diff mbox series

[OpenWrt-Devel,1/2] openssh: add openwrt failsafe support

Message ID mailman.10281.1573474454.2486.openwrt-devel@lists.openwrt.org
State Not Applicable
Headers show
Series [OpenWrt-Devel,1/2] openssh: add openwrt failsafe support | expand

Commit Message

Thomas Richard via openwrt-devel Nov. 11, 2019, 12:13 p.m. UTC 
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Adds failsafe support to the openssh package.
Roughly based on an earlier patch.

Ref: https://github.com/openwrt/openwrt/pull/865
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
---
 net/openssh/Makefile            |  1 +
 net/openssh/files/sshd.failsafe | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100755 net/openssh/files/sshd.failsafe
diff mbox series

Patch

diff --git a/net/openssh/Makefile b/net/openssh/Makefile
index 97b7fc304..3273180af 100644
--- a/net/openssh/Makefile
+++ b/net/openssh/Makefile
@@ -231,6 +231,7 @@  define Package/openssh-server/install
 	sed -r -i 's,^#(HostKey /etc/ssh/ssh_host_(rsa|ecdsa|ed25519)_key)$$$$,\1,' $(1)/etc/ssh/sshd_config
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd
+	$(INSTALL_BIN) ./files/sshd.failsafe $(1)/lib/preinit/99_10_failsafe_sshd
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/
 endef
diff --git a/net/openssh/files/sshd.failsafe b/net/openssh/files/sshd.failsafe
new file mode 100755
index 000000000..aee7e7743
--- /dev/null
+++ b/net/openssh/files/sshd.failsafe
@@ -0,0 +1,31 @@ 
+#!/bin/sh
+
+failsafe_sshd () {
+
+	sshd_tmpdir=/tmp/sshd
+	mkdir ${sshd_tmpdir}
+
+	sed -i 's/^root.*/root::0:17000:::::/g' /etc/shadow
+
+	for type in ecdsa ed25519; do
+		key=${sshd_tmpdir}/ssh_host_${type}_key
+		ssh-keygen -N '' -t ${type} -f ${key}
+	done
+
+	mkdir -m 0700 -p /var/empty
+
+	cat > ${sshd_tmpdir}/sshd_config <<EOF
+
+HostKey ${sshd_tmpdir}/ssh_host_ecdsa_key
+HostKey ${sshd_tmpdir}/ssh_host_ed25519_key
+
+PermitRootLogin	yes
+PermitEmptyPasswords yes
+
+EOF
+
+	/usr/sbin/sshd -f ${sshd_tmpdir}/sshd_config -E ${sshd_tmpdir}/sshd.log
+
+}
+
+boot_hook_add failsafe failsafe_sshd