ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-03-11 06:54:21 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

dropbear: add ed25519 for failsafe key

Browse Source 
At least Fedora and RHEL 9 set RSAMinSize=2048, so when trying to use
failsafe, we get 'Bad server host key: Invalid key length'
To workaround the issue, we can use: ssh -o RSAMinSize=1024 ...

Generating 2048 bits RSA is extremely slow, so add ed25519.
We keep RSA 1024 to be as compatible as possible.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 6ac61dead99ff6b9df00c29b7a858772449718b2)
This commit is contained in:
Etienne Champetier 2023-07-10 07:56:05 +02:00 committed by Hauke Mehrtens
parent 23953cfa5a
commit ee910d1e67
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
package/network/services/dropbear/files/dropbear.failsafe
View File

@ -1,8 +1,9 @@
#!/bin/sh
failsafe_dropbear () {
dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key
dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1
dropbearkey -t rsa -s 1024 -f /tmp/dropbear_rsa_failsafe_host_key
dropbearkey -t ed25519 -f /tmp/dropbear_ed25519_failsafe_host_key
dropbear -r /tmp/dropbear_rsa_failsafe_host_key -r /tmp/dropbear_ed25519_failsafe_host_key <> /dev/null 2>&1
}
boot_hook_add failsafe failsafe_dropbear