[FEATURE: #348] rootfs/etc/ssh/sshd_config: read authorized_keys also from /update/permanent/ssh/

Signed-off-by: Adam Wujek <dev_public@wujek.eu>

[FEATURE: #348] rootfs/etc/ssh/sshd_config: read authorized_keys also from /update/permanent/ssh/
Signed-off-by: Adam Wujek <dev_public@wujek.eu>
0066d594 · Adam Wujek · 3b5f71a5 · 0066d594 · 0066d594
Commit 0066d594 authored 3 months ago by Adam Wujek
--- a/userspace/rootfs_override/etc/init.d/sshd.sh
+++ b/userspace/rootfs_override/etc/init.d/sshd.sh
@@ -30,10 +30,13 @@ start() {
 		echo "$0 unable to source dot-config ($dotconfig)!"
 	fi

+	echo "# Key in this file will be lost at restart!" > /root/.ssh/authorized_keys
+	echo "# Consider storing keys in the permanent location: $permanent_path_ssh/authorized_keys" >> /root/.ssh/authorized_keys
+
 	# copy authorized keys if exists
 	if [ -f /usr/authorized_keys ] ; then
 		mkdir -p /root/.ssh/
-		cp /usr/authorized_keys /root/.ssh/
+		cat /usr/authorized_keys >> /root/.ssh/authorized_keys
 	fi

 	# Make sure ssh directory exists

--- a/userspace/rootfs_override/etc/ssh/sshd_config
+++ b/userspace/rootfs_override/etc/ssh/sshd_config
@@ -51,8 +51,10 @@ PermitRootLogin yes
 #PubkeyAuthentication yes

 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
-# but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile	.ssh/authorized_keys
+# Files /update/permanent/ssh/authorized_keys.%u are per user (%u) and survive
+# WRS firmware updates. .ssh/authorized_keys can be used if provided in
+# /usr/authorized_keys of WRS firmware.
+AuthorizedKeysFile	/update/permanent/ssh/authorized_keys.%u .ssh/authorized_keys

 #AuthorizedPrincipalsFile none