Home Page › Forums › Network Management › ZeroShell › Is it possible to auto provision clients in ZeroShell? › Reply To: Is it possible to auto provision clients in ZeroShell?
There are hundreds of bash scripts in that folder. They automate many operations, such as adding new firewall rules, QoS rules, managing network interfaces e.t.c.
For example run
/root/kerbynet.cgi/scripts/dhcp_addstatic 00 192.168.10.10 AA:BB:CC:DD:EE:FF
to add new static DHCP entry.
Remote execution of those commands can be done via ssh:
ssh root@ZEROSHELL.IP.ADDRESS "/root/kerbynet.cgi/scripts/command_to_run ARG1 ARG2 ARG3"
To enable remote login via ssh without typing root password you can do next steps (manual copied from page that cannot be found on the web anymore):
SSH to you ZeroShell firewall and login as “admin” then drop to a shell “S”.
In the “/Database” directory, create a directory called “startup”.
Copy “/etc/ssh/sshd_config” to “/Database/startup/sshd_config”.
Edit “/Database/startup/sshd_config” and comment out “AllowUsers admin”, then uncomment “#AuthorizedKeysFile .ssh/authorized_keys” and save the file eg.
# AllowUsers admin
On your other machine:
Run “ssh-keygen -t rsa” to generate a public / private key pair, in “/root/.ssh/id_rsa”
DO NOT ENTER A PASSPHRASE
Copy the contents of “/root/.ssh/id_rsa.pub” using your fav editor to the ZeroShell “/Database/startup/.ssh/authorized_keys” file.
Create a startup script, “/Database/startup/rc.local” and paste in the following (modify YOUR_ROOT_PASSWORD below)
/bin/cp /Database/startup/sshd_config /etc/ssh/sshd_config
/bin/cp -Rp /Database/startup/.ssh /root/.ssh
echo “root:YOUR_ROOT_PASSWORD” | /usr/sbin/chpasswd /sbin/service sshd restart
Login to your ZeroShell web admin and navigate to “Setup”, then “Startup”
Enable the startup configuration and add “/Database/startup/rc.local” to the Pre-boot startup script and save it.
Reboot your ZeroShell firewall.
You should now be able to SSH in as “root” with the password set above and drop to a shell prompt.
Check that an SSH connection from your LAN box to your ZeroShell firewall returns a “root@ZS root>” without prompting for a password eg.
ssh -i /root/.ssh/id_dsa root@ZEROSHELL_IP
This is not very secure but works for me.