Building a Core SSH Memory-Only Virtual Machine

Brennon | | Updated on Thu 30 April 2015

What is the Core Project?

The Core Project is a project dedicated to providing a small, minimal Linux distribution that can be configured for any number of purposes. Tiny Core (http://distro.ibiblio.org/tinycorelinux/concepts.html) is

designed to run from a RAM copy created at boot time. Besides being fast, this protects system files from changes and ensures a pristine system on every reboot. Easy, fast, and simple renew-ability and stability is a principle goal of Tiny Core.

There are three main flavors in the Core suite:

  • Core (9 MB) - command-line only
  • TinyCore (15 MB) - Includes a GUI, wired network support only
  • CorePlus (72 MB) - Different windows managers, various keyboard layouts, and wireless support

Overview

This tutorial provides a walkthrough of how to build a custom ~13 MB Core .iso operating system with a Secure Shell (SSH) server. The 15 MB TinyCore will be used as the operating system and platform to create and configure the Core base .iso.

The goal is to have a customized Core .iso that can be booted into using virtualization software, such as VMware, in mere seconds and is completely memory resident. The operating system is not installed onto a hard drive. The purpose of this tutorial is to set the stage for the next one, which will be about SSH tunneling through a single and multiple servers for the purpose of protecting Internet traffic on public networks, penetration testing, or accessing your home network.

The resulting Core SSH server is perfect for practicing tunneling concepts because it is lightweight, memory-resident, and multiple SSH servers can be spun up in seconds. The install script and pre-configured coressh.iso files are available on the Opsdisk Github repository here: https://github.com/opsdisk/coressh.

Pull requests, suggestions, and improvements are always welcome through our contact page or twitter.

Warning

The primary purpose of the tutorial is to create a lightweight SSH server. No hardening or security best practices (denying root logins, using pre-shared keys) have been implemented with the configuration of the SSH server. You should use the core_install.sh script to generate your own SSH host keys if you are paranoid and don't want to use the pre-configured coressh.iso provided on Github. If you just want to set up a quick SSH lab and are not concerned about security, then the pre-configured coressh.iso is OK.

General Flow

Below is the general flow of building a custom Core .iso:

  • Boot into the Tiny Core .iso operating system
  • Install OpenSSH and ezremaster packages. OpenSSH is the SSH server and ezremaster is used to create custom .iso files.
  • Pull down core_install.sh file from the Opsdisk coressh repository or a local web server to configure the server. This script will pull down the Core-current.iso to customize, edit a couple of files, and create the Core .iso using ezremaster.
  • Pull the customized Core .iso file off the Virtual Machine through SFTP.
  • Boot the coressh.iso as a virtual machine.

Setting Up the Build Platform

This walkthrough uses VMware Workstation 11 as the virtualization software. Your mileage may vary with other virtualization software versions and software.

1) Download the TinyCore .iso file.

2) Create the TinyCore VM with the following characteristics:

  • Install from the TinyCore-current.iso file
  • Guest operating system is "Other Linux 3.x kernel"
  • Virtual machine name: "TinyCore"
  • Maximum disk size: .001 GB; Store virtual disk as a single file
  • Customize Hardware: 256 MB Memory, 1 processor, bridged Network Adapter, uncheck the "Connect at power on" for USB,
  • sound card, and printer
  • Power on the virtual machine

Creating the Customized Core .iso

After powering on the virtual machine, select the first boot option "Boot TinyCore". After the operating system loads, click on the terminal icon at the bottom on the far right. At this point, you must hand jam commands into the terminal because SSH and VMware Tools are not installed for easy copy/paste.

# Ensure you box has an IP address and that DNS works:
ifconfig
ping yahoo.com -c 2

# Install openssl to retrieve HTTPS file from GitHub
tce-load -iw openssl-1.0.1.tcz

# Pull down core_install.sh script
wget https://github.com/opsdisk/coressh/raw/master/core_install.sh -P /tmp

# Mark script as executable
sudo chmod +x /tmp/core_install.sh

# Remove potential DOS line breaks
dos2unix /tmp/core_install.sh

# Execute the install script
/tmp/core_install.sh

From this point on, the script will take care of the rest. It will prompt you to change the passwords for the tc and root user accounts. Below are the credentials for the pre-configured coressh.iso SSH server:

user: tc
password: masterpassword

user: root
password: masterpassword

If you want to walkthrough the script line by line, check out the Script Walkthrough at the end of this tutorial. Once the script completes, pull the newly created ezremaster.iso off the TinyCore VM using a SFTP compatible program, like WinSCP, Filezilla, or the linux scp command.

Booting Up the New Core .iso

Create a new Core VM with the same characteristics as the TinyCore VM, except you can tweak the memory down to 128 MB (try 64 MB first and see if it crashes out).

  • Install from the coressh.iso file
  • Guest operating system is "Other Linux 3.x kernel"
  • Virtual machine name: "CoreSSH"
  • Maximum disk size: .001 GB; Store virtual disk as a single file
  • Customize Hardware: 128 MB Memory, 1 processor, bridged Network Adapter, uncheck the "Connect at power on" for USB, sound card, and printer
  • Power on the virtual machine

Conclusion

This tutorial walks you through creating a minimal Core SSH server that will be used in the next series covering SSH tunneling techniques and tips for the purpose of protecting Internet traffic on public networks, penetration testing, or accessing your home network. All of the code and files can be found on the Opsdisk Github repository here: https://github.com/opsdisk/coressh

Script Walkthrough

Install OpenSSH and ezremaster

tce-load -iw openssh.tcz ezremaster.tcz

Start the SSH server

sudo /usr/local/etc/init.d/openssh start

Download the Core-current.iso file to /tmp

wget http://distro.ibiblio.org/tinycorelinux/6.x/x86/release/Core-current.iso -P /tmp

For the ezremaster walkthrough, click on the ezremaster icon (looks like a CD with "ez" on it) at the bottom of the screen. Select these options:

read -p "Open ezremaster. Click on the ezremaster icon (looks like a CD with 'ez' on it) at the bottom of the screen."
read -p "Use ISO Image, specifying the /tmp/Core-current.iso file"
read -p "Next, Next"
read -p "Click load under the 'Extract TCZ in to initrd'"
read -p "Remove everything except openssh.tcz"
read -p "Next until you can Create ISO (BUT DON'T CREATE ISO YET)"
read -p "Press Enter to continue..."

Edit the isolinux.cfg file to change the boot timeout from 300 (30 seconds) to 10 (1 second).

sudo cp /tmp/ezremaster/image/boot/isolinux/isolinux.cfg /tmp/ezremaster/image/boot/isolinux/isolinux.cfg.backup
sudo sed -i 's/timeout 300/timeout 10/' /tmp/ezremaster/image/boot/isolinux/isolinux.cfg

isolinux.cfg contents

display boot.msg
default microcore
label microcore
    kernel /boot/vmlinuz
    initrd /boot/core.gz
    append loglevel=3

label mc
    kernel /boot/vmlinuz
    append initrd=/boot/core.gz loglevel=3
implicit 0
prompt 1
timeout 10
F1 boot.msg
F2 f2
F3 f3
F4 f4

Add the SSH host keys that were generated when TinyCore installed SSH. Not required, but otherwise every reboot will generate new keys. You should use the core_install.sh script to generate your own host keys if you are paranoid and don't want to use the pre-configured coressh.iso provided on Github.

sudo cp -f /usr/local/etc/ssh/ssh_host_* /tmp/ezremaster/extract/usr/local/etc/ssh

Edit the SSH server configuration

sudo cp /tmp/ezremaster/extract/usr/local/etc/ssh/sshd_config /tmp/ezremaster/extract/usr/local/etc/ssh/sshd_config.backup

# Allow root to login
sudo sed -i 's/#PermitRootLogin/PermitRootLogin/' /tmp/ezremaster/extract/usr/local/etc/ssh/sshd_config

# Allows reverse SSH tunnels (-R option) to listen on interfaces besides 127.0.0.1
sudo sed -i 's/#GatewayPorts no/GatewayPorts yes/' /tmp/ezremaster/extract/usr/local/etc/ssh/sshd_config

Ensure the correct file permissions for the SSH host keys

sudo chown root /tmp/ezremaster/extract/usr/local/etc/ssh/ssh_host*
sudo chmod 644 /tmp/ezremaster/extract/usr/local/etc/ssh/ssh_host*pub
sudo chmod 600 /tmp/ezremaster/extract/usr/local/etc/ssh/ssh_host*key

Start the SSH server on boot

sudo cp /tmp/ezremaster/extract/opt/bootlocal.sh /tmp/ezremaster/extract/opt/bootlocal.sh.backup
sudo echo "/usr/local/etc/init.d/openssh start" >> /tmp/ezremaster/extract/opt/bootlocal.sh

bootlocal.sh contents:

#!/bin/sh
# put other system startup commands here
/usr/local/etc/init.d/openssh start

Give the "tc" user a password

passwd tc

Change root user password

sudo passwd root

Copy the /etc/shadow & /etc/passwd files (which have the new tc and root passwords) from the current TinyCore operating system to the new Core build

sudo cp -f /etc/shadow /tmp/ezremaster/extract/etc/shadow
sudo cp -f /etc/passwd /tmp/ezremaster/extract/etc/passwd

Create the final .iso file using ezremaster. The final location is /tmp/ezremaster/ezremaster.iso

read -p "Now click on Create ISO...script is done. File location: /tmp/ezremaster/ezremaster.iso"