dropbear: drop support for DSA host keys in dropbear init script
Bring the dropbear init script into sync with the systemd service file (dropbearkey.service supports RSA host keys only) and with recent versions of openssh which deprecate DSA host keys. https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html (From OE-Core rev: 6bd7341a38a8bb5387ea81dbccfed327370569f3) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
3f3ced499c
commit
5ccea3e02a
|
@ -40,49 +40,28 @@ done
|
||||||
if [ $readonly_rootfs = "1" ]; then
|
if [ $readonly_rootfs = "1" ]; then
|
||||||
mkdir -p /var/lib/dropbear
|
mkdir -p /var/lib/dropbear
|
||||||
DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
|
DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
|
||||||
DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
|
|
||||||
else
|
else
|
||||||
DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
|
DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
|
||||||
DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
test -z "$DROPBEAR_BANNER" || \
|
test -z "$DROPBEAR_BANNER" || \
|
||||||
DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
|
DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
|
||||||
test -n "$DROPBEAR_RSAKEY" || \
|
test -n "$DROPBEAR_RSAKEY" || \
|
||||||
DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
|
DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
|
||||||
test -n "$DROPBEAR_DSSKEY" || \
|
|
||||||
DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
|
|
||||||
test -n "$DROPBEAR_KEYTYPES" || \
|
|
||||||
DROPBEAR_KEYTYPES="rsa"
|
|
||||||
|
|
||||||
gen_keys() {
|
gen_keys() {
|
||||||
for t in $DROPBEAR_KEYTYPES; do
|
if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
|
||||||
case $t in
|
rm $DROPBEAR_RSAKEY || true
|
||||||
rsa)
|
fi
|
||||||
if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
|
test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
|
||||||
rm $DROPBEAR_RSAKEY || true
|
|
||||||
fi
|
|
||||||
test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
|
|
||||||
;;
|
|
||||||
dsa)
|
|
||||||
if [ -f "$DROPBEAR_DSSKEY" -a ! -s "$DROPBEAR_DSSKEY" ]; then
|
|
||||||
rm $DROPBEAR_DSSKEY || true
|
|
||||||
fi
|
|
||||||
test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY $DROPBEAR_DSSKEY_ARGS
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
}
|
}
|
||||||
|
|
||||||
case "$1" in
|
case "$1" in
|
||||||
start)
|
start)
|
||||||
echo -n "Starting $DESC: "
|
echo -n "Starting $DESC: "
|
||||||
gen_keys
|
gen_keys
|
||||||
KEY_ARGS=""
|
|
||||||
test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
|
|
||||||
test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
|
|
||||||
start-stop-daemon -S -p $PIDFILE \
|
start-stop-daemon -S -p $PIDFILE \
|
||||||
-x "$DAEMON" -- $KEY_ARGS \
|
-x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
|
||||||
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
|
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
|
||||||
echo "$NAME."
|
echo "$NAME."
|
||||||
;;
|
;;
|
||||||
|
@ -95,11 +74,8 @@ case "$1" in
|
||||||
echo -n "Restarting $DESC: "
|
echo -n "Restarting $DESC: "
|
||||||
start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
|
start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
|
||||||
sleep 1
|
sleep 1
|
||||||
KEY_ARGS=""
|
|
||||||
test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
|
|
||||||
test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
|
|
||||||
start-stop-daemon -S -p $PIDFILE \
|
start-stop-daemon -S -p $PIDFILE \
|
||||||
-x "$DAEMON" -- $KEY_ARGS \
|
-x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
|
||||||
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
|
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
|
||||||
echo "$NAME."
|
echo "$NAME."
|
||||||
;;
|
;;
|
||||||
|
|
Loading…
Reference in New Issue