10. SSH Server (optional)

Note

If you haven't setup SSH for the SystemRescue system you have to create "/home/david/.ssh/authorized_keys" manually instead of copying out of "/etc/gentoo-installation/systemrescuecd/" as suggested in the following codeblock.

Take care of public key authentication:

rsync -av --chown=david:david /etc/gentoo-installation/systemrescuecd/recipe/build_into_srm/root/.ssh/authorized_keys /home/david/.ssh/ && \
echo -e "\e[1;32mSUCCESS\e[0m"

Configure the SSH server:

echo "\
Port 50022
X11Forwarding no
AuthenticationMethods publickey

AllowUsers david" > /etc/ssh/sshd_config.d/9999999my-custom.conf && \
ssh-keygen -A && \
sshd -t && \
systemctl --no-reload enable sshd.service && \
echo -e "\e[1;32mSUCCESS\e[0m"

Note

For "dispatch-conf" to work for the following change in "/usr/local/sbin", you need to execute the following command after creation and modification of "/usr/local/sbin/._cfg0000_firewall.nft":

dispatch-conf /usr/local/sbin

Open the SSH port:

rsync -a /usr/local/sbin/firewall.nft /usr/local/sbin/._cfg0000_firewall.nft && \
sed -i 's/^#\([[:space:]]*\)tcp dport 50022 ct state new accept$/\1tcp dport 50022 ct state new accept/' /usr/local/sbin/._cfg0000_firewall.nft && \
echo -e "\e[1;32mSUCCESS\e[0m"

Write down fingerprints to double check upon initial SSH connection to the Gentoo Linux machine:

find /etc/ssh/ -type f -name "ssh_host*\.pub" -exec ssh-keygen -vlf {} \;