Gentoo Wiki




This article will explain how you can modify Gentoo installation CD to accept ssh connections with public key authentication straight from boot. Modified CD could be used to install Gentoo without keyboard and display.


  1. A running Gentoo Linux system
  2. app-cdr/cdrtools
  3. sys-fs/squashfs-tools

Install tools

Install required tools unless already installed.

emerge cdrtools squashfs-tools

Download CD

Get CD from nearest mirror. Mirrors

cd ~/download
wget <<YOUR FAVORITE MIRROR>>/gentoo/releases/x86/current/installcd/install-x86-minimal-2008.0.iso

Unpack ISO and squashfs image

Unpack CD image and copy files to temporary directory.

modprobe loop
mount -t iso9660 -o loop ~/download/install-x86-minimal-2006.1.iso /mnt/cdrom
mkdir ~/bootcd
cp -a /mnt/cdrom/* ~/bootcd
umount /mnt/cdrom

Unpack squashfs image.

cd ~/bootcd
unsquashfs image.squashfs
mv ./squashfs-root ~/squashroot

Or alternative way to unpack squashfs image.

modprobe squashfs
mount -t squashfs -o loop ~/bootcd/image.squashfs /mnt/cdrom
mkdir ~/squashroot
cp -a /mnt/cdrom/* ~/squashroot/
umount /mnt/cdrom

Generate SSHD keys

Follow Gentoo Linux Keychain Guide to generate public and private key pair. You can also generate SSHD host keys if you don't want new keys to be generated on every boot. Generate SSH Keys

/usr/bin/ssh-keygen -t rsa1 -b 1024 -f ~/squashroot/etc/ssh/ssh_host_key -N ''
/usr/bin/ssh-keygen -d -f ~/squashroot/etc/ssh/ssh_host_dsa_key -N ''
/usr/bin/ssh-keygen -t rsa -f ~/squashroot/etc/ssh/ssh_host_rsa_key -N ''

Modifications to enable SSHD with public key authentication

Copy keys and enable SSHD:

mkdir ~/squashroot/root/.ssh
cp ~/.ssh/authorized_keys ~/squashroot/root/.ssh/
sed -i 's/^SSHD="no"/SSHD="yes"/' ~/squashroot/etc/init.d/autoconfig

Setting your own root password and disable new password generation

If you want to login directly from ssh you need your own root password since it's quite hard guessing the random generated one.

Remove the random password generator and set password:

sed -i 's/^PASSWD="yes"/PASSWD="no"\nPASSWORD="secret"/' ~/squashroot/etc/init.d/autoconfig
Note: This could compromise security.

Disable IPv6

This might be needed after 2007.0 to get IPv4 address from DHCP-Server.

sed -i 's/# alias net-pf-10 off/alias net-pf-10 off/' ~/squashroot/etc/modprobe.d/aliases

Repack squashfs and iso

Remove old squashfs image, pack new image and make iso.

rm ~/bootcd/image.squashfs
mksquashfs ~/squashroot/ ~/bootcd/image.squashfs
mkisofs -R -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -iso-level 4 -hide-rr-moved -c isolinux/ -o livecd.iso ~/bootcd/

Some architectures use Grub boot loader:

mkisofs -R -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 4 -boot-info-table -iso-level 4 -hide-rr-moved -c boot/ -o livecd.iso ~/bootcd/

See also

Retrieved from ""

Last modified: Sat, 06 Sep 2008 22:42:00 +0000 Hits: 9,056