NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e064dd7223
kumquat-buildroot/package/dropbear/S50dropbear
Yann E. MORIN 8012250b86 package/dropbear: add warning about volatile keys 
When the rootfs is read-only, keys will be generated in a volatile
location, which is inherently bad as host keys will change on each boot,
rendering them virtually useless.

Add a warning so the user is at least aware of the issue.

Hide the rm output to avoid noisy output, now that we have a proper warning.

Move the starting message after the symlink-block, to avoid messages
collision. Move the umask as well, since /etc/dropbear/ may be world
readable; just the private host keys should be ?00 (and dropbear handles
that by itself).

[Peter: minor tweaks to commit message]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-08-30 22:05:29 +02:00

62 lines
1.3 KiB
Bash
Raw Blame History

#!/bin/sh
#
# Starts dropbear sshd.
#
# Allow a few customizations from a config file
test -r /etc/default/dropbear && . /etc/default/dropbear
start() {
DROPBEAR_ARGS="$DROPBEAR_ARGS -R"
# If /etc/dropbear is a symlink to /var/run/dropbear, and
# - the filesystem is RO (i.e. we can not rm the symlink),
# create the directory pointed to by the symlink.
# - the filesystem is RW (i.e. we can rm the symlink),
# replace the symlink with an actual directory
if [ -L /etc/dropbear \
-a "$(readlink /etc/dropbear)" = "/var/run/dropbear" ]
then
if rm -f /etc/dropbear >/dev/null 2>&1; then
mkdir -p /etc/dropbear
else
echo "No persistent location to store SSH host keys. New keys will be"
echo "generated at each boot. Are you sure this is what you want to do?"
mkdir -p "$(readlink /etc/dropbear)"
fi
fi
echo -n "Starting dropbear sshd: "
umask 077
start-stop-daemon -S -q -p /var/run/dropbear.pid \
--exec /usr/sbin/dropbear -- $DROPBEAR_ARGS
[ $? = 0 ] && echo "OK" || echo "FAIL"
}
stop() {
echo -n "Stopping dropbear sshd: "
start-stop-daemon -K -q -p /var/run/dropbear.pid
[ $? = 0 ] && echo "OK" || echo "FAIL"
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
restart
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit $?
Reference in New Issue View Git Blame Copy Permalink