sshd

OpenSSH SSH daemon

Syntax:

/usr/sbin/sshd [-46Ddeiqt] [-b bits] [-f config_file]
               [-g login_grace_time] [-h host_key_file]
               [-k key_gen_time] [-o option] [-p port]
               [-u len]
Note: You must use the absolute path to launch this daemon.

Runs on:

QNX Neutrino

Options:

See sshd in the NetBSD documentation.

Description:

The sshd (OpenSSH Daemon) is the daemon program for ssh. Together, these programs replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. For more information, see sshd in the NetBSD documentation.

Setting up SSH access to a QNX Neutrino target

Here's how you can enable access via SSH and SFTP on a “plain” system that doesn't have telnet or similar configured. A writable POSIX filesystem is a requirement (fs-qnx6, devf*, or fs-etfs*), and it must be mounted under /.

  1. Add the following lines to your mkifs buildfile (if they aren't there already):
    • In the boot script, start random before you launch io-pkt:
      random -p
      
    • In the library section (before [data=c]):
      libcrypto.so.2
      libz.so.2
      
    • In the binary section (after [data=c]):
      mkdir
      passwd
      
      /usr/sbin/sshd=sshd
      ssh-keygen
      /usr/libexec/sftp-server=${QNX_TARGET}/${PROCESSOR}/usr/libexec/sftp-server
      
      # These env vars will be set when you log in via ssh; adjust as needed:
      
      /etc/profile = {
          PATH=/proc/boot:/bin:/usr/bin:/sbin:/usr/sbin
          LD_LIBRARY_PATH=/proc/boot:/lib:/usr/lib:/lib/dll
      }
      

      You can also define your own versions of /etc/services and etc/ssh/sshd_config if the default versions aren't suitable.

  2. Generate a new OS image.
  3. Boot your QNX Neutrino target with the new boot image, and then do the following:
    1. If they don't already exist, create a writeable /etc directory for /etc/passwd, and /etc/ssh/ for the keys to be generated:
      mkdir -p /etc/ssh
      
    2. Make sure that /etc/passwd exists and contains an entry for root (so you can create keys), and an entry for the privilege separation user, sshd:
      sshd:x:15:6:sshd:/var/chroot/sshd:/bin/false
      
    3. Generate the authentication keys. For example:
      ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
      ssh-keygen -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N ''
      ssh-keygen -t ecdsa -b 521 -f /etc/ssh/ssh_host_ecdsa_key -N ''
      ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''
      
    4. Create the required directories:
      mkdir -p /var/chroot/sshd
      chmod 700 /var/chroot/sshd
      
  4. Start sshd:
    /usr/sbin/sshd
    

You should now be able to access the target with an SSH client and via SFTP.

Note: This utility is PAM-aware and supported by the PAM framework. This utility parses its configuration files before PAM does and requires additional configuration to enable PAM. For more information about how QNX Neutrino uses the OpenPAM framework, see the Security Developer's Guide.

Contributing author:

NetBSD