Home Explore Help
Register Sign In
oss
/
openadk
4
1
Fork 3
Files Issues 1 Pull Requests 0 Wiki
Browse Source

dropbear: reenable DSS algo support

Tragically, disabling DSS support in order to prevent an error message
from showing up at startup (because of missing dss host key) also
disables support for pubkey auth using DSS keys. And guess which type
mine is. ;)
To provide a usable compromise, make dropbear.init generate the formerly
missing dss host key. So there won't be any error message, either.
Probably this fixes for hosts not being able to authenticate using an
RSS host key, too.
Phil Sutter 15 years ago
parent
a950c478f8
commit
0422754bce
3 changed files with 11 additions and 12 deletions
Split View Show Diff Stats
  1. 2 2
      package/dropbear/Makefile
  2. 8 0
      package/dropbear/files/dropbear.init
  3. 1 10
      package/dropbear/patches/patch-options_h

+ 2 - 2
package/dropbear/Makefile
View File 

@@ -5,14 +5,14 @@ include $(TOPDIR)/rules.mk
 
 
 PKG_NAME:=		dropbear
 
 PKG_VERSION:=		0.52
 
-PKG_RELEASE:=		1
 
+PKG_RELEASE:=		2
 
 PKG_MD5SUM:=		1c69ec674481d7745452f68f2ea5597e
 
 PKG_DESCR:=		SSH 2 server/client designed for embedded systems 
 PKG_SECTION:=		net
 
 PKG_URL:=		http://matt.ucc.asn.au/dropbear
 
 PKG_SITES:=		http://matt.ucc.asn.au/dropbear/releases/
 
 
-PKG_DESCR_UTIL:=	Utility for converting SSH keys
 
+PKG_DESCR_UTIL:=	Utility for converting SSH private keys
 
 
 include $(TOPDIR)/mk/package.mk

+ 8 - 0
package/dropbear/files/dropbear.init
View File 

@@ -27,6 +27,14 @@ start)
 
 		test $rv = 0 || exit 1
 
 		test -f /etc/dropbear/dropbear_rsa_host_key || exit 1
 
 	fi
 
+	if test ! -f /etc/dropbear/dropbear_dss_host_key; then
 
+		# take it easy here, since above already catched the worst cases
 
+		if test -x /usr/bin/dropbearkey; then
 
+			bothlog "dropbear: generating SSH private key (DSS)"
 
+			/usr/bin/dropbearkey -f /etc/dropbear/dropbear_dss_host_key -t dss
 
+			bothlog dropbear: key generation exited with code $?
 
+		fi
 
+	fi
 
 	/usr/sbin/dropbear $dropbear_flags
 
 	;;
 
 stop)

+ 1 - 10
package/dropbear/patches/patch-options_h
View File 

@@ -1,6 +1,6 @@
 
 $Id: update-patches 24 2008-08-31 14:56:13Z wbx $
 
 --- dropbear-0.52.orig/options.h	2008-11-11 15:13:50.000000000 +0100
 
-+++ dropbear-0.52/options.h	2010-01-22 17:55:09.000000000 +0100
 
++++ dropbear-0.52/options.h	2010-03-14 23:30:26.277667006 +0100
 
 @@ -10,6 +10,11 @@
 
   * parts are to allow for commandline -DDROPBEAR_XXX options etc.
 
   ******************************************************************/
 
@@ -13,15 +13,6 @@ $Id: update-patches 24 2008-08-31 14:56:13Z wbx $
 
  #ifndef DROPBEAR_DEFPORT
 
  #define DROPBEAR_DEFPORT "22"
 
  #endif
 
-@@ -115,7 +120,7 @@ etc) slower (perhaps by 50%). Recommende
 
-  * Removing either of these won't save very much space.
 
-  * SSH2 RFC Draft requires dss, recommends rsa */
 
- #define DROPBEAR_RSA
 
--#define DROPBEAR_DSS
 
-+/* #define DROPBEAR_DSS */
 
- 
- /* RSA can be vulnerable to timing attacks which use the time required for
 
-  * signing to guess the private key. Blinding avoids this attack, though makes
 
 @@ -129,7 +134,7 @@ etc) slower (perhaps by 50%). Recommende
 
  /* #define DSS_PROTOK */