| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Parsing sshd's config file with 'sed' does not work in for example the
case where somebody has made use of the new ability to add a config
fragment in /etc/ssh/sshd_config.d/ with one or more HostKey
stanzas. Also, sshd_config keywords are case-insensitive, but the
current sed pattern only matches the CamelCase spelling of HostKey.
In openssh 9.3, sshd learnt a new command line flag '-G', which causes
sshd to parse the given configuration file and print the resulting
effective configuration on stdout. So use that instead.
Furthermore, since that "effective configuration" includes the default
set of host keys if the configuration file has no HostKey stanzas, we
also avoid the script needing to know what sshd's default is - that
could plausibly change with some future release.
(From OE-Core rev: dd27f9d869b8aa28dfb18de037a24ab0ec735718)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Key generation may wait for user input, due to the existence of
temporary keys resulting from power interruption in the first boot.
This prevents users from login via ssh.
(From OE-Core rev: 3196249a6917a32491be56e70bbf26d3b9818e0e)
Signed-off-by: Asfak Rahman <asfakr@outlook.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously sshd_check_keys would create a full set of all possible
sshd host keys, even if sshd_config has been set to only enable
certain key types.
Update sshd_check_keys to only create keys which have been enabled in
sshd_config (with a fallback to creating a full set of key types if
no HostKey options are defined, as before).
(From OE-Core rev: 2303d795ae96f1a60caf145a0ddf100e89c4b5b0)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
DSA keys have been deprecated for some time:
https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html
(From OE-Core rev: e6a1c8c4ef4a1d2add6a7492d43027c4c0682300)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Generating the host keys atomically prevents power interruptions during the
first boot from leaving the key files incomplete, which often prevents users
from being able to ssh into the device.
[YOCTO #11671]
(From OE-Core rev: 221b40f1f08ee23511ba078a1efd01686922e932)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
106b59d9 broke SSH host key generation when systemd and a read-only root file
system are in use because there isn't a way for systemd to get the optional
weak assigment of SYSCONFDIR from /etc/default/sshd and still provide a default
value if it is not specified. Instead, move the logic for determining if keys
need to be created to a helper script that both the SysV init script and the
systemd unit file can reference.
This does mean that the systemd unit file can't check for file existence to
know if it should start the service, but it wasn't able to do that correctly
anyway anymore. This should be a problem since the serivce is only run once per
power cycle by systemd, and should exit quickly if the keys already exist
(From OE-Core rev: 7e49c5879862253ae1b6a26535d07a2740a95798)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|