As dropbear doesn't support /etc/ssh/known_hosts, /root/.ssh/known_hosts is
used instead.
There's a coming patch to come for LuCI that adds a web interface to configure
everything, this includes adding known hosts to /root/.ssh/known_hosts which
is a requirements for port forwarding.
Signed-off-by: Christian Gagneraud <ch...@techworks.ie>
--- a/package/dropbear/Makefile
+++ b/package/dropbear/Makefile
@@ -37,6 +37,7 @@ define Package/dropbear/description
endef
define Package/dropbear/conffiles
+/root/.ssh/known_hosts
/etc/dropbear/dropbear_rsa_host_key
/etc/dropbear/dropbear_dss_host_key
/etc/config/dropbear
@@ -99,8 +100,13 @@ define Package/dropbear/install
$(INSTALL_DATA) ./files/dropbear.config $(1)/etc/config/dropbear
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/dropbear.init $(1)/etc/init.d/dropbear
+ $(INSTALL_BIN) ./files/dbclient.init $(1)/etc/init.d/dbclient
$(INSTALL_DIR) $(1)/usr/lib/opkg/info
$(INSTALL_DIR) $(1)/etc/dropbear
+ $(INSTALL_DIR) $(1)/root/.ssh
+ chmod 0700 $(1)/root/.ssh
+ touch $(1)/root/.ssh/known_hosts
+ chmod 0600 $(1)/root/.ssh/known_hosts
touch $(1)/etc/dropbear/dropbear_rsa_host_key
touch $(1)/etc/dropbear/dropbear_dss_host_key
endef
--- /dev/null
+++ b/package/dropbear/files/dbclient.init
@@ -0,0 +1,133 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2012 Christian Gagneraud <ch...@techworks.ie>
+# Copyright (C) 2006-2010 OpenWrt.org
+# Copyright (C) 2006 Carlos Sobrinho
+
+START=60
+STOP=40
+
+SERVICE_WRITE_PID=1
+
+NAME=dbclient
+PROG=/usr/bin/dbclient
+PIDCOUNT=0
+
+dbclient_start() {
+
+ get_iface_address() {
+ interface="$1"
+ grep -qs "^ *$ifname:" /proc/net/dev || {
+ echo '*'
+ return
+ }
+ echo $(ifconfig "$ifname" | sed -ne '
+ /addr: *fe[89ab][0-9a-f]:/d
+ s/.* addr: *\([0-9a-f:\.]*\).*/\1/p
+ ' | head -n1 2>/dev/null)
+ }
+
+ local section="$1"
+ local type="$2"
+
+ # check if section is enabled (default)
+ local enabled
+ config_get_bool enabled "${section}" enable 1
+ [ "${enabled}" -eq 0 ] && return 1
+
+ # verbose parameter
+ local verbosed
+ config_get_bool verbosed "${section}" verbose 0
+
+ # increase pid file count to handle multiple instances correctly
+ PIDCOUNT="$(( ${PIDCOUNT} + 1))"
+ local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"
+
+ # A) Basics args: no remote command, run in background
+ # TODO: no pty?
+ args="-N -f -i /etc/dropbear/dropbear_dss_host_key -i
/etc/dropbear/dropbear_rsa_host_key"
+
+ # B) Port forwarding spec
+ local port
+ local host
+ local hostport
+ config_get port "${section}" Port
+ config_get host "${section}" Host
+ config_get hostport "${section}" HostPort
+ local bind
+ local address
+ config_get_bool bind "${section}" BindEnabled 0
+ [ "${bind}" -eq 1 ] && {
+ [ "${type}" == "L" ] && {
+ config_get interface "${section}" Interface
+ if [ -z "$interface" ]; then
+ address='0.0.0.0:'
+ else
+ config_get interface "${interface}" ifname
"$interface"
+ address=$(get_iface_address $interface)
+ [ -z "$address" ] || address="$address:"
+ fi
+ }
+ [ "${type}" == "R" ] && {
+ config_get address "${section}" Address '0.0.0.0'
+ address="$address:"
+ }
+ }
+ append args "-$type $address$port:$host:$hostport"
+
+ # C) Allow remote hosts to connect to forwarded ports
+ config_get_bool val "${section}" GatewayPorts 0
+ [ "${val}" -eq 1 ] && append args "-g"
+
+ # D) Always accept remote host key if unknown
+ config_get_bool val "${section}" AcceptUnknown 0
+ [ "${val}" -eq 1 ] && append args "-y"
+
+ # E) Keepalive interval and receive window buffer
+ config_get_bool val "${section}" KeepAlive 0
+ [ "${val}" -ne 0 ] && append args "-K $val"
+ config_get_bool val "${section}" WindowBuffer 0
+ [ "${val}" -ne 0 ] && append args "-W $val"
+
+ # F) Server spec
+ local user
+ local server
+ local serverport
+ config_get server "${section}" Server
+ config_get serverport "${section}" ServerPort 22
+ config_get user "${section}" User
+ append args "$user@$server/$serverport"
+
+ # execute program and return its exit code
+ [ "${verbosed}" -ne 0 ] && logger -t "${NAME}" "section ${section}
starting ${PROG} ${args}"
+ SERVICE_PID_FILE="$pid_file" service_start ${PROG} ${args}
+ rc=$?
+ [ "$rc" -eq 0 ] || rm -f "$pid_file"
+ return "$rc"
+}
+
+start()
+{
+ # Make sure know_hosts is not world readable
+ chmod 0600 /root/.ssh/known_hosts
+ chmod 0700 /root/.ssh
+ include /lib/network
+ scan_interfaces
+ config_load "dropbear"
+ config_foreach dbclient_start local_forward "L"
+ config_foreach dbclient_start remote_forward "R"
+}
+
+stop()
+{
+ local pid_file pid_files
+
+ pid_files=`ls /var/run/${NAME}.*.pid 2>/dev/null`
+
+ [ -z "$pid_files" ] && return 1
+
+ for pid_file in $pid_files; do
+ SERVICE_PID_FILE="$pid_file" service_stop ${PROG} && {
+ rm -f ${pid_file}
+ }
+ done
+}
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
