Replace opessh-server with dropbear

- apparently dropbear now supports ed25519 keys so openssh isn't necessary anymore
2023-02-23 13:22:25 +08:00 · 2023-02-23 13:22:25 +08:00 · 5c79f3da22
parent 1e60f1fd33
commit 5c79f3da22
3 changed files with 17 additions and 8 deletions
--- a/.buildbot/openwrt/build.sh
+++ b/.buildbot/openwrt/build.sh
@ -50,10 +50,10 @@ echo "CONFIG_TARGET_ROOTFS_PARTSIZE=208" >> .config
 echo "CONFIG_TARGET_ROOTFS_EXT4FS=n" >> .config

 # Setup files
-mkdir -p files/root/.ssh
-chmod 0700 files/root files/root/.ssh
-cp ${pwd}/authorized_keys files/root/.ssh/
-chmod 0400 files/root/.ssh/authorized_keys
+mkdir -p files/etc/dropbear
+chmod 0750 files/etc/dropbear
+cp ${pwd}/authorized_keys files/etc/dropbear
+chmod 0400 files/etc/dropbear/authorized_keys
 mkdir -p files/etc/uci-defaults
 cp ${pwd}/defaults/* files/etc/uci-defaults

@ -90,11 +90,10 @@ PACKAGES="kmod-nf-nathelper-extra kmod-rtc-ds1307 \
 	  luci-ssl-nginx luci-app-acme \
 	  python3-packages python3-yaml \
 	  wireguard-tools wget-ssl \
-	  openssh-server \
 	 "

 make image PROFILE=rpi-4 \
-     PACKAGES="${PACKAGES}" DISABLED_SERVICES="dropbear" FILES="files"
+     PACKAGES="${PACKAGES}" FILES="files"

 make manifest PROFILE=rpi-4 PACKAGES="${PACKAGES}"

--- a/defaults/50-dropbear
+++ b/defaults/50-dropbear
@ -0,0 +1,12 @@
+VERSION=1
+
+[ "$(uci -q get defaults.dropbear)" -ge "$VERSION" ] && exit 0
+
+# save version
+/sbin/uci set defaults.dropbear="$VERSION"
+
+uci -q batch << EOF
+dropbear.@dropbear[0].PasswordAuth='off'
+dropbear.@dropbear[0].RootPasswordAuth='off'
+commit dropbear
+EOF
--- a/defaults/50-sshd
+++ b/defaults/50-sshd
@ -1,2 +0,0 @@
-echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
-/sbin/service sshd restart