In the previous two posts we dealt with the script ‘after.local’, which is a remnant on openSUSE of the ‘init’-days, before systemd became the standard.
After looking more closely, it turns out that there is a ‘unit-file’ for ‘after.local’ backward-compatibility. This makes the following rather simple.
Essentially we’ll just have to copy/rename/paste a few files to create a new service that does what we want ;-)
We’ll end up with a ‘rescue_ssh.sh’ script in ‘/usr/local/bin’, a ‘rescue_ssh.service’ unit-file for systemd + a symlink to that in the ‘multi-user.target.wants’ folder. On openSUSE the relevant systemd unit files etc. live in ‘/usr/lib/systemd/system/…’.
A few notes:
* The file ‘$HOME/.mailrc’ must be owned and readable by the user (600).
* The file ‘/usr/local/bin/rescue_ssh.sh’ must be executable (root.root + 600).
* It is vital that the rescue_ssh service is started AFTER any firewall.
# This file is part of systemd.
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
Description=Remote-admin hack via pub-key-auth ssh
After=getty.target SuSEfirewall2.service SuSEfirewall2_init.service
This post is an extension to the previous one, so I suggest reading that as well.