diff options
4 files changed, 76 insertions, 81 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/init b/meta/recipes-connectivity/openssh/openssh/init index 386628afc8..34ba0f8460 100644 --- a/meta/recipes-connectivity/openssh/openssh/init +++ b/meta/recipes-connectivity/openssh/openssh/init | |||
@@ -19,25 +19,6 @@ fi | |||
19 | [ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh | 19 | [ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh |
20 | mkdir -p $SYSCONFDIR | 20 | mkdir -p $SYSCONFDIR |
21 | 21 | ||
22 | parse_sshd_opts() { | ||
23 | set -- ${SSHD_OPTS} -- | ||
24 | sshd_config=/etc/ssh/sshd_config | ||
25 | while true ; do | ||
26 | case "$1" in | ||
27 | -f*) if [ "$1" = "-f" ] ; then | ||
28 | sshd_config="$2" | ||
29 | shift | ||
30 | else | ||
31 | sshd_config="${1#-f}" | ||
32 | fi | ||
33 | shift | ||
34 | ;; | ||
35 | --) shift; break;; | ||
36 | *) shift;; | ||
37 | esac | ||
38 | done | ||
39 | } | ||
40 | |||
41 | check_for_no_start() { | 22 | check_for_no_start() { |
42 | # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists | 23 | # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists |
43 | if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then | 24 | if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then |
@@ -58,57 +39,13 @@ check_config() { | |||
58 | /usr/sbin/sshd -t $SSHD_OPTS || exit 1 | 39 | /usr/sbin/sshd -t $SSHD_OPTS || exit 1 |
59 | } | 40 | } |
60 | 41 | ||
61 | check_keys() { | ||
62 | # parse location of keys | ||
63 | local HOST_KEY_RSA | ||
64 | local HOST_KEY_DSA | ||
65 | local HOST_KEY_ECDSA | ||
66 | local HOST_KEY_ED25519 | ||
67 | |||
68 | parse_sshd_opts | ||
69 | HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') | ||
70 | [ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') | ||
71 | [ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key | ||
72 | HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ') | ||
73 | [ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ') | ||
74 | [ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key | ||
75 | HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') | ||
76 | [ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') | ||
77 | [ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key | ||
78 | HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') | ||
79 | [ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') | ||
80 | [ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key | ||
81 | |||
82 | # create keys if necessary | ||
83 | if [ ! -f $HOST_KEY_RSA ]; then | ||
84 | echo " generating ssh RSA key..." | ||
85 | mkdir -p $(dirname $HOST_KEY_RSA) | ||
86 | ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa | ||
87 | fi | ||
88 | if [ ! -f $HOST_KEY_ECDSA ]; then | ||
89 | echo " generating ssh ECDSA key..." | ||
90 | mkdir -p $(dirname $HOST_KEY_ECDSA) | ||
91 | ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa | ||
92 | fi | ||
93 | if [ ! -f $HOST_KEY_DSA ]; then | ||
94 | echo " generating ssh DSA key..." | ||
95 | mkdir -p $(dirname $HOST_KEY_DSA) | ||
96 | ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa | ||
97 | fi | ||
98 | if [ ! -f $HOST_KEY_ED25519 ]; then | ||
99 | echo " generating ssh ED25519 key..." | ||
100 | mkdir -p $(dirname $HOST_KEY_ED25519) | ||
101 | ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519 | ||
102 | fi | ||
103 | } | ||
104 | |||
105 | export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" | 42 | export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" |
106 | 43 | ||
107 | case "$1" in | 44 | case "$1" in |
108 | start) | 45 | start) |
109 | check_for_no_start | 46 | check_for_no_start |
110 | echo "Starting OpenBSD Secure Shell server: sshd" | 47 | echo "Starting OpenBSD Secure Shell server: sshd" |
111 | check_keys | 48 | @LIBEXECDIR@/sshd_check_keys |
112 | check_privsep_dir | 49 | check_privsep_dir |
113 | start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS | 50 | start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS |
114 | echo "done." | 51 | echo "done." |
@@ -121,7 +58,7 @@ case "$1" in | |||
121 | 58 | ||
122 | reload|force-reload) | 59 | reload|force-reload) |
123 | check_for_no_start | 60 | check_for_no_start |
124 | check_keys | 61 | @LIBEXECDIR@/sshd_check_keys |
125 | check_config | 62 | check_config |
126 | echo -n "Reloading OpenBSD Secure Shell server's configuration" | 63 | echo -n "Reloading OpenBSD Secure Shell server's configuration" |
127 | start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd | 64 | start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd |
@@ -129,7 +66,7 @@ case "$1" in | |||
129 | ;; | 66 | ;; |
130 | 67 | ||
131 | restart) | 68 | restart) |
132 | check_keys | 69 | @LIBEXECDIR@/sshd_check_keys |
133 | check_config | 70 | check_config |
134 | echo -n "Restarting OpenBSD Secure Shell server: sshd" | 71 | echo -n "Restarting OpenBSD Secure Shell server: sshd" |
135 | start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd | 72 | start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd |
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys new file mode 100644 index 0000000000..f5bba53ca3 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys | |||
@@ -0,0 +1,64 @@ | |||
1 | #! /bin/sh | ||
2 | |||
3 | # /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS | ||
4 | if test -f /etc/default/ssh; then | ||
5 | . /etc/default/ssh | ||
6 | fi | ||
7 | |||
8 | [ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh | ||
9 | mkdir -p $SYSCONFDIR | ||
10 | |||
11 | # parse sshd options | ||
12 | set -- ${SSHD_OPTS} -- | ||
13 | sshd_config=/etc/ssh/sshd_config | ||
14 | while true ; do | ||
15 | case "$1" in | ||
16 | -f*) if [ "$1" = "-f" ] ; then | ||
17 | sshd_config="$2" | ||
18 | shift | ||
19 | else | ||
20 | sshd_config="${1#-f}" | ||
21 | fi | ||
22 | shift | ||
23 | ;; | ||
24 | --) shift; break;; | ||
25 | *) shift;; | ||
26 | esac | ||
27 | done | ||
28 | |||
29 | # parse location of keys | ||
30 | HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') | ||
31 | [ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') | ||
32 | [ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key | ||
33 | HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ') | ||
34 | [ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ') | ||
35 | [ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key | ||
36 | HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') | ||
37 | [ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') | ||
38 | [ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key | ||
39 | HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') | ||
40 | [ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') | ||
41 | [ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key | ||
42 | |||
43 | # create keys if necessary | ||
44 | if [ ! -f $HOST_KEY_RSA ]; then | ||
45 | echo " generating ssh RSA key..." | ||
46 | mkdir -p $(dirname $HOST_KEY_RSA) | ||
47 | ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa | ||
48 | fi | ||
49 | if [ ! -f $HOST_KEY_ECDSA ]; then | ||
50 | echo " generating ssh ECDSA key..." | ||
51 | mkdir -p $(dirname $HOST_KEY_ECDSA) | ||
52 | ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa | ||
53 | fi | ||
54 | if [ ! -f $HOST_KEY_DSA ]; then | ||
55 | echo " generating ssh DSA key..." | ||
56 | mkdir -p $(dirname $HOST_KEY_DSA) | ||
57 | ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa | ||
58 | fi | ||
59 | if [ ! -f $HOST_KEY_ED25519 ]; then | ||
60 | echo " generating ssh ED25519 key..." | ||
61 | mkdir -p $(dirname $HOST_KEY_ED25519) | ||
62 | ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519 | ||
63 | fi | ||
64 | |||
diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service index 148e6ad63a..603c33787f 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service +++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service | |||
@@ -1,22 +1,8 @@ | |||
1 | [Unit] | 1 | [Unit] |
2 | Description=OpenSSH Key Generation | 2 | Description=OpenSSH Key Generation |
3 | RequiresMountsFor=/var /run | 3 | RequiresMountsFor=/var /run |
4 | ConditionPathExists=!/var/run/ssh/ssh_host_rsa_key | ||
5 | ConditionPathExists=!/var/run/ssh/ssh_host_dsa_key | ||
6 | ConditionPathExists=!/var/run/ssh/ssh_host_ecdsa_key | ||
7 | ConditionPathExists=!/var/run/ssh/ssh_host_ed25519_key | ||
8 | ConditionPathExists=!/etc/ssh/ssh_host_rsa_key | ||
9 | ConditionPathExists=!/etc/ssh/ssh_host_dsa_key | ||
10 | ConditionPathExists=!/etc/ssh/ssh_host_ecdsa_key | ||
11 | ConditionPathExists=!/etc/ssh/ssh_host_ed25519_key | ||
12 | 4 | ||
13 | [Service] | 5 | [Service] |
14 | Environment="SYSCONFDIR=/etc/ssh" | 6 | ExecStart=@LIBEXECDIR@/sshd_check_keys |
15 | EnvironmentFile=-/etc/default/ssh | ||
16 | ExecStart=@BASE_BINDIR@/mkdir -p $SYSCONFDIR | ||
17 | ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' -t rsa | ||
18 | ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' -t dsa | ||
19 | ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' -t ecdsa | ||
20 | ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ed25519_key -N '' -t ed25519 | ||
21 | Type=oneshot | 7 | Type=oneshot |
22 | RemainAfterExit=yes | 8 | RemainAfterExit=yes |
diff --git a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb index e46b4c86ad..86ca6ff372 100644 --- a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb | |||
@@ -27,6 +27,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar | |||
27 | file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \ | 27 | file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \ |
28 | file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ | 28 | file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ |
29 | file://0001-openssh-Fix-syntax-error-on-x32.patch \ | 29 | file://0001-openssh-Fix-syntax-error-on-x32.patch \ |
30 | file://sshd_check_keys \ | ||
30 | " | 31 | " |
31 | 32 | ||
32 | PAM_SRC_URI = "file://sshd" | 33 | PAM_SRC_URI = "file://sshd" |
@@ -120,7 +121,13 @@ do_install_append () { | |||
120 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ | 121 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ |
121 | -e 's,@SBINDIR@,${sbindir},g' \ | 122 | -e 's,@SBINDIR@,${sbindir},g' \ |
122 | -e 's,@BINDIR@,${bindir},g' \ | 123 | -e 's,@BINDIR@,${bindir},g' \ |
124 | -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ | ||
123 | ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service | 125 | ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service |
126 | |||
127 | sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ | ||
128 | ${D}${sysconfdir}/init.d/sshd | ||
129 | |||
130 | install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys | ||
124 | } | 131 | } |
125 | 132 | ||
126 | do_install_ptest () { | 133 | do_install_ptest () { |
@@ -135,6 +142,7 @@ FILES_${PN}-scp = "${bindir}/scp.${BPN}" | |||
135 | FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" | 142 | FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" |
136 | FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" | 143 | FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" |
137 | FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" | 144 | FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" |
145 | FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" | ||
138 | FILES_${PN}-sftp = "${bindir}/sftp" | 146 | FILES_${PN}-sftp = "${bindir}/sftp" |
139 | FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" | 147 | FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" |
140 | FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" | 148 | FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" |