package/network/services/dropbear/files/dropbear.failsafe

   1 #!/bin/sh
   2
   3 _dropbear()
   4 {
   5         /usr/sbin/dropbear "$@" </dev/null >/dev/null 2>&1
   6 }
   7
   8 _dropbearkey()
   9 {
  10         /usr/bin/dropbearkey "$@" </dev/null >/dev/null 2>&1
  11 }
  12
  13 _ensurekey()
  14 {
  15         _dropbearkey -y -f "$1" && return
  16         rm -f "$1"
  17         _dropbearkey -f "$@" || {
  18                 rm -f "$1"
  19                 return 1
  20         }
  21 }
  22
  23 ktype_all='ed25519 ecdsa rsa'
  24
  25 failsafe_dropbear () {
  26         local kargs kcount ktype tkey
  27
  28         kargs=
  29         kcount=0
  30         for ktype in ${ktype_all} ; do
  31                 tkey="/tmp/dropbear_failsafe_${ktype}_host_key"
  32
  33                 case "${ktype}" in
  34                 ed25519) _ensurekey "${tkey}" -t ed25519 ;;
  35                 ecdsa)   _ensurekey "${tkey}" -t ecdsa -s 256 ;;
  36                 rsa)     _ensurekey "${tkey}" -t rsa   -s 1024 ;;
  37                 *)
  38                         echo "unknown key type: ${ktype}" >&2
  39                         continue
  40                 ;;
  41                 esac
  42
  43                 [ -s "${tkey}" ] || {
  44                         rm -f "${tkey}"
  45                         continue
  46                 }
  47
  48                 chmod 0400 "${tkey}"
  49                 kargs="${kargs}${kargs:+ }-r ${tkey}"
  50                 kcount=$((kcount+1))
  51         done
  52
  53         [ "${kcount}" != 0 ] || {
  54                 echo 'DROPBEAR IS BROKEN' >&2
  55                 return 1
  56         }
  57
  58         _dropbear ${kargs}
  59 }
  60
  61 boot_hook_add failsafe failsafe_dropbear