From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 12058 invoked from network); 15 Feb 2022 08:47:11 -0000 Received: from 4ess.inri.net (216.126.196.42) by inbox.vuxu.org with ESMTPUTF8; 15 Feb 2022 08:47:11 -0000 Received: from haggis.mythic-beasts.com ([46.235.224.141]) by 4ess; Mon Feb 14 17:11:58 -0500 2022 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=quintile.net; s=mythic-beasts-k1; h=To:Date:Subject:From; bh=tym0J+AXicILJMIYlIk5di3o/ePuwPzPgpHETJtRH7w=; b=bfD4tyiUflb6hnHsUZJn0J3fF7 OK4pPJJSWNNhXxv6el1MduHVBtYXYlXPgCO1U0TIzvG//x3qJvhSMKyDhnlukoSRLtH+kGkGr2P3K FelhTpFkUSgYspdGisiH4s/B4T21384u6WA4mvlPglAmxbp+HZoT8lP3KDZkCLNxrhSiKCH85eHFV g5XWsc+ng/XKsw/TK2GvZV5ZVmuOOr6x91wp+HNQ0eUvGXbEBsd62FdE08+sgJOcrhsDSWqmRAxoh lmi4Jflbt/qRPvCyIZYoKCLfgUziOwu0FV4jFvWpN4I9YW4zdXNYsmknjjlEDwuV1bncxp83PDuhH 6IS+ooBw==; Received: from [81.187.198.132] (port=61403 helo=smtpclient.apple) by haggis.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1nJjZc-0004XZ-KE for 9front@9front.org; Mon, 14 Feb 2022 22:11:56 +0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Steve Simon Mime-Version: 1.0 (1.0) Date: Mon, 14 Feb 2022 22:11:55 +0000 Message-Id: <22BDB269-25B6-4E0C-AF9C-23A0D81BC2BD@quintile.net> References: <0100017ef8b49b77-efd8ac91-87b4-4754-96ff-4842b10dcb2a-000000@email.amazonses.com> In-Reply-To: <0100017ef8b49b77-efd8ac91-87b4-4754-96ff-4842b10dcb2a-000000@email.amazonses.com> To: 9front@9front.org X-Mailer: iPhone Mail (19C63) X-BlackCat-Spam-Score: 14 List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: private session singleton component-oriented framework Subject: Re: [9front] Can additional keys be added to nvram? Reply-To: 9front@9front.org Precedence: bulk cpu servers usually have a secstore key stored in an nvram partition on disk= using auth/wrkey. the secstore key is then used to populate the cpu servers=E2=80=99s factotum= at boot. once you have a populated factotum it can hold any keys you like. beware: this is what i use on the labs distro, i believe it applies to 9fron= t too, but if not i am sure someone will kindly correct me. -Steve > On 14 Feb 2022, at 7:27 pm, Mack Wallace wrote: >=20 > =EF=BB=BFI have some CPU servers that connect to some other devices via SS= H. Being a CPU server, factotum doesn=E2=80=99t ask for passwords, and this C= PU server is remote anyway and will running scripts to access the other hard= ware.=20 >=20 > While we could add the key (username, password, ssh thumb) to factotum thr= ough a script, it would be a lot nicer to have the other one or two keys loa= ded from nvram. I know the nvram partition is typically small (only 512 byte= s), but I also know that a larger nvram partition could be made. So is there= a way to add keys to the nvram? >=20 > I did try to use auth/factotum -k (with -S) to 'write=E2=80=99 factotum to= nvram as stated in the man page. We also checked the secstore man page and t= ried the procedure outlined there (though lacked confidence that would work b= ecause it is specific for a secstore server) - that did not work either.=20 >=20 > Look forward to the response. >=20 > Thanks, >=20 > Mack >=20