ASR_BASE Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1

commit: e958203796650e3959a43708d67534bf36f4c83b [log] [tgz]
author: b.liu <b.liu@mobiletek.cn> Thu Apr 17 19:18:16 2025 +0800
committer: b.liu <b.liu@mobiletek.cn> Thu Apr 17 19:18:16 2025 +0800
tree: b2d43b7c77053224287779c12b5e890cadc3d327
parent: f51a5559b56d8fd47d9623531065443befb43e5b [diff] [blame]
diff --git a/package/network/services/dropbear/files/dropbear.failsafe b/package/network/services/dropbear/files/dropbear.failsafe
new file mode 100755
index 0000000..417265b
--- /dev/null
+++ b/package/network/services/dropbear/files/dropbear.failsafe

@@ -0,0 +1,61 @@
+#!/bin/sh
+
+_dropbear()
+{
+	/usr/sbin/dropbear "$@" </dev/null >/dev/null 2>&1
+}
+
+_dropbearkey()
+{
+	/usr/bin/dropbearkey "$@" </dev/null >/dev/null 2>&1
+}
+
+_ensurekey()
+{
+	_dropbearkey -y -f "$1" && return
+	rm -f "$1"
+	_dropbearkey -f "$@" || {
+		rm -f "$1"
+		return 1
+	}
+}
+
+ktype_all='ed25519 ecdsa rsa'
+
+failsafe_dropbear () {
+	local kargs kcount ktype tkey
+
+	kargs=
+	kcount=0
+	for ktype in ${ktype_all} ; do
+		tkey="/tmp/dropbear_failsafe_${ktype}_host_key"
+
+		case "${ktype}" in
+		ed25519) _ensurekey "${tkey}" -t ed25519 ;;
+		ecdsa)   _ensurekey "${tkey}" -t ecdsa -s 256 ;;
+		rsa)     _ensurekey "${tkey}" -t rsa   -s 1024 ;;
+		*)
+			echo "unknown key type: ${ktype}" >&2
+			continue
+		;;
+		esac
+
+		[ -s "${tkey}" ] || {
+			rm -f "${tkey}"
+			continue
+		}
+
+		chmod 0400 "${tkey}"
+		kargs="${kargs}${kargs:+ }-r ${tkey}"
+		kcount=$((kcount+1))
+	done
+
+	[ "${kcount}" != 0 ] || {
+		echo 'DROPBEAR IS BROKEN' >&2
+		return 1
+	}
+
+	_dropbear ${kargs}
+}
+
+boot_hook_add failsafe failsafe_dropbear
commit	e958203796650e3959a43708d67534bf36f4c83b	[log] [tgz]
author	b.liu <b.liu@mobiletek.cn>	Thu Apr 17 19:18:16 2025 +0800
committer	b.liu <b.liu@mobiletek.cn>	Thu Apr 17 19:18:16 2025 +0800
tree	b2d43b7c77053224287779c12b5e890cadc3d327
parent	f51a5559b56d8fd47d9623531065443befb43e5b [diff] [blame]