| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | #!/bin/sh |
| 2 | |
| 3 | _dropbear() |
| 4 | { |
| 5 | /usr/sbin/dropbear "$@" </dev/null >/dev/null 2>&1 |
| 6 | } |
| 7 | |
| 8 | _dropbearkey() |
| 9 | { |
| 10 | /usr/bin/dropbearkey "$@" </dev/null >/dev/null 2>&1 |
| 11 | } |
| 12 | |
| 13 | _ensurekey() |
| 14 | { |
| 15 | _dropbearkey -y -f "$1" && return |
| 16 | rm -f "$1" |
| 17 | _dropbearkey -f "$@" || { |
| 18 | rm -f "$1" |
| 19 | return 1 |
| 20 | } |
| 21 | } |
| 22 | |
| 23 | ktype_all='ed25519 ecdsa rsa' |
| 24 | |
| 25 | failsafe_dropbear () { |
| 26 | local kargs kcount ktype tkey |
| 27 | |
| 28 | kargs= |
| 29 | kcount=0 |
| 30 | for ktype in ${ktype_all} ; do |
| 31 | tkey="/tmp/dropbear_failsafe_${ktype}_host_key" |
| 32 | |
| 33 | case "${ktype}" in |
| 34 | ed25519) _ensurekey "${tkey}" -t ed25519 ;; |
| 35 | ecdsa) _ensurekey "${tkey}" -t ecdsa -s 256 ;; |
| 36 | rsa) _ensurekey "${tkey}" -t rsa -s 1024 ;; |
| 37 | *) |
| 38 | echo "unknown key type: ${ktype}" >&2 |
| 39 | continue |
| 40 | ;; |
| 41 | esac |
| 42 | |
| 43 | [ -s "${tkey}" ] || { |
| 44 | rm -f "${tkey}" |
| 45 | continue |
| 46 | } |
| 47 | |
| 48 | chmod 0400 "${tkey}" |
| 49 | kargs="${kargs}${kargs:+ }-r ${tkey}" |
| 50 | kcount=$((kcount+1)) |
| 51 | done |
| 52 | |
| 53 | [ "${kcount}" != 0 ] || { |
| 54 | echo 'DROPBEAR IS BROKEN' >&2 |
| 55 | return 1 |
| 56 | } |
| 57 | |
| 58 | _dropbear ${kargs} |
| 59 | } |
| 60 | |
| 61 | boot_hook_add failsafe failsafe_dropbear |