Hello,

I've been a coyotelinux (www.coyotelinux.com -- great thing) user for
quite some time. I was very happy with it, but the fact that they
only have kernel 2.2.19 made me uncomfortable. So I started looking
for a distro that uses kernel 2.4.x and iptables, and came across
floppyfw. After testing it a little I discovered that it had some
features missing, which coyote has got: ssh and scp. I succeeded in
adding this to the 1.9.20-1680kb-pppoe disk and I still have 7 kb
space left. Since many people like ssh access to their firewall, I've
compiled this HowTo to explain how to acomplish that.

Step I: Making the components
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I assume the user has access to a working linux system. I've added a
working sshd.bz2 ans post-sshd.ini already, so you can jump the sshd
instructions if you like.

sshd
----

You need the following components from the contrib directory:
http://www.zelow.no/floppyfw/download/contrib/Brad/ssh/login.bz2
http://www.zelow.no/floppyfw/download/contrib/Brad/ssh/post-login.ini

Additionally, you need the sshd.tgz and the root.tgz files from the
coyotelinux distribution. Grab the distribution from
www.coyotelinux.com
(http://www.coyotelinux.com/files/dist/coyote-1.31.tar.gz) and build
yourself a bootfloppy. Then copy the sshd.tgz and root.tgz archives
from this newly created floppy to a more convenient location.

make 2 directories:
> mkdir a
> mkdir b

Extract the sshd.tgz file and root.tgz file into those:
> tar zvxf sshd.tgz -C a
> tar zvxf root.tgz -C b

Copy some libs from b/lib to a/lib, and create symlinks:
> mkdir a/lib
> cp b/lib/libutil-2.0.7.so a/lib
> cp b/lib/libnsl-2.0.7.so a/lib
(at this point you may need to set symlinks in a/lib like this):
> cd a/lib
> ln -s libutil-2.0.7.so libutil.so.1
> ln -s libnsl-2.0.7.so libnsl.so.1
> cd ../..
(on my coyotedisk those links are present, though I think they are
wrong (shouldn't this be libutil.so.2 ?!?)). You may not need this,
but if sshd complains about some missing link just add those.

Now, this is a good time to modify the a/etc/ssh/sshd_config file. I
recommend you change the line 'ListenAddress 0.0.0.0' to something
like 'ListenAddress 192.168.0.1' if that's the internal IP of your
router. Thus, even if you have no firewall installed noone from the
outside can ssh into your machine.

After this, create your new sshd.bz2 file:
> cd a; tar cvO . |bzip2 > ../sshd.bz2; cd ..

You now can safely remove the a and b directories:
> \rm -fr a 
> \rm -fr b

Finally, create a file post-sshd.ini that looks like this:
/usr/sbin/sshd

login
-----

Time to modify the login.bz2 file.
> mkdir a
> bunzip2 < login.bz2 |tar xvf - -C a
Here, you shold modify the shadow file and add a root password:
> vi a/etc/shadow

replace the line

root::10091:0:99999:7:::

with

root:/ZyqbbXWmk55.:10091:0:99999:7:::

This will give you a root password of 'floppyfw'. Of course it's a
good idea to use a different password, but if you don't know how to
make yourself such a hash, that's at least a password ;-) (leaving
this empty will give you no password on the router).

Now recreate the archive again:
> cd a; tar cvO . |bzip2 > ../login.bz2; cd ..

Remove a:
> \rm -fr a

Now, edit the file post-login.ini and remove or comment the line

/bin/getty 38400 tty2 &

to

# /bin/getty 38400 tty2 &

at the bottom. You won't really need it.

Step 2: Installation
~~~~~~~~~~~~~~~~~~~~

Mount an already working floppyfw floppy you wish to change
> mkdir mnt
> mount -t vfat /dev/fd0u1680 mnt

After that, copy the files login.bz2, post-login.ini, sshd.bz2 and
post-sshd.ini into the packages directory:
> cp login.bz2 sshd.bz2 post-login.ini post-sshd.ini mnt/packages

Edit the file mnt/config and change the following line:

SYSLOG_FLAGS="-m 360 -O /dev/tty3"

to

SYSLOG_FLAGS="-m 360 -O /var/log/syslog"

(I assume you don't have a monitor on your box and want to check the
syslog from within ssh. Output on /dev/tty3 won't help you much there)

Unmount your floppy:
> umount mnt
> rmdir mnt

That's it. After booting the new floppy you should have ssh access,
and should be able to use scp from/to your router. I hope my
directions helped you.

--tst.

-- SNIP --

From a floppyfw article:

From: jab@kibmedia.no (John Arne)
Subject: Re: Coyote-sshd, working?
Newsgroups: floppyfw.general
Date: Sat, 25 May 2002 02:41:01 +0000 (UTC)
Organization: http://florian-amrhein.de/newsportal/

I have now confirmed Coyote-sshd to be working.

Minimum required steps are:

Add the following files to packages
http://www.zelow.no/floppyfw/download/contrib/Brad/ssh/login.bz2
http://www.zelow.no/floppyfw/download/contrib/Brad/ssh/post-login.ini
http://www.zelow.no/floppyfw/download/packages/coyote-sshd/sshd.bz2
http://www.zelow.no/floppyfw/download/packages/coyote-sshd/post-sshd.ini

The login.bz2 package needs to be repacked to work with 1.9.20.
/etc/passwd and /etc/shadow with your login name/password information
should also be added to the login.bz2.
Temporary passwords for testing can be applied using /bin/passwd after the
login.bz2 has been added to the floppy.)

You should then have a floppyfw single floppy 1.68K distro with ssh1
daemon.

Greets.
John Arne