you have a populated factotum it can hold any keys you like.

beware: this is what i use on the labs distro, i believe it applies to 9front too, but if not i am sure someone will kindly correct me.


> On 14 Feb 2022, at 7:27 pm, Mack Wallace <mackbw@mapinternet.com> wrote:
> I have some CPU servers that connect to some other devices via SSH. Being a CPU server, factotum doesn’t ask for passwords, and this CPU server is remote anyway and will running scripts to access the other hardware. 
> While we could add the key (username, password, ssh thumb) to factotum through a script, it would be a lot nicer to have the other one or two keys loaded from nvram. I know the nvram partition is typically small (only 512 bytes), but I also know that a larger nvram partition could be made. So is there a way to add keys to the nvram?
> I did try to use auth/factotum -k (with -S) to 'write’ factotum to nvram as stated in the man page. We also checked the secstore man page and tried the procedure outlined there (though lacked confidence that would work because it is specific for a secstore server) - that did not work either. 
> Look forward to the response.
> Thanks,
> Mack

  reply	other threads:[~2022-02-15  8:47 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-14 14:48 Mack Wallace
2022-02-14 22:11 ` Steve Simon [this message]
2022-02-15 18:46   ` Mack Wallace

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=22BDB269-25B6-4E0C-AF9C-23A0D81BC2BD@quintile.net \
    --to=steve@quintile.net \
    --cc=9front@9front.org \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).