CREDS_MSDOS(8) System Manager's Manual CREDS_MSDOS(8)

creds_msdosautomatically add login credentials from MS-DOS partition

creds_msdos start

The creds_msdos rc.d script allows automatic addition of login credentials during boot using a special file found on the MS-DOS partition of a bootable image. This script is not distributed with the normal system and is only included with pre-installed bootable images. The goal is to allow remote access of the system without having to edit the primary root file system (which may not be accessible from the host the image is being written from), but place this information in the MS-DOS partition that most platforms can easily access.

Typically, an installable image (such as arm64.img) is written to an SD card or similar media, and has both a native FFS partition as well as an MS-DOS partition for booting. If this script is enabled and has been pointed at the boot partition it will inspect the file creds.txt for any credentials to be added to the system.

The following list gives the supported options in the credentials files. In all cases user is the username to be created, and the user will be added to the ‘wheel’ group.

user keyfile
Look for the keyfile in the MS-DOS boot partition and merge ssh keys from this file into user's ~/.ssh/authorized_keys file.
user keystring
Add the keystring to the user's ~/.ssh/authorized_keys file.
user pwhash
Use pwhash as the users's password hash.
user password
Use password as the users's unencrypted raw password that will be hashed.

This method is as it leaves unencrypted passwords around until such time that the script runs. If this method is used then the creds.txt file will be shredded and deleted using ‘rm -P’ after the credentials are updated.

/boot/creds.txt

pwhash(1), rm(1), ssh(1), ssh_config(5), mount_msdos(8), sshd(8), useradd(8)

The creds_msdos script appeared in NetBSD 9.0.

Matthew R. Green <mrg@eterna23.net>.

June 10, 2019 NetBSD 10.99