[openwrt/openwrt] dropbear: add ed25519 for failsafe key
LEDE Commits
lede-commits at lists.infradead.org
Wed Jul 26 05:00:37 PDT 2023
hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/6ac61dead99ff6b9df00c29b7a858772449718b2
commit 6ac61dead99ff6b9df00c29b7a858772449718b2
Author: Etienne Champetier <champetier.etienne at gmail.com>
AuthorDate: Mon Jul 10 07:56:05 2023 +0200
dropbear: add ed25519 for failsafe key
At least Fedora and RHEL 9 set RSAMinSize=2048, so when trying to use
failsafe, we get 'Bad server host key: Invalid key length'
To workaround the issue, we can use: ssh -o RSAMinSize=1024 ...
Generating 2048 bits RSA is extremely slow, so add ed25519.
We keep RSA 1024 to be as compatible as possible.
Signed-off-by: Etienne Champetier <champetier.etienne at gmail.com>
---
package/network/services/dropbear/files/dropbear.failsafe | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/package/network/services/dropbear/files/dropbear.failsafe b/package/network/services/dropbear/files/dropbear.failsafe
index a98ede459a..97bd12d58a 100755
--- a/package/network/services/dropbear/files/dropbear.failsafe
+++ b/package/network/services/dropbear/files/dropbear.failsafe
@@ -1,8 +1,9 @@
#!/bin/sh
failsafe_dropbear () {
- dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key
- dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1
+ dropbearkey -t rsa -s 1024 -f /tmp/dropbear_rsa_failsafe_host_key
+ dropbearkey -t ed25519 -f /tmp/dropbear_ed25519_failsafe_host_key
+ dropbear -r /tmp/dropbear_rsa_failsafe_host_key -r /tmp/dropbear_ed25519_failsafe_host_key <> /dev/null 2>&1
}
boot_hook_add failsafe failsafe_dropbear
More information about the lede-commits
mailing list