Updated: 2020/Jul/29


CREDS_MSDOS(8)              System Manager's Manual             CREDS_MSDOS(8)

NAME
     creds_msdos - automatically add login credentials from MSDOS partition

SYNOPSIS
     creds_msdos start

DESCRIPTION
     The creds_msdos rc.d script allows automatic addition of login
     credentials during boot using a special file found on the MSDOS partition
     of a bootable image.  This script is not distributed with the normal
     system and is only included with pre-installed bootable images.  The goal
     is to allow remote access of the system without having to edit the
     primary root file system (which may not be accessible from the host the
     image is being written from), but place this information in the MSDOS
     partition that most platforms can easily access.

     Typically, an installable image (such as arm64.img) is written to an SD
     card or similar media, and has both a native FFS partition as well as an
     MSDOS partition for booting.  If this script is enabled and has been
     pointed at the boot partition it will inspect the file creds.txt for any
     credentials to be added to the system.

     These are the supported options in the credentials files:
           sshkeyfile user keyfile
           sshkey user keystring
           useraddpwhash user pwhash
           useradd user password

     In all cases user is the username to be added, and the user will be added
     to the "wheel" group.

     The sshkeyfile method looks in the MSDOS boot partition for the specified
     file and merges ssh keys from this file into user's
     ~/.ssh/authorized_keys file.

     The sshkey method adds the keystring to the user's ~/.ssh/authorized_keys
     file.

     The useraddpwhash method uses pwhash as the users's password hash.

     The above three methods are the preferred methods.

     For the useradd method password is an unencrypted raw password that will
     be hashed and added to the system.  This method is not recommended as it
     leaves unencrypted passwords around until such time that the script runs.
     If this method is used then the creds.txt file will be shredded and
     deleted using "rm -P" after the credentials are updated.

FILES
     /boot/creds.txt

SEE ALSO
     pwhash(1), rm(1), ssh(1), ssh_config(5), mount_msdos(8), sshd(8),
     useradd(8)

HISTORY
     The creds_msdos script appeared in NetBSD 9.0.

AUTHORS
     Matthew R. Green <mrg@eterna.com.au>.

NetBSD 9.99                      June 10, 2019                     NetBSD 9.99