summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/recipes-connectivity/openssh/openssh/init69
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_check_keys64
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service16
-rw-r--r--meta/recipes-connectivity/openssh/openssh_7.5p1.bb8
4 files changed, 76 insertions, 81 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/init b/meta/recipes-connectivity/openssh/openssh/init
index 386628afc8..34ba0f8460 100644
--- a/meta/recipes-connectivity/openssh/openssh/init
+++ b/meta/recipes-connectivity/openssh/openssh/init
@@ -19,25 +19,6 @@ fi
19[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh 19[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
20mkdir -p $SYSCONFDIR 20mkdir -p $SYSCONFDIR
21 21
22parse_sshd_opts() {
23 set -- ${SSHD_OPTS} --
24 sshd_config=/etc/ssh/sshd_config
25 while true ; do
26 case "$1" in
27 -f*) if [ "$1" = "-f" ] ; then
28 sshd_config="$2"
29 shift
30 else
31 sshd_config="${1#-f}"
32 fi
33 shift
34 ;;
35 --) shift; break;;
36 *) shift;;
37 esac
38 done
39}
40
41check_for_no_start() { 22check_for_no_start() {
42 # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists 23 # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
43 if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then 24 if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then
@@ -58,57 +39,13 @@ check_config() {
58 /usr/sbin/sshd -t $SSHD_OPTS || exit 1 39 /usr/sbin/sshd -t $SSHD_OPTS || exit 1
59} 40}
60 41
61check_keys() {
62 # parse location of keys
63 local HOST_KEY_RSA
64 local HOST_KEY_DSA
65 local HOST_KEY_ECDSA
66 local HOST_KEY_ED25519
67
68 parse_sshd_opts
69 HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
70 [ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
71 [ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
72 HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
73 [ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
74 [ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
75 HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
76 [ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
77 [ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
78 HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
79 [ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
80 [ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
81
82 # create keys if necessary
83 if [ ! -f $HOST_KEY_RSA ]; then
84 echo " generating ssh RSA key..."
85 mkdir -p $(dirname $HOST_KEY_RSA)
86 ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
87 fi
88 if [ ! -f $HOST_KEY_ECDSA ]; then
89 echo " generating ssh ECDSA key..."
90 mkdir -p $(dirname $HOST_KEY_ECDSA)
91 ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
92 fi
93 if [ ! -f $HOST_KEY_DSA ]; then
94 echo " generating ssh DSA key..."
95 mkdir -p $(dirname $HOST_KEY_DSA)
96 ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
97 fi
98 if [ ! -f $HOST_KEY_ED25519 ]; then
99 echo " generating ssh ED25519 key..."
100 mkdir -p $(dirname $HOST_KEY_ED25519)
101 ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519
102 fi
103}
104
105export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" 42export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
106 43
107case "$1" in 44case "$1" in
108 start) 45 start)
109 check_for_no_start 46 check_for_no_start
110 echo "Starting OpenBSD Secure Shell server: sshd" 47 echo "Starting OpenBSD Secure Shell server: sshd"
111 check_keys 48 @LIBEXECDIR@/sshd_check_keys
112 check_privsep_dir 49 check_privsep_dir
113 start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS 50 start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS
114 echo "done." 51 echo "done."
@@ -121,7 +58,7 @@ case "$1" in
121 58
122 reload|force-reload) 59 reload|force-reload)
123 check_for_no_start 60 check_for_no_start
124 check_keys 61 @LIBEXECDIR@/sshd_check_keys
125 check_config 62 check_config
126 echo -n "Reloading OpenBSD Secure Shell server's configuration" 63 echo -n "Reloading OpenBSD Secure Shell server's configuration"
127 start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd 64 start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd
@@ -129,7 +66,7 @@ case "$1" in
129 ;; 66 ;;
130 67
131 restart) 68 restart)
132 check_keys 69 @LIBEXECDIR@/sshd_check_keys
133 check_config 70 check_config
134 echo -n "Restarting OpenBSD Secure Shell server: sshd" 71 echo -n "Restarting OpenBSD Secure Shell server: sshd"
135 start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd 72 start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
new file mode 100644
index 0000000000..f5bba53ca3
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -0,0 +1,64 @@
1#! /bin/sh
2
3# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
4if test -f /etc/default/ssh; then
5 . /etc/default/ssh
6fi
7
8[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
9mkdir -p $SYSCONFDIR
10
11# parse sshd options
12set -- ${SSHD_OPTS} --
13sshd_config=/etc/ssh/sshd_config
14while true ; do
15 case "$1" in
16 -f*) if [ "$1" = "-f" ] ; then
17 sshd_config="$2"
18 shift
19 else
20 sshd_config="${1#-f}"
21 fi
22 shift
23 ;;
24 --) shift; break;;
25 *) shift;;
26 esac
27done
28
29# parse location of keys
30HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
31[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
32[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
33HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
34[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
35[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
36HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
37[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
38[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
39HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
40[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
41[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
42
43# create keys if necessary
44if [ ! -f $HOST_KEY_RSA ]; then
45 echo " generating ssh RSA key..."
46 mkdir -p $(dirname $HOST_KEY_RSA)
47 ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
48fi
49if [ ! -f $HOST_KEY_ECDSA ]; then
50 echo " generating ssh ECDSA key..."
51 mkdir -p $(dirname $HOST_KEY_ECDSA)
52 ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
53fi
54if [ ! -f $HOST_KEY_DSA ]; then
55 echo " generating ssh DSA key..."
56 mkdir -p $(dirname $HOST_KEY_DSA)
57 ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
58fi
59if [ ! -f $HOST_KEY_ED25519 ]; then
60 echo " generating ssh ED25519 key..."
61 mkdir -p $(dirname $HOST_KEY_ED25519)
62 ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519
63fi
64
diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
index 148e6ad63a..603c33787f 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
@@ -1,22 +1,8 @@
1[Unit] 1[Unit]
2Description=OpenSSH Key Generation 2Description=OpenSSH Key Generation
3RequiresMountsFor=/var /run 3RequiresMountsFor=/var /run
4ConditionPathExists=!/var/run/ssh/ssh_host_rsa_key
5ConditionPathExists=!/var/run/ssh/ssh_host_dsa_key
6ConditionPathExists=!/var/run/ssh/ssh_host_ecdsa_key
7ConditionPathExists=!/var/run/ssh/ssh_host_ed25519_key
8ConditionPathExists=!/etc/ssh/ssh_host_rsa_key
9ConditionPathExists=!/etc/ssh/ssh_host_dsa_key
10ConditionPathExists=!/etc/ssh/ssh_host_ecdsa_key
11ConditionPathExists=!/etc/ssh/ssh_host_ed25519_key
12 4
13[Service] 5[Service]
14Environment="SYSCONFDIR=/etc/ssh" 6ExecStart=@LIBEXECDIR@/sshd_check_keys
15EnvironmentFile=-/etc/default/ssh
16ExecStart=@BASE_BINDIR@/mkdir -p $SYSCONFDIR
17ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' -t rsa
18ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' -t dsa
19ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' -t ecdsa
20ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ed25519_key -N '' -t ed25519
21Type=oneshot 7Type=oneshot
22RemainAfterExit=yes 8RemainAfterExit=yes
diff --git a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
index e46b4c86ad..86ca6ff372 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
@@ -27,6 +27,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
27 file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \ 27 file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \
28 file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ 28 file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
29 file://0001-openssh-Fix-syntax-error-on-x32.patch \ 29 file://0001-openssh-Fix-syntax-error-on-x32.patch \
30 file://sshd_check_keys \
30 " 31 "
31 32
32PAM_SRC_URI = "file://sshd" 33PAM_SRC_URI = "file://sshd"
@@ -120,7 +121,13 @@ do_install_append () {
120 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ 121 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
121 -e 's,@SBINDIR@,${sbindir},g' \ 122 -e 's,@SBINDIR@,${sbindir},g' \
122 -e 's,@BINDIR@,${bindir},g' \ 123 -e 's,@BINDIR@,${bindir},g' \
124 -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
123 ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service 125 ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service
126
127 sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
128 ${D}${sysconfdir}/init.d/sshd
129
130 install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
124} 131}
125 132
126do_install_ptest () { 133do_install_ptest () {
@@ -135,6 +142,7 @@ FILES_${PN}-scp = "${bindir}/scp.${BPN}"
135FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" 142FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
136FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" 143FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
137FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" 144FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
145FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys"
138FILES_${PN}-sftp = "${bindir}/sftp" 146FILES_${PN}-sftp = "${bindir}/sftp"
139FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" 147FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
140FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" 148FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-02-01 19:09:42 +0000