diff --git a/board/common/cleanups.sh b/board/common/cleanups.sh index a83750070b..2a705e28bd 100755 --- a/board/common/cleanups.sh +++ b/board/common/cleanups.sh @@ -10,7 +10,6 @@ find ${TARGET} -name '.empty' | xargs -r rm # /etc stuff rm -rf ${TARGET}/etc/network/ rm -rf ${TARGET}/etc/dhcp/ -rm -rf ${TARGET}/etc/ssh/ rm -rf ${TARGET}/etc/rc_keymaps/ rm -rf ${TARGET}/etc/default/ rm -rf ${TARGET}/etc/ctdb/ diff --git a/board/common/overlay/etc/init.d/S40network b/board/common/overlay/etc/init.d/S40network index ded2816e0a..08f1356c3f 100755 --- a/board/common/overlay/etc/init.d/S40network +++ b/board/common/overlay/etc/init.d/S40network @@ -185,18 +185,18 @@ start() { ssid=$(cat /data/etc/wpa_supplicant.conf 2>&1 | grep ssid | grep -v scan_ssid | cut -d '"' -f 2) test -n "${OS_WLAN}" -a -n "${ssid}" && start_wlan && wlan_ok="ok" - test -n "${OS_PPP}" -a -r /data/etc/ppp/modem && ifconfig | grep ${OS_PPP} &>/dev/null && ppp_ok="ok" + def_route_ok=$(ip route get 1.1.1.1 &>/dev/null && echo "ok") if [[ -n "${OS_ETH}" ]]; then - # if wifi or ppp link ok, start eth in background - if [[ "${wlan_ok}" == "ok" ]] || [[ "${ppp_ok}" == "ok" ]]; then + # if wifi or ppp link ok, start eth in background + if [[ "${wlan_ok}" == "ok" ]] || [[ "${ppp_ok}" == "ok" ]] && [[ "${def_route_ok}" == "ok" ]]; then start_eth &>/dev/null & else start_eth && eth_ok="ok" fi fi - + if [[ "${eth_ok}" != "ok" ]] && [[ "${wlan_ok}" != "ok" ]] && [[ "${ppp_ok}" != "ok" ]]; then if [[ "${LINK_WATCH}" == "true" ]]; then logger -t network "no network connection available, calling panic action" @@ -232,6 +232,19 @@ start() { test $? == 0 && msg_done || msg_fail fi fi + + # re-evalutate default route, as it might have changed with start_eth or static IP + def_route_ok=$(ip route get 1.1.1.1 &>/dev/null && echo "ok") + if [[ "${def_route_ok}" != "ok" ]]; then + if [[ "${IP_WATCH}" == "true" ]]; then + logger -t network "no default route, calling panic action" + panic_action network + return 1 + else + logger -t network "no default route" + return 0 + fi + fi } stop() { diff --git a/board/common/overlay/etc/init.d/S42postupgradenet b/board/common/overlay/etc/init.d/S52postupgradenet similarity index 100% rename from board/common/overlay/etc/init.d/S42postupgradenet rename to board/common/overlay/etc/init.d/S52postupgradenet diff --git a/board/common/overlay/etc/init.d/S60sshd b/board/common/overlay/etc/init.d/S60sshd index 772b98b27c..9e3ff1c878 100755 --- a/board/common/overlay/etc/init.d/S60sshd +++ b/board/common/overlay/etc/init.d/S60sshd @@ -1,6 +1,12 @@ #!/bin/bash -CONF="/etc/sshd_config" +SYS_DIR=/etc/ssh +USER_DIR=/data/etc/ssh +RUN_DIR=/var/run/ssh + +SYS_CONF="${SYS_DIR}/sshd_config" +USER_CONF="${USER_DIR}/sshd_config" +CONF="${RUN_DIR}/sshd_config" PROG="/usr/sbin/sshd" PROG_KG="/usr/bin/ssh-keygen" @@ -10,23 +16,38 @@ test -x ${PROG} || exit 0 test -n "${OS_VERSION}" || source /etc/init.d/base -test -s ${CONF} || exit 0 +test -s ${SYS_CONF} || exit 0 test "${OS_NETWORKLESS}" == "true" && exit 0 start() { - msg_begin "Starting sshd" - - # create any missing keys - if ! ${PROG_KG} -A >/dev/null; then - msg_fail - return 1 + # merge user and sys conf files; options in first file take precedence + mkdir -p $(dirname ${CONF}) + if [[ -s ${USER_CONF} ]]; then + cat ${USER_CONF} ${SYS_CONF} > ${CONF} + else + cp ${SYS_CONF} ${CONF} fi + # ensure various dirs existence + mkdir -p ${USER_DIR} + mkdir -p ${RUN_DIR} + + # create any missing keys + if ! [[ -s ${USER_DIR}/ssh_host_rsa_key ]]; then + msg_begin "Generating ssh host keys" + for type in rsa dsa ecdsa ed25519; do + ssh-keygen -f ${USER_DIR}/ssh_host_${type}_key -N '' -t ${type} >/dev/null + done + test $? == 0 && msg_done || msg_fail + fi + + msg_begin "Starting sshd" + umask 077 hostname=$(hostname) - echo "Welcome to ${hostname}!" > /var/cache/sshd_banner + echo "Welcome to ${hostname}!" > ${RUN_DIR}/sshd_banner sync ${PROG} -f ${CONF} @@ -57,4 +78,3 @@ case "$1" in echo "Usage: $0 {start|stop|restart}" exit 1 esac - diff --git a/board/common/overlay/etc/ssh/authorized_keys b/board/common/overlay/etc/ssh/authorized_keys new file mode 120000 index 0000000000..faeaf6251e --- /dev/null +++ b/board/common/overlay/etc/ssh/authorized_keys @@ -0,0 +1 @@ +/data/etc/ssh/authorized_keys \ No newline at end of file diff --git a/board/common/overlay/etc/ssh/ssh_host_dsa_key b/board/common/overlay/etc/ssh/ssh_host_dsa_key new file mode 120000 index 0000000000..216ab6d2c1 --- /dev/null +++ b/board/common/overlay/etc/ssh/ssh_host_dsa_key @@ -0,0 +1 @@ +/data/etc/ssh/ssh_host_dsa_key \ No newline at end of file diff --git a/board/common/overlay/etc/ssh/ssh_host_dsa_key.pub b/board/common/overlay/etc/ssh/ssh_host_dsa_key.pub new file mode 120000 index 0000000000..e7cb790c28 --- /dev/null +++ b/board/common/overlay/etc/ssh/ssh_host_dsa_key.pub @@ -0,0 +1 @@ +/data/etc/ssh/ssh_host_dsa_key.pub \ No newline at end of file diff --git a/board/common/overlay/etc/ssh/ssh_host_ecdsa_key b/board/common/overlay/etc/ssh/ssh_host_ecdsa_key new file mode 120000 index 0000000000..e9d2bd2cbc --- /dev/null +++ b/board/common/overlay/etc/ssh/ssh_host_ecdsa_key @@ -0,0 +1 @@ +/data/etc/ssh/ssh_host_ecdsa_key \ No newline at end of file diff --git a/board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub b/board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub new file mode 120000 index 0000000000..98095124f5 --- /dev/null +++ b/board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub @@ -0,0 +1 @@ +/data/etc/ssh/ssh_host_ecdsa_key.pub \ No newline at end of file diff --git a/board/common/overlay/etc/ssh/ssh_host_ed25519_key b/board/common/overlay/etc/ssh/ssh_host_ed25519_key new file mode 120000 index 0000000000..4db94c79b1 --- /dev/null +++ b/board/common/overlay/etc/ssh/ssh_host_ed25519_key @@ -0,0 +1 @@ +/data/etc/ssh/ssh_host_ed25519_key \ No newline at end of file diff --git a/board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub b/board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub new file mode 120000 index 0000000000..b6fcbb1950 --- /dev/null +++ b/board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +/data/etc/ssh/ssh_host_ed25519_key.pub \ No newline at end of file diff --git a/board/common/overlay/etc/ssh/ssh_host_rsa_key b/board/common/overlay/etc/ssh/ssh_host_rsa_key new file mode 120000 index 0000000000..1839c2a53c --- /dev/null +++ b/board/common/overlay/etc/ssh/ssh_host_rsa_key @@ -0,0 +1 @@ +/data/etc/ssh/ssh_host_rsa_key \ No newline at end of file diff --git a/board/common/overlay/etc/ssh/ssh_host_rsa_key.pub b/board/common/overlay/etc/ssh/ssh_host_rsa_key.pub new file mode 120000 index 0000000000..797a0bef6c --- /dev/null +++ b/board/common/overlay/etc/ssh/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +/data/etc/ssh/ssh_host_rsa_key.pub \ No newline at end of file diff --git a/board/common/overlay/etc/ssh/sshd_config b/board/common/overlay/etc/ssh/sshd_config new file mode 100644 index 0000000000..0e74a8c256 --- /dev/null +++ b/board/common/overlay/etc/ssh/sshd_config @@ -0,0 +1,9 @@ +ListenAddress 0.0.0.0 + +PermitRootLogin yes +PermitEmptyPasswords yes +UseDNS no +Banner /var/run/ssh/sshd_banner + +Subsystem sftp /usr/libexec/sftp-server +IPQoS cs0 cs0 diff --git a/board/common/overlay/etc/sshd_config b/board/common/overlay/etc/sshd_config deleted file mode 100644 index 7ec411a8aa..0000000000 --- a/board/common/overlay/etc/sshd_config +++ /dev/null @@ -1,16 +0,0 @@ -Port 22 -ListenAddress 0.0.0.0 - -HostKey /data/etc/ssh_host_rsa_key -HostKey /data/etc/ssh_host_dsa_key -HostKey /data/etc/ssh_host_ecdsa_key -HostKey /data/etc/ssh_host_ed25519_key - -PermitRootLogin yes -PermitEmptyPasswords yes -AuthorizedKeysFile /data/etc/ssh_authorized_keys -UseDNS no -Banner /var/cache/sshd_banner - -Subsystem sftp /usr/libexec/sftp-server -IPQoS cs0 cs0 diff --git a/board/common/overlay/root/.ssh b/board/common/overlay/root/.ssh new file mode 120000 index 0000000000..54bdc1241d --- /dev/null +++ b/board/common/overlay/root/.ssh @@ -0,0 +1 @@ +/data/etc/ssh \ No newline at end of file diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk index 01978f551b..4fef5caedb 100644 --- a/package/openssh/openssh.mk +++ b/package/openssh/openssh.mk @@ -10,7 +10,7 @@ OPENSSH_LICENSE = BSD-3-Clause, BSD-2-Clause, Public Domain OPENSSH_LICENSE_FILES = LICENCE OPENSSH_CONF_ENV = LD="$(TARGET_CC)" LDFLAGS="$(TARGET_CFLAGS)" OPENSSH_CONF_OPTS = \ - --sysconfdir=/data/etc \ + --sysconfdir=/etc/ssh \ --with-default-path=$(BR2_SYSTEM_DEFAULT_PATH) \ --disable-lastlog \ --disable-utmp \