Commit 0b21e8ad authored by Alessandro Rubini's avatar Alessandro Rubini

userspace/dropbear: generate host key at first boot

We should not have all switches around run the same host key.  This
removes the pre-generated host keys and fixes the generation at boot
time (/etc is volatile, so it is copied to /usr/etc as well).
Signed-off-by: Alessandro Rubini's avatarAlessandro Rubini <rubini@gnudd.com>
parent 44426475
......@@ -90,7 +90,7 @@ if [ -f $WRS_BASE_DIR/authorized_keys ]; then
fi
chmod g-w $TMPFS/root $TMPFS/root/.ssh
chown -R root:root $TMPFS/root
chown -R root:root $TMPFS/etc/dropbear
mkdir -p $TMPFS/etc/dropbear; chown -R root:root $TMPFS/etc/dropbear
chmod a+rx $TMPFS
##### now move stuff to usr (we need usr to be in flash, / remains initramfs)
......
......@@ -12,16 +12,19 @@ start() {
if [ ! -d /etc/dropbear ] ; then
mkdir -p /etc/dropbear
fi
mkdir -p /usr/etc/dropbear
# Check for the Dropbear RSA key
if [ ! -f /etc/dropbear/dropbear_rsa_host_key ] ; then
echo -n "generating rsa key... "
/usr/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1
cp /etc/dropbear/dropbear_rsa_host_key /usr/etc/dropbear
fi
# Check for the Dropbear DSS key
if [ ! -f /etc/dropbear/dropbear_dss_host_key ] ; then
echo -n "generating dsa key... "
/usr/bin/dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1
cp /etc/dropbear/dropbear_dss_host_key /usr/etc/dropbear
fi
umask 077
start-stop-daemon -S -q -p /var/run/dropbear.pid --exec /usr/sbin/dropbear
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment