X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;ds=sidebyside;f=package%2Fnetwork%2Fservices%2Fdropbear%2Ffiles%2Fdropbear.failsafe;fp=package%2Fnetwork%2Fservices%2Fdropbear%2Ffiles%2Fdropbear.failsafe;h=417265babed6dff1cd3661486cf84485df7ef1ed;hb=ff1ccd85e88d54724ea9c034ec355e7805356fb2;hp=97bd12d58a18910807892c0fa4ce5b10b43c627d;hpb=55218bcedb3ffb830391d9a4e72b7ae8481ba760;p=openwrt%2Fopenwrt.git

diff --git a/package/network/services/dropbear/files/dropbear.failsafe b/package/network/services/dropbear/files/dropbear.failsafe
index 97bd12d58a..417265babe 100755
--- a/package/network/services/dropbear/files/dropbear.failsafe
+++ b/package/network/services/dropbear/files/dropbear.failsafe
@@ -1,9 +1,61 @@
 #!/bin/sh
 
+_dropbear()
+{
+	/usr/sbin/dropbear "$@" </dev/null >/dev/null 2>&1
+}
+
+_dropbearkey()
+{
+	/usr/bin/dropbearkey "$@" </dev/null >/dev/null 2>&1
+}
+
+_ensurekey()
+{
+	_dropbearkey -y -f "$1" && return
+	rm -f "$1"
+	_dropbearkey -f "$@" || {
+		rm -f "$1"
+		return 1
+	}
+}
+
+ktype_all='ed25519 ecdsa rsa'
+
 failsafe_dropbear () {
-	dropbearkey -t rsa -s 1024 -f /tmp/dropbear_rsa_failsafe_host_key
-	dropbearkey -t ed25519 -f /tmp/dropbear_ed25519_failsafe_host_key
-	dropbear -r /tmp/dropbear_rsa_failsafe_host_key -r /tmp/dropbear_ed25519_failsafe_host_key <> /dev/null 2>&1
+	local kargs kcount ktype tkey
+
+	kargs=
+	kcount=0
+	for ktype in ${ktype_all} ; do
+		tkey="/tmp/dropbear_failsafe_${ktype}_host_key"
+
+		case "${ktype}" in
+		ed25519) _ensurekey "${tkey}" -t ed25519 ;;
+		ecdsa)   _ensurekey "${tkey}" -t ecdsa -s 256 ;;
+		rsa)     _ensurekey "${tkey}" -t rsa   -s 1024 ;;
+		*)
+			echo "unknown key type: ${ktype}" >&2
+			continue
+		;;
+		esac
+
+		[ -s "${tkey}" ] || {
+			rm -f "${tkey}"
+			continue
+		}
+
+		chmod 0400 "${tkey}"
+		kargs="${kargs}${kargs:+ }-r ${tkey}"
+		kcount=$((kcount+1))
+	done
+
+	[ "${kcount}" != 0 ] || {
+		echo 'DROPBEAR IS BROKEN' >&2
+		return 1
+	}
+
+	_dropbear ${kargs}
 }
 
 boot_hook_add failsafe failsafe_dropbear