From b1b7d6790ed57ff72c64524c975e4c906fdbf081 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Wed, 15 Jan 2020 22:29:19 +0200
Subject: [PATCH 01/11] S40network: do not consider network ok unless default
 route ok

---
 board/common/overlay/etc/init.d/S40network | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/board/common/overlay/etc/init.d/S40network b/board/common/overlay/etc/init.d/S40network
index ded2816e0a..4885db4028 100755
--- a/board/common/overlay/etc/init.d/S40network
+++ b/board/common/overlay/etc/init.d/S40network
@@ -185,19 +185,22 @@ start() {
 
     ssid=$(cat /data/etc/wpa_supplicant.conf 2>&1 | grep ssid | grep -v scan_ssid | cut -d '"' -f 2)
     test -n "${OS_WLAN}" -a -n "${ssid}" && start_wlan && wlan_ok="ok"
-    
     test -n "${OS_PPP}" -a -r /data/etc/ppp/modem && ifconfig | grep ${OS_PPP} &>/dev/null && ppp_ok="ok"
+    def_route_ok=$(ip route get 1.1.1.1 &>/dev/null && echo "ok")
     
     if [[ -n "${OS_ETH}" ]]; then
-            # if wifi or ppp link ok, start eth in background
-        if [[ "${wlan_ok}" == "ok" ]] || [[ "${ppp_ok}" == "ok" ]]; then
+        # if wifi or ppp link ok, start eth in background
+        if [[ "${wlan_ok}" == "ok" ]] || [[ "${ppp_ok}" == "ok" ]] && [[ "${def_route_ok}" == "ok" ]]; then
             start_eth &>/dev/null &
         else
             start_eth && eth_ok="ok"
         fi
     fi
+
+    # re-evalutate default route, as it might have changed with start_eth    
+    def_route_ok=$(ip route get 1.1.1.1 &>/dev/null && echo "ok")
     
-    if [[ "${eth_ok}" != "ok" ]] && [[ "${wlan_ok}" != "ok" ]] && [[ "${ppp_ok}" != "ok" ]]; then
+    if [[ "${eth_ok}" != "ok" ]] && [[ "${wlan_ok}" != "ok" ]] && [[ "${ppp_ok}" != "ok" ]] || [[ "${def_route_ok}" != "ok" ]]; then
         if [[ "${LINK_WATCH}" == "true" ]]; then
             logger -t network "no network connection available, calling panic action"
             panic_action network

From 18a93d2a0815ce20d820698a632a4dbdf05a1fa0 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Thu, 16 Jan 2020 22:14:10 +0200
Subject: [PATCH 02/11] S42postupgradenet -> S52postupgradenet

---
 .../overlay/etc/init.d/{S42postupgradenet => S52postupgradenet}   | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename board/common/overlay/etc/init.d/{S42postupgradenet => S52postupgradenet} (100%)

diff --git a/board/common/overlay/etc/init.d/S42postupgradenet b/board/common/overlay/etc/init.d/S52postupgradenet
similarity index 100%
rename from board/common/overlay/etc/init.d/S42postupgradenet
rename to board/common/overlay/etc/init.d/S52postupgradenet

From 9c96f22ed0b0f235a69c29a6f32c12c373d1dcc3 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Fri, 17 Jan 2020 22:29:51 +0200
Subject: [PATCH 03/11] S40network: fix def route validation

---
 board/common/overlay/etc/init.d/S40network | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/board/common/overlay/etc/init.d/S40network b/board/common/overlay/etc/init.d/S40network
index 4885db4028..08f1356c3f 100755
--- a/board/common/overlay/etc/init.d/S40network
+++ b/board/common/overlay/etc/init.d/S40network
@@ -197,10 +197,7 @@ start() {
         fi
     fi
 
-    # re-evalutate default route, as it might have changed with start_eth    
-    def_route_ok=$(ip route get 1.1.1.1 &>/dev/null && echo "ok")
-    
-    if [[ "${eth_ok}" != "ok" ]] && [[ "${wlan_ok}" != "ok" ]] && [[ "${ppp_ok}" != "ok" ]] || [[ "${def_route_ok}" != "ok" ]]; then
+    if [[ "${eth_ok}" != "ok" ]] && [[ "${wlan_ok}" != "ok" ]] && [[ "${ppp_ok}" != "ok" ]]; then
         if [[ "${LINK_WATCH}" == "true" ]]; then
             logger -t network "no network connection available, calling panic action"
             panic_action network
@@ -235,6 +232,19 @@ start() {
             test $? == 0 && msg_done || msg_fail
         fi
     fi
+
+    # re-evalutate default route, as it might have changed with start_eth or static IP
+    def_route_ok=$(ip route get 1.1.1.1 &>/dev/null && echo "ok")
+    if [[ "${def_route_ok}" != "ok" ]]; then
+        if [[ "${IP_WATCH}" == "true" ]]; then
+            logger -t network "no default route, calling panic action"
+            panic_action network
+            return 1
+        else
+            logger -t network "no default route"
+            return 0
+        fi
+    fi
 }
 
 stop() {

From e7f6389780d67389be17453ad98a1835efa4c3a9 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 22:26:44 +0200
Subject: [PATCH 04/11] sshd: allow adding user options in
 /data/etc/sshd_config

---
 board/common/overlay/etc/init.d/S60sshd | 14 +++++++++++---
 board/common/overlay/etc/sshd_config    |  1 -
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/board/common/overlay/etc/init.d/S60sshd b/board/common/overlay/etc/init.d/S60sshd
index 772b98b27c..4d402056f6 100755
--- a/board/common/overlay/etc/init.d/S60sshd
+++ b/board/common/overlay/etc/init.d/S60sshd
@@ -1,6 +1,8 @@
 #!/bin/bash
 
-CONF="/etc/sshd_config"
+SYS_CONF="/etc/sshd_config"
+USER_CONF="/data/etc/sshd_config"
+CONF="/var/run/sshd_config"
 
 PROG="/usr/sbin/sshd"
 PROG_KG="/usr/bin/ssh-keygen"
@@ -10,7 +12,7 @@ test -x ${PROG} || exit 0
 
 test -n "${OS_VERSION}" || source /etc/init.d/base
 
-test -s ${CONF} || exit 0
+test -s ${SYS_CONF} || exit 0
 
 test "${OS_NETWORKLESS}" == "true" && exit 0
 
@@ -18,6 +20,13 @@ test "${OS_NETWORKLESS}" == "true" && exit 0
 start() {
     msg_begin "Starting sshd"
     
+    # merge user and sys conf files; options in first file take precedence
+    if [[ -s ${USER_CONF} ]]; then
+        cat ${USER_CONF} ${SYS_CONF} > ${CONF}
+    else
+        cp ${SYS_CONF} ${CONF}
+    fi
+
     # create any missing keys
     if ! ${PROG_KG} -A >/dev/null; then
         msg_fail
@@ -57,4 +66,3 @@ case "$1" in
         echo "Usage: $0 {start|stop|restart}"
         exit 1
 esac
-
diff --git a/board/common/overlay/etc/sshd_config b/board/common/overlay/etc/sshd_config
index 7ec411a8aa..1ff59cc9b4 100644
--- a/board/common/overlay/etc/sshd_config
+++ b/board/common/overlay/etc/sshd_config
@@ -1,4 +1,3 @@
-Port 22
 ListenAddress 0.0.0.0
 
 HostKey /data/etc/ssh_host_rsa_key

From e5354e71ebaba2c17caae88f15810d0df59106f5 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 22:56:20 +0200
Subject: [PATCH 05/11] openssh: restore default /etc/ssh config dir

---
 package/openssh/openssh.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index 01978f551b..4fef5caedb 100644
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -10,7 +10,7 @@ OPENSSH_LICENSE = BSD-3-Clause, BSD-2-Clause, Public Domain
 OPENSSH_LICENSE_FILES = LICENCE
 OPENSSH_CONF_ENV = LD="$(TARGET_CC)" LDFLAGS="$(TARGET_CFLAGS)"
 OPENSSH_CONF_OPTS = \
-	--sysconfdir=/data/etc \
+	--sysconfdir=/etc/ssh \
 	--with-default-path=$(BR2_SYSTEM_DEFAULT_PATH) \
 	--disable-lastlog \
 	--disable-utmp \

From fe54e3e841b70018084f0b61ab4fcd59148d758b Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 23:01:18 +0200
Subject: [PATCH 06/11] Move /etc/sshd_config to /etc/ssh

---
 board/common/overlay/etc/{ => ssh}/sshd_config | 5 -----
 1 file changed, 5 deletions(-)
 rename board/common/overlay/etc/{ => ssh}/sshd_config (59%)

diff --git a/board/common/overlay/etc/sshd_config b/board/common/overlay/etc/ssh/sshd_config
similarity index 59%
rename from board/common/overlay/etc/sshd_config
rename to board/common/overlay/etc/ssh/sshd_config
index 1ff59cc9b4..ff80b59285 100644
--- a/board/common/overlay/etc/sshd_config
+++ b/board/common/overlay/etc/ssh/sshd_config
@@ -1,10 +1,5 @@
 ListenAddress 0.0.0.0
 
-HostKey /data/etc/ssh_host_rsa_key
-HostKey /data/etc/ssh_host_dsa_key
-HostKey /data/etc/ssh_host_ecdsa_key
-HostKey /data/etc/ssh_host_ed25519_key
-
 PermitRootLogin yes
 PermitEmptyPasswords yes
 AuthorizedKeysFile /data/etc/ssh_authorized_keys

From 812d2247988e0956a513de75b9b5e6e22e2b2b39 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 23:02:15 +0200
Subject: [PATCH 07/11] Make ssh host keys symlinks to /data/etc/ssh

---
 board/common/overlay/etc/ssh/ssh_host_dsa_key         | 1 +
 board/common/overlay/etc/ssh/ssh_host_dsa_key.pub     | 1 +
 board/common/overlay/etc/ssh/ssh_host_ecdsa_key       | 1 +
 board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub   | 1 +
 board/common/overlay/etc/ssh/ssh_host_ed25519_key     | 1 +
 board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub | 1 +
 board/common/overlay/etc/ssh/ssh_host_rsa_key         | 1 +
 board/common/overlay/etc/ssh/ssh_host_rsa_key.pub     | 1 +
 8 files changed, 8 insertions(+)
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_dsa_key
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_dsa_key.pub
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_ecdsa_key
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_ed25519_key
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_rsa_key
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_rsa_key.pub

diff --git a/board/common/overlay/etc/ssh/ssh_host_dsa_key b/board/common/overlay/etc/ssh/ssh_host_dsa_key
new file mode 120000
index 0000000000..216ab6d2c1
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_dsa_key
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_dsa_key
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_dsa_key.pub b/board/common/overlay/etc/ssh/ssh_host_dsa_key.pub
new file mode 120000
index 0000000000..e7cb790c28
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_dsa_key.pub
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_dsa_key.pub
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_ecdsa_key b/board/common/overlay/etc/ssh/ssh_host_ecdsa_key
new file mode 120000
index 0000000000..e9d2bd2cbc
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_ecdsa_key
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_ecdsa_key
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub b/board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub
new file mode 120000
index 0000000000..98095124f5
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_ecdsa_key.pub
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_ed25519_key b/board/common/overlay/etc/ssh/ssh_host_ed25519_key
new file mode 120000
index 0000000000..4db94c79b1
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_ed25519_key
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_ed25519_key
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub b/board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub
new file mode 120000
index 0000000000..b6fcbb1950
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_ed25519_key.pub
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_rsa_key b/board/common/overlay/etc/ssh/ssh_host_rsa_key
new file mode 120000
index 0000000000..1839c2a53c
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_rsa_key
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_rsa_key
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_rsa_key.pub b/board/common/overlay/etc/ssh/ssh_host_rsa_key.pub
new file mode 120000
index 0000000000..797a0bef6c
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_rsa_key.pub
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_rsa_key.pub
\ No newline at end of file

From 91ff81e045148e3773d776f6ce1f4437672c80ab Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 23:23:04 +0200
Subject: [PATCH 08/11] Make /etc/ssh/authorzed_keys symlink to /data/etc/ssh

---
 board/common/overlay/etc/ssh/authorized_keys | 1 +
 board/common/overlay/etc/ssh/sshd_config     | 3 +--
 2 files changed, 2 insertions(+), 2 deletions(-)
 create mode 120000 board/common/overlay/etc/ssh/authorized_keys

diff --git a/board/common/overlay/etc/ssh/authorized_keys b/board/common/overlay/etc/ssh/authorized_keys
new file mode 120000
index 0000000000..faeaf6251e
--- /dev/null
+++ b/board/common/overlay/etc/ssh/authorized_keys
@@ -0,0 +1 @@
+/data/etc/ssh/authorized_keys
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/sshd_config b/board/common/overlay/etc/ssh/sshd_config
index ff80b59285..0e74a8c256 100644
--- a/board/common/overlay/etc/ssh/sshd_config
+++ b/board/common/overlay/etc/ssh/sshd_config
@@ -2,9 +2,8 @@ ListenAddress 0.0.0.0
 
 PermitRootLogin yes
 PermitEmptyPasswords yes
-AuthorizedKeysFile /data/etc/ssh_authorized_keys
 UseDNS no
-Banner /var/cache/sshd_banner
+Banner /var/run/ssh/sshd_banner
 
 Subsystem sftp /usr/libexec/sftp-server
 IPQoS cs0 cs0

From 0bba999283e7790b5912ed2e040476b7ec50e928 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 23:29:59 +0200
Subject: [PATCH 09/11] Make /root/.ssh symlink to /data/etc/ssh

---
 board/common/overlay/root/.ssh | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 board/common/overlay/root/.ssh

diff --git a/board/common/overlay/root/.ssh b/board/common/overlay/root/.ssh
new file mode 120000
index 0000000000..54bdc1241d
--- /dev/null
+++ b/board/common/overlay/root/.ssh
@@ -0,0 +1 @@
+/data/etc/ssh
\ No newline at end of file

From 7b391d66e7ff8f8f33775807c3dd24b7680ce644 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 23:47:05 +0200
Subject: [PATCH 10/11] Update sshd init script

---
 board/common/overlay/etc/init.d/S60sshd | 30 +++++++++++++++++--------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/board/common/overlay/etc/init.d/S60sshd b/board/common/overlay/etc/init.d/S60sshd
index 4d402056f6..9e3ff1c878 100755
--- a/board/common/overlay/etc/init.d/S60sshd
+++ b/board/common/overlay/etc/init.d/S60sshd
@@ -1,8 +1,12 @@
 #!/bin/bash
 
-SYS_CONF="/etc/sshd_config"
-USER_CONF="/data/etc/sshd_config"
-CONF="/var/run/sshd_config"
+SYS_DIR=/etc/ssh
+USER_DIR=/data/etc/ssh
+RUN_DIR=/var/run/ssh
+
+SYS_CONF="${SYS_DIR}/sshd_config"
+USER_CONF="${USER_DIR}/sshd_config"
+CONF="${RUN_DIR}/sshd_config"
 
 PROG="/usr/sbin/sshd"
 PROG_KG="/usr/bin/ssh-keygen"
@@ -18,24 +22,32 @@ test "${OS_NETWORKLESS}" == "true" && exit 0
 
 
 start() {
-    msg_begin "Starting sshd"
-    
     # merge user and sys conf files; options in first file take precedence
+    mkdir -p $(dirname ${CONF})
     if [[ -s ${USER_CONF} ]]; then
         cat ${USER_CONF} ${SYS_CONF} > ${CONF}
     else
         cp ${SYS_CONF} ${CONF}
     fi
 
+    # ensure various dirs existence
+    mkdir -p ${USER_DIR}
+    mkdir -p ${RUN_DIR}
+
     # create any missing keys
-    if ! ${PROG_KG} -A >/dev/null; then
-        msg_fail
-        return 1
+    if ! [[ -s ${USER_DIR}/ssh_host_rsa_key ]]; then
+        msg_begin "Generating ssh host keys"
+        for type in rsa dsa ecdsa ed25519; do
+            ssh-keygen -f ${USER_DIR}/ssh_host_${type}_key -N '' -t ${type} >/dev/null
+        done
+        test $? == 0 && msg_done || msg_fail
     fi
 
+    msg_begin "Starting sshd"
+    
     umask 077
     hostname=$(hostname)
-    echo "Welcome to ${hostname}!" > /var/cache/sshd_banner
+    echo "Welcome to ${hostname}!" > ${RUN_DIR}/sshd_banner
     sync
 
     ${PROG} -f ${CONF}

From 84920db7715ec3a8ceb786ef259a9a200b244644 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Tue, 21 Jan 2020 23:34:25 +0200
Subject: [PATCH 11/11] cleanup.sh: leave /etc/ssh alone

---
 board/common/cleanups.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/board/common/cleanups.sh b/board/common/cleanups.sh
index 9f85a16f7c..e58c789d67 100755
--- a/board/common/cleanups.sh
+++ b/board/common/cleanups.sh
@@ -10,7 +10,6 @@ find ${TARGET} -name '.empty' | xargs -r rm
 # /etc stuff
 rm -rf ${TARGET}/etc/network/
 rm -rf ${TARGET}/etc/dhcp/
-rm -rf ${TARGET}/etc/ssh/
 rm -rf ${TARGET}/etc/rc_keymaps/
 rm -rf ${TARGET}/etc/default/
 rm -rf ${TARGET}/etc/ctdb/