summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xpackage/base-files/files/bin/login.sh3
-rw-r--r--package/base-files/files/lib/preinit/99_10_failsafe_login5
-rw-r--r--package/network/services/dropbear/Makefile2
-rw-r--r--package/network/services/dropbear/patches/120-openwrt_options.patch11
-rw-r--r--package/network/services/dropbear/patches/600-allow-blank-root-password.patch11
-rw-r--r--package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch18
-rw-r--r--package/utils/busybox/Config-defaults.in8
-rw-r--r--package/utils/busybox/Makefile1
-rwxr-xr-xpackage/utils/busybox/files/telnet38
9 files changed, 49 insertions, 48 deletions
diff --git a/package/base-files/files/bin/login.sh b/package/base-files/files/bin/login.sh
index 25627b6..754d290 100755
--- a/package/base-files/files/bin/login.sh
+++ b/package/base-files/files/bin/login.sh
@@ -10,8 +10,7 @@ then
else
cat << EOF
=== IMPORTANT ============================
- Use 'passwd' to set your login password
- this will disable telnet and enable SSH
+ Use 'passwd' to set your login password!
------------------------------------------
EOF
fi
diff --git a/package/base-files/files/lib/preinit/99_10_failsafe_login b/package/base-files/files/lib/preinit/99_10_failsafe_login
index 15dcbd8..b12e317 100644
--- a/package/base-files/files/lib/preinit/99_10_failsafe_login
+++ b/package/base-files/files/lib/preinit/99_10_failsafe_login
@@ -1,9 +1,10 @@
#!/bin/sh
-# Copyright (C) 2006 OpenWrt.org
+# Copyright (C) 2006-2015 OpenWrt.org
# Copyright (C) 2010 Vertical Communications
failsafe_netlogin () {
- telnetd -l /bin/login.sh <> /dev/null 2>&1
+ dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key
+ dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1
}
failsafe_shell() {
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 8988e0d..f140f36 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
PKG_VERSION:=2015.68
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch
index f3931b0..805a096 100644
--- a/package/network/services/dropbear/patches/120-openwrt_options.patch
+++ b/package/network/services/dropbear/patches/120-openwrt_options.patch
@@ -18,6 +18,17 @@
/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
#define ENABLE_USER_ALGO_LIST
+@@ -95,8 +95,8 @@ much traffic. */
+ #define DROPBEAR_AES256
+ /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
+ /*#define DROPBEAR_BLOWFISH*/
+-#define DROPBEAR_TWOFISH256
+-#define DROPBEAR_TWOFISH128
++/*#define DROPBEAR_TWOFISH256*/
++/*#define DROPBEAR_TWOFISH128*/
+
+ /* Enable CBC mode for ciphers. This has security issues though
+ * is the most compatible with older SSH implementations */
@@ -131,9 +131,9 @@ If you test it please contact the Dropbe
* If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
* which are not the standard form. */
diff --git a/package/network/services/dropbear/patches/600-allow-blank-root-password.patch b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch
new file mode 100644
index 0000000..7c67b08
--- /dev/null
+++ b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch
@@ -0,0 +1,11 @@
+--- a/svr-auth.c
++++ b/svr-auth.c
+@@ -149,7 +149,7 @@ void recv_msg_userauth_request() {
+ AUTH_METHOD_NONE_LEN) == 0) {
+ TRACE(("recv_msg_userauth_request: 'none' request"))
+ if (valid_user
+- && svr_opts.allowblankpass
++ && (svr_opts.allowblankpass || !strcmp(ses.authstate.pw_name, "root"))
+ && !svr_opts.noauthpass
+ && !(svr_opts.norootpass && ses.authstate.pw_uid == 0)
+ && ses.authstate.pw_passwd[0] == '\0')
diff --git a/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch b/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch
new file mode 100644
index 0000000..ee6d273
--- /dev/null
+++ b/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch
@@ -0,0 +1,18 @@
+--- a/svr-runopts.c
++++ b/svr-runopts.c
+@@ -475,6 +475,7 @@ void load_all_hostkeys() {
+ m_free(hostkey_file);
+ }
+
++ if (svr_opts.num_hostkey_files <= 0) {
+ #ifdef DROPBEAR_RSA
+ loadhostkey(RSA_PRIV_FILENAME, 0);
+ #endif
+@@ -486,6 +487,7 @@ void load_all_hostkeys() {
+ #ifdef DROPBEAR_ECDSA
+ loadhostkey(ECDSA_PRIV_FILENAME, 0);
+ #endif
++ }
+
+ #ifdef DROPBEAR_DELAY_HOSTKEY
+ if (svr_opts.delay_hostkey) {
diff --git a/package/utils/busybox/Config-defaults.in b/package/utils/busybox/Config-defaults.in
index 7b4cd99..d961bfa 100644
--- a/package/utils/busybox/Config-defaults.in
+++ b/package/utils/busybox/Config-defaults.in
@@ -2187,19 +2187,19 @@ config BUSYBOX_DEFAULT_TCPSVD
default n
config BUSYBOX_DEFAULT_TELNET
bool
- default y
+ default n
config BUSYBOX_DEFAULT_FEATURE_TELNET_TTYPE
bool
- default y
+ default n
config BUSYBOX_DEFAULT_FEATURE_TELNET_AUTOLOGIN
bool
default n
config BUSYBOX_DEFAULT_TELNETD
bool
- default y
+ default n
config BUSYBOX_DEFAULT_FEATURE_TELNETD_STANDALONE
bool
- default y
+ default n
config BUSYBOX_DEFAULT_FEATURE_TELNETD_INETD_WAIT
bool
default n
diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile
index 9571d48..a65f44f 100644
--- a/package/utils/busybox/Makefile
+++ b/package/utils/busybox/Makefile
@@ -110,7 +110,6 @@ define Package/busybox/install
$(INSTALL_DIR) $(1)/etc/init.d
$(CP) $(PKG_INSTALL_DIR)/* $(1)/
$(INSTALL_BIN) ./files/cron $(1)/etc/init.d/cron
- $(INSTALL_BIN) ./files/telnet $(1)/etc/init.d/telnet
$(INSTALL_BIN) ./files/sysntpd $(1)/etc/init.d/sysntpd
$(INSTALL_BIN) ./files/ntpd-hotplug $(1)/usr/sbin/ntpd-hotplug
-rm -rf $(1)/lib64
diff --git a/package/utils/busybox/files/telnet b/package/utils/busybox/files/telnet
deleted file mode 100755
index a1d1cdf..0000000
--- a/package/utils/busybox/files/telnet
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2006-2011 OpenWrt.org
-
-START=50
-
-USE_PROCD=1
-PROG=/usr/sbin/telnetd
-
-has_root_pwd() {
- local pwd=$([ -f "$1" ] && cat "$1")
- pwd="${pwd#*root:}"
- pwd="${pwd%%:*}"
-
- test -n "${pwd#[\!x]}"
-}
-
-get_root_home() {
- local homedir=$([ -f "$1" ] && cat "$1")
- homedir="${homedir#*:*:0:0:*:}"
-
- echo "${homedir%%:*}"
-}
-
-has_ssh_pubkey() {
- ( /etc/init.d/dropbear enabled 2> /dev/null && grep -qs "^ssh-" /etc/dropbear/authorized_keys ) || \
- ( /etc/init.d/sshd enabled 2> /dev/null && grep -qs "^ssh-" "$(get_root_home /etc/passwd)"/.ssh/authorized_keys )
-}
-
-start_service() {
- if ( ! has_ssh_pubkey && \
- ! has_root_pwd /etc/passwd && ! has_root_pwd /etc/shadow ) || \
- ( ! /etc/init.d/dropbear enabled 2> /dev/null && ! /etc/init.d/sshd enabled 2> /dev/null );
- then
- procd_open_instance
- procd_set_param command "$PROG" -F -l /bin/login.sh
- procd_close_instance
- fi
-}