diff options
| author | Phil Sutter <phil@nwl.cc> | 2010-04-11 23:37:33 +0200 |
|---|---|---|
| committer | Waldemar Brodkorb <wbx@openadk.org> | 2010-04-12 20:06:23 +0200 |
| commit | 0422754bce96ada3b228333f1eb3db8cf11cd862 (patch) | |
| tree | d36d30530a54f3d26ba3797eed311b744faae74b /package | |
| parent | a950c478f8dcebf33a8bb7b5938ac1b5199079f8 (diff) | |
dropbear: reenable DSS algo support
Tragically, disabling DSS support in order to prevent an error message
from showing up at startup (because of missing dss host key) also
disables support for pubkey auth using DSS keys. And guess which type
mine is. ;)
To provide a usable compromise, make dropbear.init generate the formerly
missing dss host key. So there won't be any error message, either.
Probably this fixes for hosts not being able to authenticate using an
RSS host key, too.
Diffstat (limited to 'package')
| -rw-r--r-- | package/dropbear/Makefile | 4 | ||||
| -rw-r--r-- | package/dropbear/files/dropbear.init | 8 | ||||
| -rw-r--r-- | package/dropbear/patches/patch-options_h | 11 |
3 files changed, 11 insertions, 12 deletions
diff --git a/package/dropbear/Makefile b/package/dropbear/Makefile index 6625cb21c..2ab254cd2 100644 --- a/package/dropbear/Makefile +++ b/package/dropbear/Makefile @@ -5,14 +5,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:= dropbear PKG_VERSION:= 0.52 -PKG_RELEASE:= 1 +PKG_RELEASE:= 2 PKG_MD5SUM:= 1c69ec674481d7745452f68f2ea5597e PKG_DESCR:= SSH 2 server/client designed for embedded systems PKG_SECTION:= net PKG_URL:= http://matt.ucc.asn.au/dropbear PKG_SITES:= http://matt.ucc.asn.au/dropbear/releases/ -PKG_DESCR_UTIL:= Utility for converting SSH keys +PKG_DESCR_UTIL:= Utility for converting SSH private keys include $(TOPDIR)/mk/package.mk diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init index 4a7d7a875..9983e943c 100644 --- a/package/dropbear/files/dropbear.init +++ b/package/dropbear/files/dropbear.init @@ -27,6 +27,14 @@ start) test $rv = 0 || exit 1 test -f /etc/dropbear/dropbear_rsa_host_key || exit 1 fi + if test ! -f /etc/dropbear/dropbear_dss_host_key; then + # take it easy here, since above already catched the worst cases + if test -x /usr/bin/dropbearkey; then + bothlog "dropbear: generating SSH private key (DSS)" + /usr/bin/dropbearkey -f /etc/dropbear/dropbear_dss_host_key -t dss + bothlog dropbear: key generation exited with code $? + fi + fi /usr/sbin/dropbear $dropbear_flags ;; stop) diff --git a/package/dropbear/patches/patch-options_h b/package/dropbear/patches/patch-options_h index b0903f45d..00914dda2 100644 --- a/package/dropbear/patches/patch-options_h +++ b/package/dropbear/patches/patch-options_h @@ -1,6 +1,6 @@ $Id: update-patches 24 2008-08-31 14:56:13Z wbx $ --- dropbear-0.52.orig/options.h 2008-11-11 15:13:50.000000000 +0100 -+++ dropbear-0.52/options.h 2010-01-22 17:55:09.000000000 +0100 ++++ dropbear-0.52/options.h 2010-03-14 23:30:26.277667006 +0100 @@ -10,6 +10,11 @@ * parts are to allow for commandline -DDROPBEAR_XXX options etc. ******************************************************************/ @@ -13,15 +13,6 @@ $Id: update-patches 24 2008-08-31 14:56:13Z wbx $ #ifndef DROPBEAR_DEFPORT #define DROPBEAR_DEFPORT "22" #endif -@@ -115,7 +120,7 @@ etc) slower (perhaps by 50%). Recommende - * Removing either of these won't save very much space. - * SSH2 RFC Draft requires dss, recommends rsa */ - #define DROPBEAR_RSA --#define DROPBEAR_DSS -+/* #define DROPBEAR_DSS */ - - /* RSA can be vulnerable to timing attacks which use the time required for - * signing to guess the private key. Blinding avoids this attack, though makes @@ -129,7 +134,7 @@ etc) slower (perhaps by 50%). Recommende /* #define DSS_PROTOK */ |