From e7f6389780d67389be17453ad98a1835efa4c3a9 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 22:26:44 +0200
Subject: [PATCH 1/7] sshd: allow adding user options in /data/etc/sshd_config

---
 board/common/overlay/etc/init.d/S60sshd | 14 +++++++++++---
 board/common/overlay/etc/sshd_config    |  1 -
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/board/common/overlay/etc/init.d/S60sshd b/board/common/overlay/etc/init.d/S60sshd
index 772b98b27c..4d402056f6 100755
--- a/board/common/overlay/etc/init.d/S60sshd
+++ b/board/common/overlay/etc/init.d/S60sshd
@@ -1,6 +1,8 @@
 #!/bin/bash
 
-CONF="/etc/sshd_config"
+SYS_CONF="/etc/sshd_config"
+USER_CONF="/data/etc/sshd_config"
+CONF="/var/run/sshd_config"
 
 PROG="/usr/sbin/sshd"
 PROG_KG="/usr/bin/ssh-keygen"
@@ -10,7 +12,7 @@ test -x ${PROG} || exit 0
 
 test -n "${OS_VERSION}" || source /etc/init.d/base
 
-test -s ${CONF} || exit 0
+test -s ${SYS_CONF} || exit 0
 
 test "${OS_NETWORKLESS}" == "true" && exit 0
 
@@ -18,6 +20,13 @@ test "${OS_NETWORKLESS}" == "true" && exit 0
 start() {
     msg_begin "Starting sshd"
     
+    # merge user and sys conf files; options in first file take precedence
+    if [[ -s ${USER_CONF} ]]; then
+        cat ${USER_CONF} ${SYS_CONF} > ${CONF}
+    else
+        cp ${SYS_CONF} ${CONF}
+    fi
+
     # create any missing keys
     if ! ${PROG_KG} -A >/dev/null; then
         msg_fail
@@ -57,4 +66,3 @@ case "$1" in
         echo "Usage: $0 {start|stop|restart}"
         exit 1
 esac
-
diff --git a/board/common/overlay/etc/sshd_config b/board/common/overlay/etc/sshd_config
index 7ec411a8aa..1ff59cc9b4 100644
--- a/board/common/overlay/etc/sshd_config
+++ b/board/common/overlay/etc/sshd_config
@@ -1,4 +1,3 @@
-Port 22
 ListenAddress 0.0.0.0
 
 HostKey /data/etc/ssh_host_rsa_key

From e5354e71ebaba2c17caae88f15810d0df59106f5 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 22:56:20 +0200
Subject: [PATCH 2/7] openssh: restore default /etc/ssh config dir

---
 package/openssh/openssh.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index 01978f551b..4fef5caedb 100644
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -10,7 +10,7 @@ OPENSSH_LICENSE = BSD-3-Clause, BSD-2-Clause, Public Domain
 OPENSSH_LICENSE_FILES = LICENCE
 OPENSSH_CONF_ENV = LD="$(TARGET_CC)" LDFLAGS="$(TARGET_CFLAGS)"
 OPENSSH_CONF_OPTS = \
-	--sysconfdir=/data/etc \
+	--sysconfdir=/etc/ssh \
 	--with-default-path=$(BR2_SYSTEM_DEFAULT_PATH) \
 	--disable-lastlog \
 	--disable-utmp \

From fe54e3e841b70018084f0b61ab4fcd59148d758b Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 23:01:18 +0200
Subject: [PATCH 3/7] Move /etc/sshd_config to /etc/ssh

---
 board/common/overlay/etc/{ => ssh}/sshd_config | 5 -----
 1 file changed, 5 deletions(-)
 rename board/common/overlay/etc/{ => ssh}/sshd_config (59%)

diff --git a/board/common/overlay/etc/sshd_config b/board/common/overlay/etc/ssh/sshd_config
similarity index 59%
rename from board/common/overlay/etc/sshd_config
rename to board/common/overlay/etc/ssh/sshd_config
index 1ff59cc9b4..ff80b59285 100644
--- a/board/common/overlay/etc/sshd_config
+++ b/board/common/overlay/etc/ssh/sshd_config
@@ -1,10 +1,5 @@
 ListenAddress 0.0.0.0
 
-HostKey /data/etc/ssh_host_rsa_key
-HostKey /data/etc/ssh_host_dsa_key
-HostKey /data/etc/ssh_host_ecdsa_key
-HostKey /data/etc/ssh_host_ed25519_key
-
 PermitRootLogin yes
 PermitEmptyPasswords yes
 AuthorizedKeysFile /data/etc/ssh_authorized_keys

From 812d2247988e0956a513de75b9b5e6e22e2b2b39 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 23:02:15 +0200
Subject: [PATCH 4/7] Make ssh host keys symlinks to /data/etc/ssh

---
 board/common/overlay/etc/ssh/ssh_host_dsa_key         | 1 +
 board/common/overlay/etc/ssh/ssh_host_dsa_key.pub     | 1 +
 board/common/overlay/etc/ssh/ssh_host_ecdsa_key       | 1 +
 board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub   | 1 +
 board/common/overlay/etc/ssh/ssh_host_ed25519_key     | 1 +
 board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub | 1 +
 board/common/overlay/etc/ssh/ssh_host_rsa_key         | 1 +
 board/common/overlay/etc/ssh/ssh_host_rsa_key.pub     | 1 +
 8 files changed, 8 insertions(+)
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_dsa_key
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_dsa_key.pub
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_ecdsa_key
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_ed25519_key
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_rsa_key
 create mode 120000 board/common/overlay/etc/ssh/ssh_host_rsa_key.pub

diff --git a/board/common/overlay/etc/ssh/ssh_host_dsa_key b/board/common/overlay/etc/ssh/ssh_host_dsa_key
new file mode 120000
index 0000000000..216ab6d2c1
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_dsa_key
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_dsa_key
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_dsa_key.pub b/board/common/overlay/etc/ssh/ssh_host_dsa_key.pub
new file mode 120000
index 0000000000..e7cb790c28
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_dsa_key.pub
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_dsa_key.pub
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_ecdsa_key b/board/common/overlay/etc/ssh/ssh_host_ecdsa_key
new file mode 120000
index 0000000000..e9d2bd2cbc
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_ecdsa_key
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_ecdsa_key
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub b/board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub
new file mode 120000
index 0000000000..98095124f5
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_ecdsa_key.pub
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_ed25519_key b/board/common/overlay/etc/ssh/ssh_host_ed25519_key
new file mode 120000
index 0000000000..4db94c79b1
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_ed25519_key
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_ed25519_key
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub b/board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub
new file mode 120000
index 0000000000..b6fcbb1950
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_ed25519_key.pub
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_rsa_key b/board/common/overlay/etc/ssh/ssh_host_rsa_key
new file mode 120000
index 0000000000..1839c2a53c
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_rsa_key
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_rsa_key
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/ssh_host_rsa_key.pub b/board/common/overlay/etc/ssh/ssh_host_rsa_key.pub
new file mode 120000
index 0000000000..797a0bef6c
--- /dev/null
+++ b/board/common/overlay/etc/ssh/ssh_host_rsa_key.pub
@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_rsa_key.pub
\ No newline at end of file

From 91ff81e045148e3773d776f6ce1f4437672c80ab Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 23:23:04 +0200
Subject: [PATCH 5/7] Make /etc/ssh/authorzed_keys symlink to /data/etc/ssh

---
 board/common/overlay/etc/ssh/authorized_keys | 1 +
 board/common/overlay/etc/ssh/sshd_config     | 3 +--
 2 files changed, 2 insertions(+), 2 deletions(-)
 create mode 120000 board/common/overlay/etc/ssh/authorized_keys

diff --git a/board/common/overlay/etc/ssh/authorized_keys b/board/common/overlay/etc/ssh/authorized_keys
new file mode 120000
index 0000000000..faeaf6251e
--- /dev/null
+++ b/board/common/overlay/etc/ssh/authorized_keys
@@ -0,0 +1 @@
+/data/etc/ssh/authorized_keys
\ No newline at end of file
diff --git a/board/common/overlay/etc/ssh/sshd_config b/board/common/overlay/etc/ssh/sshd_config
index ff80b59285..0e74a8c256 100644
--- a/board/common/overlay/etc/ssh/sshd_config
+++ b/board/common/overlay/etc/ssh/sshd_config
@@ -2,9 +2,8 @@ ListenAddress 0.0.0.0
 
 PermitRootLogin yes
 PermitEmptyPasswords yes
-AuthorizedKeysFile /data/etc/ssh_authorized_keys
 UseDNS no
-Banner /var/cache/sshd_banner
+Banner /var/run/ssh/sshd_banner
 
 Subsystem sftp /usr/libexec/sftp-server
 IPQoS cs0 cs0

From 0bba999283e7790b5912ed2e040476b7ec50e928 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 23:29:59 +0200
Subject: [PATCH 6/7] Make /root/.ssh symlink to /data/etc/ssh

---
 board/common/overlay/root/.ssh | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 board/common/overlay/root/.ssh

diff --git a/board/common/overlay/root/.ssh b/board/common/overlay/root/.ssh
new file mode 120000
index 0000000000..54bdc1241d
--- /dev/null
+++ b/board/common/overlay/root/.ssh
@@ -0,0 +1 @@
+/data/etc/ssh
\ No newline at end of file

From 7b391d66e7ff8f8f33775807c3dd24b7680ce644 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 20 Jan 2020 23:47:05 +0200
Subject: [PATCH 7/7] Update sshd init script

---
 board/common/overlay/etc/init.d/S60sshd | 30 +++++++++++++++++--------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/board/common/overlay/etc/init.d/S60sshd b/board/common/overlay/etc/init.d/S60sshd
index 4d402056f6..9e3ff1c878 100755
--- a/board/common/overlay/etc/init.d/S60sshd
+++ b/board/common/overlay/etc/init.d/S60sshd
@@ -1,8 +1,12 @@
 #!/bin/bash
 
-SYS_CONF="/etc/sshd_config"
-USER_CONF="/data/etc/sshd_config"
-CONF="/var/run/sshd_config"
+SYS_DIR=/etc/ssh
+USER_DIR=/data/etc/ssh
+RUN_DIR=/var/run/ssh
+
+SYS_CONF="${SYS_DIR}/sshd_config"
+USER_CONF="${USER_DIR}/sshd_config"
+CONF="${RUN_DIR}/sshd_config"
 
 PROG="/usr/sbin/sshd"
 PROG_KG="/usr/bin/ssh-keygen"
@@ -18,24 +22,32 @@ test "${OS_NETWORKLESS}" == "true" && exit 0
 
 
 start() {
-    msg_begin "Starting sshd"
-    
     # merge user and sys conf files; options in first file take precedence
+    mkdir -p $(dirname ${CONF})
     if [[ -s ${USER_CONF} ]]; then
         cat ${USER_CONF} ${SYS_CONF} > ${CONF}
     else
         cp ${SYS_CONF} ${CONF}
     fi
 
+    # ensure various dirs existence
+    mkdir -p ${USER_DIR}
+    mkdir -p ${RUN_DIR}
+
     # create any missing keys
-    if ! ${PROG_KG} -A >/dev/null; then
-        msg_fail
-        return 1
+    if ! [[ -s ${USER_DIR}/ssh_host_rsa_key ]]; then
+        msg_begin "Generating ssh host keys"
+        for type in rsa dsa ecdsa ed25519; do
+            ssh-keygen -f ${USER_DIR}/ssh_host_${type}_key -N '' -t ${type} >/dev/null
+        done
+        test $? == 0 && msg_done || msg_fail
     fi
 
+    msg_begin "Starting sshd"
+    
     umask 077
     hostname=$(hostname)
-    echo "Welcome to ${hostname}!" > /var/cache/sshd_banner
+    echo "Welcome to ${hostname}!" > ${RUN_DIR}/sshd_banner
     sync
 
     ${PROG} -f ${CONF}