In the previous two posts we dealt with the script ‘after.local’, which is a remnant on openSUSE of the ‘init’-days, before systemd became the standard.
After looking more closely, it turns out that there is a ‘unit-file’ for ‘after.local’ backward-compatibility. This makes the following rather simple.
Essentially we’ll just have to copy/rename/paste a few files to create a new service that does what we want ;-)
We’ll end up with a ‘rescue_ssh.sh’ script in ‘/usr/local/bin’, a ‘rescue_ssh.service’ unit-file for systemd + a symlink to that in the ‘multi-user.target.wants’ folder. On openSUSE the relevant systemd unit files etc. live in ‘/usr/lib/systemd/system/…’.
Download here.
A few notes:
* The file ‘$HOME/.mailrc’ must be owned and readable by the user (600).
* The file ‘/usr/local/bin/rescue_ssh.sh’ must be executable (root.root + 600).
* It is vital that the rescue_ssh service is started AFTER any firewall.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. [Unit] Description=Remote-admin hack via pub-key-auth ssh ConditionFileIsExecutable=/usr/local/bin/rescue_ssh.sh After=getty.target SuSEfirewall2.service SuSEfirewall2_init.service [Service] Type=idle ExecStart=/usr/local/bin/rescue_ssh.sh TimeoutSec=0 RemainAfterExit=yes SysVStartPriority=99 |
This post is an extension to the previous one, so I suggest reading that as well.