diff options
author | Andre McCurdy <armccurdy@gmail.com> | 2017-03-06 17:42:25 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-03-10 10:15:44 +0000 |
commit | 6bd7341a38a8bb5387ea81dbccfed327370569f3 (patch) | |
tree | c5ace7076e06dfc8853a68530de06e9dd049628f | |
parent | 5cc3592afc72bae8dd12d3d8ff15bb7418baaea3 (diff) | |
download | openembedded-core-6bd7341a38a8bb5387ea81dbccfed327370569f3.tar.gz openembedded-core-6bd7341a38a8bb5387ea81dbccfed327370569f3.tar.bz2 openembedded-core-6bd7341a38a8bb5387ea81dbccfed327370569f3.zip |
dropbear: drop support for DSA host keys in dropbear init script
Bring the dropbear init script into sync with the systemd service
file (dropbearkey.service supports RSA host keys only) and with
recent versions of openssh which deprecate DSA host keys.
https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
-rwxr-xr-x | meta/recipes-core/dropbear/dropbear/init | 36 |
1 files changed, 6 insertions, 30 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init index 434bd6b971..f6e1c462fa 100755 --- a/meta/recipes-core/dropbear/dropbear/init +++ b/meta/recipes-core/dropbear/dropbear/init @@ -40,49 +40,28 @@ done if [ $readonly_rootfs = "1" ]; then mkdir -p /var/lib/dropbear DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key" - DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key" else DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key" - DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key" fi test -z "$DROPBEAR_BANNER" || \ DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER" test -n "$DROPBEAR_RSAKEY" || \ DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT -test -n "$DROPBEAR_DSSKEY" || \ - DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT -test -n "$DROPBEAR_KEYTYPES" || \ - DROPBEAR_KEYTYPES="rsa" gen_keys() { -for t in $DROPBEAR_KEYTYPES; do - case $t in - rsa) - if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then - rm $DROPBEAR_RSAKEY || true - fi - test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS - ;; - dsa) - if [ -f "$DROPBEAR_DSSKEY" -a ! -s "$DROPBEAR_DSSKEY" ]; then - rm $DROPBEAR_DSSKEY || true - fi - test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY $DROPBEAR_DSSKEY_ARGS - ;; - esac -done + if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then + rm $DROPBEAR_RSAKEY || true + fi + test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS } case "$1" in start) echo -n "Starting $DESC: " gen_keys - KEY_ARGS="" - test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" - test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" start-stop-daemon -S -p $PIDFILE \ - -x "$DAEMON" -- $KEY_ARGS \ + -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \ -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS echo "$NAME." ;; @@ -95,11 +74,8 @@ case "$1" in echo -n "Restarting $DESC: " start-stop-daemon -K -x "$DAEMON" -p $PIDFILE sleep 1 - KEY_ARGS="" - test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" - test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" start-stop-daemon -S -p $PIDFILE \ - -x "$DAEMON" -- $KEY_ARGS \ + -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \ -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS echo "$NAME." ;; |