[openwrt/openwrt] dropbear: add a uci-defaults script for loading authorized keys
LEDE Commits
lede-commits at lists.infradead.org
Wed Oct 2 06:48:14 PDT 2024
blogic pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/e428d7999ad1cde66b9b8f0712a628e14ba5e188
commit e428d7999ad1cde66b9b8f0712a628e14ba5e188
Author: John Crispin <john at phrozen.org>
AuthorDate: Tue Sep 17 16:58:24 2024 +0200
dropbear: add a uci-defaults script for loading authorized keys
Write the ssh authorized key to /etc/dropbear/ssh_authorized_keys if present
inside boad.json.
Signed-off-by: John Crispin <john at phrozen.org>
---
package/network/services/dropbear/Makefile | 2 ++
.../services/dropbear/files/dropbear.defaults | 20 ++++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 3367fd7f74..e9f3bd693c 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -227,6 +227,8 @@ define Package/dropbear/install
$(INSTALL_DIR) $(1)/etc/dropbear
$(INSTALL_DIR) $(1)/lib/preinit
$(INSTALL_DATA) ./files/dropbear.failsafe $(1)/lib/preinit/99_10_failsafe_dropbear
+ $(INSTALL_DIR) $(1)/etc/uci-defaults
+ $(INSTALL_DATA) ./files/dropbear.defaults $(1)/etc/uci-defaults/50-dropbear
$(foreach f,$(filter /etc/dropbear/%,$(Package/dropbear/conffiles)),$(if $(wildcard $(TOPDIR)/files/$(f)),chmod 0600 $(TOPDIR)/files/$(f) || :; ))
endef
diff --git a/package/network/services/dropbear/files/dropbear.defaults b/package/network/services/dropbear/files/dropbear.defaults
new file mode 100644
index 0000000000..e679bee5db
--- /dev/null
+++ b/package/network/services/dropbear/files/dropbear.defaults
@@ -0,0 +1,20 @@
+[ ! -s /etc/dropbear/authorized_keys ] || exit 0
+
+. /usr/share/libubox/jshn.sh
+
+json_init
+json_load "$(cat /etc/board.json)"
+json_select credentials
+ json_get_keys keys ssh_authorized_keys
+ [ -z "$keys" ] || {
+ touch /etc/dropbear/authorized_keys
+ uci set dropbear. at dropbear[-1].PasswordAuth='off'
+ uci set dropbear. at dropbear[-1].RootPasswordAuth='off'
+ }
+ json_select ssh_authorized_keys
+ for key in $keys; do
+ json_get_var val "$key"
+ echo "$val" >> /etc/dropbear/authorized_keys
+ done
+ json_select ..
+json_select ..
More information about the lede-commits
mailing list