From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 22 Oct 2021 10:44:55 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1mdqAZ-0000QJ-9G for lore@lore.pengutronix.de; Fri, 22 Oct 2021 10:44:55 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1mdqAY-0000ie-T5; Fri, 22 Oct 2021 10:44:54 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mdq9m-0000iK-SA; Fri, 22 Oct 2021 10:44:06 +0200 Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1mdq9l-0002qU-Mf; Fri, 22 Oct 2021 10:44:05 +0200 Received: from mol by dude03.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1mdq9l-009rFi-F4; Fri, 22 Oct 2021 10:44:05 +0200 Date: Fri, 22 Oct 2021 10:44:05 +0200 From: Michael Olbrich To: Alexander Dahl Message-ID: Mail-Followup-To: Alexander Dahl , ptxdist@pengutronix.de, Denis Osterland-Heim , Bruno Thomsen , Alexander Stein References: <20211018143554.27573-1-ada@thorsis.com> <20211018143554.27573-6-ada@thorsis.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20211018143554.27573-6-ada@thorsis.com> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-IRC: #ptxdist @freenode X-Accept-Language: de,en X-Accept-Content-Type: text/plain Subject: Re: [ptxdist] [PATCH v2 5/8] dropbear: Refactor rc-once and init to use KEYTYPES X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Denis Osterland-Heim , ptxdist@pengutronix.de, Bruno Thomsen , Alexander Stein Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false On Mon, Oct 18, 2021 at 04:35:51PM +0200, Alexander Dahl wrote: > Previously DSS and RSA keys were always generated, regardless if > dropbear was built with support for that host key or not, which somehow > contradicts what commit message of 01ac7cc409b5 ("dropbear: Remove > deprecated options") promised. > > No other things changed here, just considering that KEYTYPES list for > 'rsa' and 'dss' for now. > > Signed-off-by: Alexander Dahl > --- > projectroot/etc/init.d/dropbear | 17 ++++++++++++++--- > projectroot/etc/rc.once.d/dropbear | 26 +++++++++++++++++++++++--- > 2 files changed, 37 insertions(+), 6 deletions(-) > > diff --git a/projectroot/etc/init.d/dropbear b/projectroot/etc/init.d/dropbear > index 342565f93..88ef5aa71 100644 > --- a/projectroot/etc/init.d/dropbear > +++ b/projectroot/etc/init.d/dropbear > @@ -15,10 +15,21 @@ test -z "$DROPBEAR_BANNER" || \ > DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER" > > dropbear_start() { > - > KEY_ARGS="" > - test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" > - test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" > + for keytype in $DROPBEAR_KEYTYPES > + do > + case "$keytype" in > + dss) > + test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" > + ;; Isn't dss disabled completely? So do we actually need this? Michael > + rsa) > + test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" > + ;; > + *) > + echo "Key type '$keytype' not supported" > + ;; > + esac > + done > > echo -n "starting dropbear..." > > diff --git a/projectroot/etc/rc.once.d/dropbear b/projectroot/etc/rc.once.d/dropbear > index dd922d727..a9a1d475c 100644 > --- a/projectroot/etc/rc.once.d/dropbear > +++ b/projectroot/etc/rc.once.d/dropbear > @@ -5,10 +5,11 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin > . /usr/lib/init/dropbear.sh > > gen_key() { > - > key_type=$1 > key_file=$2 > > + [ -e "$key_file" ] && return > + > rm -f $key_file > /dev/null 2>&1 > > echo -n "generating $key_type key..." > @@ -22,6 +23,25 @@ gen_key() { > fi > } > > -[ -e "$DROPBEAR_RSAKEY" ] || gen_key rsa "$DROPBEAR_RSAKEY" > -[ -e "$DROPBEAR_DSSKEY" ] || gen_key dss "$DROPBEAR_DSSKEY" > +gen_keys() { > + for keytype in $DROPBEAR_KEYTYPES > + do > + case "$keytype" in > + dss) > + gen_key dss "$DROPBEAR_DSSKEY" > + ;; > + rsa) > + gen_key rsa "$DROPBEAR_RSAKEY" > + ;; > + *) > + echo "Key type '$keytype' not supported" > + ;; > + esac > + done > +} > > +if ! gen_keys > +then > + echo "Generating SSH keys failed!" > + exit 1 > +fi > -- > 2.30.2 > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de