[OpenWrt-Devel,1/2] openssh: add openwrt failsafe support
diff mbox series

Message ID mailman.10281.1573474454.2486.openwrt-devel@lists.openwrt.org
State New
Headers show
Series
  • [OpenWrt-Devel,1/2] openssh: add openwrt failsafe support
Related show

Commit Message

René van Dorst via openwrt-devel Nov. 11, 2019, 12:13 p.m. UTC
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Adds failsafe support to the openssh package.
Roughly based on an earlier patch.

Ref: https://github.com/openwrt/openwrt/pull/865
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
---
 net/openssh/Makefile            |  1 +
 net/openssh/files/sshd.failsafe | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100755 net/openssh/files/sshd.failsafe

Patch
diff mbox series

diff --git a/net/openssh/Makefile b/net/openssh/Makefile
index 97b7fc304..3273180af 100644
--- a/net/openssh/Makefile
+++ b/net/openssh/Makefile
@@ -231,6 +231,7 @@  define Package/openssh-server/install
 	sed -r -i 's,^#(HostKey /etc/ssh/ssh_host_(rsa|ecdsa|ed25519)_key)$$$$,\1,' $(1)/etc/ssh/sshd_config
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd
+	$(INSTALL_BIN) ./files/sshd.failsafe $(1)/lib/preinit/99_10_failsafe_sshd
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/
 endef
diff --git a/net/openssh/files/sshd.failsafe b/net/openssh/files/sshd.failsafe
new file mode 100755
index 000000000..aee7e7743
--- /dev/null
+++ b/net/openssh/files/sshd.failsafe
@@ -0,0 +1,31 @@ 
+#!/bin/sh
+
+failsafe_sshd () {
+
+	sshd_tmpdir=/tmp/sshd
+	mkdir ${sshd_tmpdir}
+
+	sed -i 's/^root.*/root::0:17000:::::/g' /etc/shadow
+
+	for type in ecdsa ed25519; do
+		key=${sshd_tmpdir}/ssh_host_${type}_key
+		ssh-keygen -N '' -t ${type} -f ${key}
+	done
+
+	mkdir -m 0700 -p /var/empty
+
+	cat > ${sshd_tmpdir}/sshd_config <<EOF
+
+HostKey ${sshd_tmpdir}/ssh_host_ecdsa_key
+HostKey ${sshd_tmpdir}/ssh_host_ed25519_key
+
+PermitRootLogin	yes
+PermitEmptyPasswords yes
+
+EOF
+
+	/usr/sbin/sshd -f ${sshd_tmpdir}/sshd_config -E ${sshd_tmpdir}/sshd.log
+
+}
+
+boot_hook_add failsafe failsafe_sshd