Homework 2

This homework will introduce you to setting up various network technologies for Linux systems.

Overview

Preparation

  • Complete Homework 1
  • Have SSH/X2Go access to your group's syslab container

Skills You Will Acquire

During this assignment you'll gain experiences in the following activities:

  • Configuring and compiling the Linux Kernel with network drivers
  • Configuring and compiling Busybox with networking utilities
  • Configuring and compiling the Dropbear SSH Implementation
  • Using qemu to run Linux in a virtual machine with network access

Pre-Requisites

Before you proceed, please research the following topics. There is no need get into great detail at this point, but simply get an overview of what they are and how they are related.

Assignments

The following table lists the assignments and their interdependencies.

Assignment Dependencies
Linux Kernel -
Busybox -
Dropbear -
InitRamDisk Busybox, Dropbear
qemu (network enabled) Kernel, InitRamDisk

The goals for this homework are the following:

  • Run Linux in a virtual machine with network access to the virtual user network
  • Provide Public-Key authenticated SSH access to the virtual machine from the host to the guest

Documentation (Human Language)

A non-technical assignment is to write documentation and answer questions. You can use either English oder German while working on technical assignments. The suggestion is to use English for practicing purposes and to avoid awkward mixins of English technical terms with German ;-)

hw2/QnA.md Question Boxes

Throughout the document you will find several question boxes. These questions are meant to help you think through what you did and how you can solve the current part of the assignment. Please keep a protocol for answering these questions in your project repository at $REPO_DIR/hw2/QnA.md. The file must contain the questions with brief answers written in your own words.

hw2/README.md (optional)

You can use this document to make the following notes:

  • difficulties throughout the homework
  • design decisions that you think are important to emphasize

Linux Kernel

The configuration from Homework 1 does not include any network protocols and network device drivers. In this assignment, please configure the kernel to support the IP protocol. Then you will need to enable a network interface driver for one ethernet device. Typically, you would look up which driver you need to support any existing hardware. In our case the hardware is virtual and can emulate various network interfaces. To get a list of the supported drivers by qemu, please see the list received by the command qemu-system-x86_64 -device help 2>&1 | less. We will use the virtio-net-pci device for this assignment.

[success] Questions

  • What does the 2>&1 do in the given command? Why is it needed?
  • Which kernel options did you activate in addition to the config from Homework 1 and what are they needed for?

Busybox

Busybox is able to provide networking utilities. Please enable at least the following applets:

  • ifconfig
  • route
  • udhcpc (client!)

[success] Questions

  • How is the DHCP lease applied to the interface by udhcpc?
  • What does the example simple.script do on a new lease?

Dropbear SSH

Use the following sources to compile dropbear:

Configuration

The configuration for dropbear is twofold:

  • configure script
  • The file options.h

The latter can be left alone. For the former the following options are suggested for keeping the system very minimal.

    ./configure --disable-shadow --disable-lastlog --disable-syslog --disable-wtmp --disable-wtmpx --disable-utmpx

Please compile dropbear as a statically linked multi-call binary with its default configuration.

[success] Questions

  • Which applets does the dropbearmulti binary support and what is their purpose?
  • What is shadow, and how can we login to the system if it's not used?

Kernel Configuration changes

Make sure your kernel has the MULTIUSER config option set. Dropbear uses the set*id() systemcalls at login time.

[success] Questions What are the uid and gid numbers in Linux and how are they related to the passwd and group files in etc?

SSH Client Key Generation

For generating an SSH client key, you can either use the builtin dropbearkey or the ssh-keygen utility that's installed in the labshell environment.

[success] Questions

  • How can you display the public key portion of the key file?
  • Which file within a user's home directory is used by the SSH server to know which public keys are authorized for the respective user?

InitRamDisk

The intitial ramdisk for this assignment will include the dropbearmulti binary in addition to the contents from Homework 1.

Dropbear's STATIC=1 is a lie

The dropbearmulti binary, even when statically compiled, uses dlopen() calls to directly open shared libraries. At runtime, the following shared libraries will be needed once you try to login to the SSH server:

  • ld-linux-x86-64.so.2
  • libc.so.6
  • libnss_files.so.2

You can get the full path to these libraries within the development environment using the command gcc -print-file-name=$library_name. These files need to be present in your cpio archive, e.g. underneath /lib. Whatever path you choose for these files needs to be set and exported via the environment variable LD_LIBRARY_PATH before any of the dropbear applets is started.

[success] Questions

  • What is the difference between dynamic linking at compile time and using dlopen() in the code, and why can't the latter be detected with file and ldd?

Run Linux in a Virtual Machine (with qemu)

In addition to the command line arguments from Homework 1 we need to instruct qemu to set up user networking for the virtual machine.

  • -netdev user,id=mynet0,hostfwd=tcp::22222-:22
  • -device virtio-net,netdev=mynet0

[info] Note on VM network connectivity

The virtual machine will not be able to reach any addresses beyond the host, because IPv4 Forwarding is disabled on the containers. Connections between the container and the virtual machine will be possible because qemu assigns an IP Address to the host, which is reachable within the VM's network stack.

[success] Questions

  • How does the hostfwd=... help us to access the dropbear instance inside the VM?
  • What is the full command that can be executed on your container to log in to the VM via SSH as the root user?

On-Disk-Filesystem Layout

An (ASCI) image says more than words:

├── bin
│   ├── busybox
│   ├── dropbearmulti
│   └── sysinfo
└── init

[success] Questions

The init file

In comparison to homework 1, your init file is responsible for the following additional tasks on system boot before spawning the shell

  • Set up the new necessary directories. Which these are depends mostly on choices made by you.
  • Mount devpts at /dev/pts
  • Run the Dropbear SSH daemon in the background

[success] Questions

The allocation of PTY devices is one of the pitfalls when implementing an SSH servers. (Read dropbear's documentation on this)

  • What is the devpts filesystem mounted at /dev/pts used for when dropbear is configured with --enable-openpty (default)?

If /dev/pts is not set mounted as described above, dropbear falls back to using /dev/(pty?|tty??) devices.

  • Which component on the system is responsible for creating these device nodes?

Result To Be Submitted

This section gives you accurate information which files are part of the submission for this homework. Results for bonus assignments are not fully covered within this section.

Test-Suite and Continous Integration

Merge and Run the Continous-Integration test suite.

Build Instructions (hw2/hw2.sh)

A shell script that reproduces the final result of your homework. This shell script will be used to verify your results, and does not need to include commands that run the interactive menuconfig. However, you may implement such functionality for working conveniently within your homework repository.

SSH Key For Authorization

Arguments and Script behavior

Arguments Function
(called without any arguments) Build all artifacts starting with just the files that are checked in to git
qemu Run qemu-system-x86_64, booting your system with the initrd and network
clean Remove all files not tracked by git
ssh_cmd cmd [args...] Establish a connection to the VM's SSH server via authorized_key authentication. It runs the specified command with all arguments inside the VM. An example would be ssh_cmd "echo Hello, World", as found in the CI scripts.

Build Artifacts (Binary Files)

The following files must be present in at hw2/artifacts/ after the build is complete but not tracked by git!

File Target Architecture Purpose
bzImage x86_64 Kernel binary used for qemu
dropbearmulti x86_64 Statically linked multicall binary for Dropbear
initrd.cpio x86_64 Initial RamDisk file in the form of a cpio archive

Directory structure

This is an example directory structure with all files listed that are tracked by git.

.
├──.travis.yml
├──ci
│  └── ...
└──hw2
   ├── dropbear
   │   └── options.h
   ├── hw2.sh
   ├── initrd
   │   ├── bin
   │   │   ├── busybox -> ../../artifacts/busybox
   │   │   ├── dropbearmulti -> ../../artifacts/dropbearmulti
   │   │   └── sysinfo -> ../../artifacts/sysinfo
   │   ├── etc
   │   │   ├── group
   │   │   └── passwd
   │   └── init
   ├── kernel
   │   └── config
   ├── QnA.md
   └── README.md

Other Files and Git

[warning] Please do not add binary files to your git repository. Only add files that represent configuration, source code and build commands.

Bonus Assignments

These optional assignments allow you to dig in a little deeper! They don't depend on each other so you can cherry-pick the ones you are interested in.

Enable shadow passwords and allow password login for a non-root user

  • Configure your system with shadow passwords and add a non-root user with a valid password
  • Present a 'login' shell after system boot and configure a 'default' user with the uid 1000
  • Enable password authentication within dropbear, but only for non-root and non-empty passwords

results matching ""

    No results matching ""