Replace opessh-server with dropbear

- apparently dropbear now supports ed25519 keys so openssh isn't
  necessary anymore

.buildbot/openwrt/build.sh

@@ -50,10 +50,10 @@ echo "CONFIG_TARGET_ROOTFS_PARTSIZE=208" >> .config
 echo "CONFIG_TARGET_ROOTFS_EXT4FS=n" >> .config
 
 # Setup files
-mkdir -p files/root/.ssh
+mkdir -p files/etc/dropbear
-chmod 0700 files/root files/root/.ssh
+chmod 0750 files/etc/dropbear
-cp ${pwd}/authorized_keys files/root/.ssh/
+cp ${pwd}/authorized_keys files/etc/dropbear
-chmod 0400 files/root/.ssh/authorized_keys
+chmod 0400 files/etc/dropbear/authorized_keys
 mkdir -p files/etc/uci-defaults
 cp ${pwd}/defaults/* files/etc/uci-defaults
 
@@ -90,7 +90,6 @@ PACKAGES="kmod-nf-nathelper-extra kmod-rtc-ds1307 \
 	  luci-ssl-nginx luci-app-acme \
 	  python3-packages python3-yaml \
 	  wireguard-tools wget-ssl \
-	  openssh-server \
 	 "
 
 make image PROFILE=rpi-4 \

defaults/00-defaults

@@ -0,0 +1,4 @@
+touch /etc/config/defaults
+
+/sbin/uci get defaults.version || /sbin/uci set defaults.version=version && \
+  /sbin/uci commit defaults

defaults/50-dropbear

@@ -0,0 +1,17 @@
+VERSION=1
+
+[ "$(uci -q get defaults.version.dropbear)" -ge "$VERSION" ] && exit 0
+
+# save version
+/sbin/uci set defaults.version.dropbear="$VERSION"
+
+/sbin/uci -q batch << EOF
+set defaults.version.dropbear="$VERSION"
+commit defaults
+set dropbear.@dropbear[0].PasswordAuth='off'
+set dropbear.@dropbear[0].RootPasswordAuth='off'
+commit dropbear
+EOF
+
+/sbin/service dropbear enable
+/sbin/service dropbear restart

defaults/50-sshd

@@ -1,2 +0,0 @@
-echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
-/sbin/service sshd restart