openwrt/package/network/services/dropbear/files/dropbear.failsafe

62 lines
992 B
Plaintext
Raw Normal View History

#!/bin/sh
_dropbear()
{
/usr/sbin/dropbear "$@" </dev/null >/dev/null 2>&1
}
_dropbearkey()
{
/usr/bin/dropbearkey "$@" </dev/null >/dev/null 2>&1
}
_ensurekey()
{
_dropbearkey -y -f "$1" && return
rm -f "$1"
_dropbearkey -f "$@" || {
rm -f "$1"
return 1
}
}
ktype_all='ed25519 ecdsa rsa'
failsafe_dropbear () {
local kargs kcount ktype tkey
kargs=
kcount=0
for ktype in ${ktype_all} ; do
tkey="/tmp/dropbear_failsafe_${ktype}_host_key"
case "${ktype}" in
ed25519) _ensurekey "${tkey}" -t ed25519 ;;
ecdsa) _ensurekey "${tkey}" -t ecdsa -s 256 ;;
rsa) _ensurekey "${tkey}" -t rsa -s 1024 ;;
*)
echo "unknown key type: ${ktype}" >&2
continue
;;
esac
[ -s "${tkey}" ] || {
rm -f "${tkey}"
continue
}
chmod 0400 "${tkey}"
kargs="${kargs}${kargs:+ }-r ${tkey}"
kcount=$((kcount+1))
done
[ "${kcount}" != 0 ] || {
echo 'DROPBEAR IS BROKEN' >&2
return 1
}
_dropbear ${kargs}
}
boot_hook_add failsafe failsafe_dropbear