[Buildroot] [PATCH] dropbear: change start-up script to honour pre-existing keys
Arnout Vandecappelle
arnout at mind.be
Wed Nov 15 21:18:38 UTC 2017
On 15-11-17 20:45, Markus Mayer wrote:
> From: Markus Mayer <mmayer at broadcom.com>
>
> Rather than starting dropbear with option -R at all times, we only do
> so if no existing key file is found. This lets dropbear honour
> pre-existing key files, including keys copied into the root file system
> at build time.
That's exactly what the -R option does, no? It creates host keys if they don't
exist yet. Cfr. svr_ensure_hostkey in svr-kex.c.
Regards,
Arnout
>
> Signed-off-by: Markus Mayer <mmayer at broadcom.com>
> ---
> package/dropbear/S50dropbear | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/package/dropbear/S50dropbear b/package/dropbear/S50dropbear
> index 9474eaa..8eea9ae 100644
> --- a/package/dropbear/S50dropbear
> +++ b/package/dropbear/S50dropbear
> @@ -7,7 +7,7 @@
> test -r /etc/default/dropbear && . /etc/default/dropbear
>
> start() {
> - DROPBEAR_ARGS="$DROPBEAR_ARGS -R"
> + msg=' '
>
> # If /etc/dropbear is a symlink to /var/run/dropbear, and
> # - the filesystem is RO (i.e. we can not rm the symlink),
> @@ -26,7 +26,14 @@ start() {
> fi
> fi
>
> - printf "Starting dropbear sshd: "
> + ls /etc/dropbear/*host_key >/dev/null 2>&1
> + if [ $? != 0 ]; then
> + # No key files found. We need to generate a key.
> + DROPBEAR_ARGS="$DROPBEAR_ARGS -R"
> + msg='(with new key) '
> + fi
> +
> + printf "Starting dropbear sshd: $msg"
> umask 077
>
> start-stop-daemon -S -q -p /var/run/dropbear.pid \
>
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
More information about the buildroot
mailing list