From 45863b94cad8969b6cb4f8afe5e6818a089d1c3c Mon Sep 17 00:00:00 2001 From: Kyle Copperfield Date: Mon, 11 Nov 2019 12:10:45 +0000 Subject: [PATCH] openssh: add openwrt failsafe support Adds failsafe support to the openssh package. Roughly based on an earlier patch. Ref: https://github.com/openwrt/openwrt/pull/865 Signed-off-by: Jeff Kletsky Signed-off-by: Kyle Copperfield --- net/openssh/Makefile | 4 +++- net/openssh/files/sshd.failsafe | 30 ++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100755 net/openssh/files/sshd.failsafe diff --git a/net/openssh/Makefile b/net/openssh/Makefile index 2a0863248..c93ae2794 100644 --- a/net/openssh/Makefile +++ b/net/openssh/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssh PKG_VERSION:=8.4p1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ @@ -219,6 +219,8 @@ define Package/openssh-server/install sed -r -i 's,^#(HostKey /etc/ssh/ssh_host_(rsa|ed25519)_key)$$$$,\1,' $(1)/etc/ssh/sshd_config $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd + $(INSTALL_DIR) $(1)/lib/preinit + $(INSTALL_BIN) ./files/sshd.failsafe $(1)/lib/preinit/99_10_failsafe_sshd $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/ endef diff --git a/net/openssh/files/sshd.failsafe b/net/openssh/files/sshd.failsafe new file mode 100755 index 000000000..ed1429bb4 --- /dev/null +++ b/net/openssh/files/sshd.failsafe @@ -0,0 +1,30 @@ +#!/bin/sh + +failsafe_sshd () { + + # if dropbear is executable it can handle failsafe + [ -x /usr/sbin/dropbear ] && return + + sshd_tmpdir=/tmp/sshd + mkdir $sshd_tmpdir + + sed -i 's/^root:.*/root::0:17000:::::/g' /etc/shadow + + for type in ed25519; do + key=$sshd_tmpdir/ssh_host_${type}_key + ssh-keygen -N '' -t ${type} -f ${key} + done + + mkdir -m 0700 -p /var/empty + + cat > $sshd_tmpdir/sshd_config <