kevinds
Posts: 8
Joined: Wed Jul 12, 2017 7:48 am

Request for SSH Enabled Images

Wed Jul 12, 2017 8:08 am

Howdy,

Hopefully this is the correct place..

I am wanting to make an 'official' request to add an image for at least Raspbian Lite (and maybe full Raspbian) to have an image file with SSH enabled.

I have been reinstalling my Pi a number of times lately on-the-fly using this:

Code: Select all

echo 1 > /proc/sys/kernel/sysrq
     
curl -L https://downloads.raspberrypi.org/raspbian_lite_latest | funzip | dd bs=4M of=/dev/mmcblk0
  
echo b > /proc/sysrq-trigger
Except I can't use that URL.. I am doing this remotely, so I found another script that builds an image with the 'touch ssh' in the boot directory, to enable SSH on first boot, I then use that file instead.

This isn't a huge deal, but it means that I have to rebuild the image every time a new version of Raspbian Lite is released. This I do not keep up on, so I've just been doing it whenever I remember..

I can't be the only one who would appreciate this?

Yes, I know the bad-guys take advantage of people who don't change the pi account password, but this would be an image for people who need it, not the default file for everybody. I would hope anybody using the above would know to immediately login and change the pi password..

Is there another place I should be making this request?

Thinking something like
https://downloads.raspberrypi.org/raspb ... eneral_use

It keeps SSH disabled by default for the masses and not so much of a PITA for those that need it.

Thoughts?

fruitoftheloom
Posts: 20482
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: Request for SSH Enabled Images

Wed Jul 12, 2017 9:29 am

kevinds wrote:Howdy,

Hopefully this is the correct place..

I am wanting to make an 'official' request to add an image for at least Raspbian Lite (and maybe full Raspbian) to have an image file with SSH enabled.

I have been reinstalling my Pi a number of times lately on-the-fly using this:

Code: Select all

echo 1 > /proc/sys/kernel/sysrq
     
curl -L https://downloads.raspberrypi.org/raspbian_lite_latest | funzip | dd bs=4M of=/dev/mmcblk0
  
echo b > /proc/sysrq-trigger
Except I can't use that URL.. I am doing this remotely, so I found another script that builds an image with the 'touch ssh' in the boot directory, to enable SSH on first boot, I then use that file instead.

This isn't a huge deal, but it means that I have to rebuild the image every time a new version of Raspbian Lite is released. This I do not keep up on, so I've just been doing it whenever I remember..

I can't be the only one who would appreciate this?

Yes, I know the bad-guys take advantage of people who don't change the pi account password, but this would be an image for people who need it, not the default file for everybody. I would hope anybody using the above would know to immediately login and change the pi password..

Is there another place I should be making this request?

Thinking something like
https://downloads.raspberrypi.org/raspb ... eneral_use

It keeps SSH disabled by default for the masses and not so much of a PITA for those that need it.

Thoughts?
SSH was disabled for the reasons explained in this Blog:

https://www.raspberrypi.org/blog/a-secu ... ian-pixel/
Retired disgracefully.....

User avatar
jojopi
Posts: 3079
Joined: Tue Oct 11, 2011 8:38 pm

Re: Request for SSH Enabled Images

Wed Jul 12, 2017 9:50 am

Why not touch the file between the dd and the reboot?

kevinds
Posts: 8
Joined: Wed Jul 12, 2017 7:48 am

Re: Request for SSH Enabled Images

Wed Jul 12, 2017 6:02 pm

fruitoftheloom wrote: SSH was disabled for the reasons explained in this Blog:

https://www.raspberrypi.org/blog/a-secu ... ian-pixel/
Huh? I addressed this issue in my post.. And why I requested a separate image for those that need/want it.

kevinds
Posts: 8
Joined: Wed Jul 12, 2017 7:48 am

Re: Request for SSH Enabled Images

Wed Jul 12, 2017 6:05 pm

jojopi wrote:Why not touch the file between the dd and the reboot?
I was experimenting and after the dd I really couldn't do anything without errors, as I had completely re imaged the SD card.

Code: Select all

[email protected]:~ # touch /boot/ssh
-bash: /usr/bin/touch: cannot execute binary file: Exec format error

Milliways
Posts: 434
Joined: Fri Apr 25, 2014 12:18 am
Location: Sydney, Australia

Re: Request for SSH Enabled Images

Thu Jul 13, 2017 6:56 am

kevinds wrote: This isn't a huge deal, but it means that I have to rebuild the image every time a new version of Raspbian Lite is released. This I do not keep up on, so I've just been doing it whenever I remember..
Why are you downloading new images?
I am still using Raspberry Pi reference 2015-09-24 (armhf) with regular updates.

kevinds
Posts: 8
Joined: Wed Jul 12, 2017 7:48 am

Re: Request for SSH Enabled Images

Thu Jul 13, 2017 8:08 am

Milliways wrote: Why are you downloading new images?
I am still using Raspberry Pi reference 2015-09-24 (armhf) with regular updates.
Lately I have been experimenting with NEMS vs a Raspbian Lite and clean install of NAGIOS.

But usually because I break the OS.. I try and figure things out on my own (with Google-Fu), rather than ask for help for 'noob' questions...
Ever since I got my Pi3 board, I have been trying to get rid of dhcpcd... Every time I think I might have it figured out and uninstall it, it seems to break the entire network static.. This requires my workstation to re-image, which is usually when I check for a updated image.

If I am going to install a fresh copy of Raspbian, I figure I might as well start with the latest edition, rather than than an older non-updated copy.. apt-get is often very slow (guessing from the MicroSD transfer rates).

Overall though, does it matter why?

Milliways
Posts: 434
Joined: Fri Apr 25, 2014 12:18 am
Location: Sydney, Australia

Re: Request for SSH Enabled Images

Thu Jul 13, 2017 8:27 am

kevinds wrote:
Milliways wrote: Why are you downloading new images?
I am still using Raspberry Pi reference 2015-09-24 (armhf) with regular updates.
But usually because I break the OS..

Ever since I got my Pi3 board, I have been trying to get rid of dhcpcd... Every time I think I might have it figured out and uninstall it, it seems to break the entire network static.. This requires my workstation to re-image, which is usually when I check for a updated image.

Overall though, does it matter why?
It is much easier to backup your image, before doing an update, then it can be restored without requesting the Foundation to make special images.

If you REALLY want to get rid of dhcpcd (I can't imagine why, it is much more robust than Debian networking) see [How do I set up networking/WiFi/Static IP](http://raspberrypi.stackexchange.com/a/37921/8697)

pcmanbob
Posts: 6649
Joined: Fri May 31, 2013 9:28 pm
Location: Mansfield UK

Re: Request for SSH Enabled Images

Thu Jul 13, 2017 8:37 am

Hi.

If you are re-flashing your SD card while its in your pc why don't you just create the ssh blank file in the boot directory, that way on first boot ssh is enabled ready for you.
I do this on every new SD card I flash I happen to use windows so I use this to create the ssh file "echo.>k:\ssh" K being my card reader, but I am sure you could do the same with touch in linux
We want information… information… information........................no information no help
The use of crystal balls & mind reading are not supported

User avatar
jojopi
Posts: 3079
Joined: Tue Oct 11, 2011 8:38 pm

Re: Request for SSH Enabled Images

Thu Jul 13, 2017 9:34 am

kevinds wrote:-bash: /usr/bin/touch: cannot execute binary file: Exec format error
Yes, I did wonder whether you were overwriting your active root filesystem. If you install package busybox-static, copy /bin/busybox to /dev/shm/, and run "/dev/shm/busybox sh" before starting, then you should still have a basic set of utilities available after the dd completes.

It is essential to disable swap and remount all filesystems readonly (echo u > /proc/sysrq-trigger) before starting. Otherwise you risk kernel panic, or metadata from the old systems being written back on top of the new.

Unfortunately there are too many other potential problems to consider this procedure reliable, especially if you need to do it remotely over SSH, not on console. If anything at all goes wrong (such as a download error) the card will almost certainly be left in an unbootable state.

jahboater
Posts: 4603
Joined: Wed Feb 04, 2015 6:38 pm

Re: Request for SSH Enabled Images

Thu Jul 13, 2017 9:49 am

pcmanbob wrote: I do this on every new SD card I flash I happen to use windows so I use this to create the ssh file "echo.>k:\ssh" K being my card reader, but I am sure you could do the same with touch in linux
You don't even need touch: ">ssh" is enough.

kevinds
Posts: 8
Joined: Wed Jul 12, 2017 7:48 am

Re: Request for SSH Enabled Images

Thu Jul 13, 2017 10:15 am

Milliways wrote: If you REALLY want to get rid of dhcpcd (I can't imagine why, it is much more robust than Debian networking) see [How do I set up networking/WiFi/Static IP](http://raspberrypi.stackexchange.com/a/37921/8697)
That does not cover getting rid of dhcpcd, unless I am missing something.. Disable yes, but not get rid of..
I've read that thread many times..

I can not get static IPv6 addresses to work properly when using it and it really messes with resolv.conf
I can't imagine why
Because /etc/networking/interfaces is simple and clean. A bare amount about the interfaces and everything is happy.

/etc/networking/interfaces

Code: Select all

iface eth0 inet static
        address 192.168.1.4
        netmask 255.255.255.0
        gateway 192.168.1.1
        dns-nameservers 192.168.1.2 192.168.1.3


iface eth0 inet6 static
        address 2001:a:a:a::c:24
        netmask 64
        gateway 2001:a:a:a::c:1
        dns-nameservers 2001:a:a:a::c:2 2001:a:a:a::c:3
If another networking tool such as Webmin changes the network configuration, it really breaks dhcpcd.

(Maybe I just don't understand it well enough yet... Perhaps that will go away with time and practice)

That being said, I still can not find a proper manual for dhcpcd and all the parameters, or even a guide for IPv6 setup.
http://linuxcommand.org/man_pages/dhcpcd8.html just doesn't cut it.
pcmanbob wrote:Hi.

If you are re-flashing your SD card while its in your pc why don't you just create the ssh blank file in the boot directory, that way on first boot ssh is enabled ready for you.
When I use my PC to re-image it, is usually when I remember to check if there is a new version, then usually shake my head that I didn't think to check for a new version some time ago.. ;) I primarily use the curl piped into dd method, with an image modified only with the /boot/ssh file.
jojopi wrote:Yes, I did wonder whether you were overwriting your active root filesystem.
Yep :D
jojopi wrote:Unfortunately there are too many other potential problems to consider this procedure reliable, especially if you need to do it remotely over SSH, not on console. If anything at all goes wrong (such as a download error) the card will almost certainly be left in an unbootable state.
So far, and I have tried breaking it doing this.. ;) Using a zip file is safer then the image file directly..

If curl exits for any error, it doesn't pipe into funzip, then doesn't pipe into dd
If using an image file, as long as curl finishes, it pipes into dd, a corrupt download will require going to get SD card and redoing it in the traditional way.
If using a zip file, curl can finish 'successfully' with corruption but funzip will catch the corruption, and then exit and not pipe it into dd.

If both curl and funzip 'pass' then yes, but at that point, you will have written this with the traditional way, using another computer anyways.

And yes, I do not have a console attached, (I did for the first couple weeks playing with the different NOOBS OS's).. It is sitting on top of a PoE switch (also powers the Pi3) in my rack. So when I need to physically power cycle it, I cycle the PoE port. The only time I touch it is when I have broken the network stack. Maybe will look into connecting my Ethernet-to-Serial adapter (when not in use) to it, and using it to hopefully access the console if needed.

Overall, I have yet to give any of my Pi3 boards a serious role (had 4 of them at one point) because I am still trying to set it up. In the end, I plan to have it running BIND, NUT, NAGIOS, and maybe if it can handle it, an OpenVPN server...

Really though, I wanted to see how many other people liked the idea of an official image with SSH enabled

User avatar
B.Goode
Posts: 8256
Joined: Mon Sep 01, 2014 4:03 pm
Location: UK

Re: Request for SSH Enabled Images

Thu Jul 13, 2017 10:34 am

I wanted to see how many other people liked the idea of an official image with SSH enabled
This isn't Facebook: the number of Likes won't change the situation.

The Raspberry Pi Foundation have made a deliberate policy decision for reasons they have documented. They might be influenced by rational debate, but I doubt they will be swayed by straw polls or referenda.

kevinds
Posts: 8
Joined: Wed Jul 12, 2017 7:48 am

Re: Request for SSH Enabled Images

Thu Jul 13, 2017 11:01 am

B.Goode wrote:
This isn't Facebook: the number of Likes won't change the situation.

The Raspberry Pi Foundation have made a deliberate policy decision for reasons they have documented. They might be influenced by rational debate, but I doubt they will be swayed by straw polls or referenda.
I don't use Facebook.. Do likes do anything on Facebook?

They might be influenced by rational debate, but I doubt they will be swayed by straw polls or referenda
Rational debate is what I was trying for.. :)

There are good reasons for having an SSH image (IMO anyways haha), there are also good reasons not to have the default image with SSH enabled.

Every Linux distribution I have experienced, the 'minimal' install still has SSHd installed and enabled. It makes sense for Raspbian Lite to have SSH enabled by default, and have it disabled by default on the Full image. The non-tech user is more likely not to properly secure their system, however I don't foresee many non-tech users installing Lite.

But if there is no interest from the community, there isn't a good reason to have said debate.


Maybe I'm just doing it wrong...

klricks
Posts: 6545
Joined: Sat Jan 12, 2013 3:01 am
Location: Grants Pass, OR, USA
Contact: Website

Re: Request for SSH Enabled Images

Thu Jul 13, 2017 1:26 pm

kevinds wrote:.....
Every Linux distribution I have experienced, the 'minimal' install still has SSHd installed and enabled. .......
Might be but I am pretty sure most distributions have ssh disabled by default in the firewall... at least that is how it was with Fedora.

IMO ssh being disabled on the RPi is a very minor inconvenience amongst the other setup that needs to be done on a new image such as setting the locale and keyboard etc.
It really only impacts users who go headless on first boot. For that I have the ssh file already created on my host computer and just drag and drop it into a new image.
Unless specified otherwise my response is based on the latest and fully updated Raspbian Buster w/ Desktop OS.

kevinds
Posts: 8
Joined: Wed Jul 12, 2017 7:48 am

Re: Request for SSH Enabled Images

Thu Jul 20, 2017 5:31 am

klricks wrote:
Might be but I am pretty sure most distributions have ssh disabled by default in the firewall. at least that is how it was with Fedora.
Not for minimal installs.

I just installed Fedora Minimal, SSH is enabled (and not firewalled) on first boot.

Not sure where to pursue this [email protected] ?

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 5873
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: Request for SSH Enabled Images

Thu Jul 20, 2017 11:06 am

That would involve doubling the amount of images that need testing and the deployment time for little to no benefit for 99% of the users. If you would like to pursue it, I would recommend maintaining such a set of images yourself. If they're popular, that would be a good reason to reconsider.

kevinds
Posts: 8
Joined: Wed Jul 12, 2017 7:48 am

Re: Request for SSH Enabled Images

Thu Jul 20, 2017 11:43 am

ShiftPlusOne wrote:That would involve doubling the amount of images that need testing and the deployment time for little to no benefit for 99% of the users. If you would like to pursue it, I would recommend maintaining such a set of images yourself. If they're popular, that would be a good reason to reconsider.
Yes, thinking about this more, and comparing to many other distros, 'Lite' should have SSH enabled.. But not the normal/full image.

I will setup a server to host them then. :)

Is there a new-releases mailing list? Google is failing me for this..

S0litaire
Posts: 216
Joined: Thu Dec 29, 2011 4:24 pm
Location: Ayrshire, Scotland
Contact: ICQ Skype Twitter

Re: Request for SSH Enabled Images

Thu Jul 20, 2017 1:40 pm

Best suggestion would be to "build" your own image.

Get latest image and install, set it to how you require it and use that as a baseline.

Then just dd the whole card to an img file stored locally.

If you ever need a new image just us the local file and dd that over the card as per your script.
--
Laters

Bill "Solitaire" C

Anáil nathrach, ortha bhas betha, do cheol déanta

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23365
Joined: Sat Jul 30, 2011 7:41 pm

Re: Request for SSH Enabled Images

Thu Jul 20, 2017 1:55 pm

kevinds wrote:
klricks wrote:
Might be but I am pretty sure most distributions have ssh disabled by default in the firewall. at least that is how it was with Fedora.
Not for minimal installs.

I just installed Fedora Minimal, SSH is enabled (and not firewalled) on first boot.

Not sure where to pursue this [email protected] ?
Here is the best place, and there is no release mailing list - keep an eye on blog posts for major releases.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
"My grief counseller just died, luckily, he was so good, I didn't care."

Return to “Raspbian”