Merge dab0bb0498
into eb35a3be13
This commit is contained in:
commit
194bb3bd4e
|
@ -231,6 +231,8 @@ define Package/openssh-server/install
|
||||||
sed -r -i 's,^#(HostKey /etc/ssh/ssh_host_(rsa|ed25519)_key)$$$$,\1,' $(1)/etc/ssh/sshd_config
|
sed -r -i 's,^#(HostKey /etc/ssh/ssh_host_(rsa|ed25519)_key)$$$$,\1,' $(1)/etc/ssh/sshd_config
|
||||||
$(INSTALL_DIR) $(1)/etc/init.d
|
$(INSTALL_DIR) $(1)/etc/init.d
|
||||||
$(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd
|
$(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd
|
||||||
|
$(INSTALL_DIR) $(1)/etc/config
|
||||||
|
$(INSTALL_BIN) ./files/sshd.config $(1)/etc/config/sshd
|
||||||
$(INSTALL_DIR) $(1)/lib/preinit
|
$(INSTALL_DIR) $(1)/lib/preinit
|
||||||
$(INSTALL_BIN) ./files/sshd.failsafe $(1)/lib/preinit/99_10_failsafe_sshd
|
$(INSTALL_BIN) ./files/sshd.failsafe $(1)/lib/preinit/99_10_failsafe_sshd
|
||||||
$(INSTALL_DIR) $(1)/usr/sbin
|
$(INSTALL_DIR) $(1)/usr/sbin
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
config sshd
|
||||||
|
option enable '1'
|
||||||
|
option PasswordAuth '1'
|
||||||
|
option Port '22'
|
||||||
|
option RootPasswordAuth '1'
|
||||||
|
option RootLogin '1'
|
|
@ -6,8 +6,99 @@ STOP=50
|
||||||
|
|
||||||
USE_PROCD=1
|
USE_PROCD=1
|
||||||
PROG=/usr/sbin/sshd
|
PROG=/usr/sbin/sshd
|
||||||
|
NAME=sshd
|
||||||
|
|
||||||
start_service() {
|
. /lib/functions.sh
|
||||||
|
. /lib/functions/network.sh
|
||||||
|
|
||||||
|
validate_section_sshd()
|
||||||
|
{
|
||||||
|
uci_load_validate sshd sshd "$1" "$2" \
|
||||||
|
'PasswordAuth:bool:1' \
|
||||||
|
'RootPasswordAuth:bool:1' \
|
||||||
|
'RootLogin:bool:1' \
|
||||||
|
'Interface:string' \
|
||||||
|
'Port:port:22' \
|
||||||
|
'IdleTimeout:uinteger:0' \
|
||||||
|
'MaxAuthTries:uinteger:3' \
|
||||||
|
'enable:bool:1' \
|
||||||
|
'mdns:bool:1'
|
||||||
|
}
|
||||||
|
|
||||||
|
# because sshd does not have an option for specifying an interface
|
||||||
|
# but only for specifying listen address
|
||||||
|
# we get the addresses of interface and add them
|
||||||
|
append_addresses()
|
||||||
|
{
|
||||||
|
local ipaddrs="${1}"
|
||||||
|
local port="${2}"
|
||||||
|
|
||||||
|
procd_append_param command -o "Port ${port}"
|
||||||
|
|
||||||
|
for addr in $ipaddrs; do
|
||||||
|
procd_append_param command -o "ListenAddress ${addr}"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
set_params()
|
||||||
|
{
|
||||||
|
append_addresses "${ipaddrs}" "${Port}"
|
||||||
|
|
||||||
|
[ "${PasswordAuth}" -eq 0 ] && procd_append_param command -o "PasswordAuthentication no"
|
||||||
|
[ "${RootPasswordAuth}" -eq 1 ] && procd_append_param command -o "PermitRootLogin yes"
|
||||||
|
[ "${RootLogin}" -eq 0 ] && procd_append_param command -o "PermitRootLogin no"
|
||||||
|
[ "${MaxAuthTries}" -gt 0 ] && procd_append_param command -o "MaxAuthTries ${MaxAuthTries}"
|
||||||
|
[ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "${Port}" "daemon=sshd"
|
||||||
|
|
||||||
|
if [ "${IdleTimeout}" -ne 0 ]; then
|
||||||
|
procd_append_param command -o "ClientAliveCountMax 1"
|
||||||
|
procd_append_param command -o "ClientAliveInterval ${IdleTimeout}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
sshd_instance()
|
||||||
|
{
|
||||||
|
local ipaddrs
|
||||||
|
local cfg="$1"
|
||||||
|
local validation_result="${2}"
|
||||||
|
|
||||||
|
[ "${validation_result}" = 0 ] || {
|
||||||
|
echo "validation failed"
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
[ "${enable}" -eq 0 ] && return 0
|
||||||
|
|
||||||
|
[ -n "${Interface}" ] && {
|
||||||
|
network_get_ipaddrs_all ipaddrs "${Interface}" || {
|
||||||
|
echo "interface ${Interface} has no physdev or physdev has no suitable ip"
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
local pid_file="/var/run/${NAME}.${cfg}.pid"
|
||||||
|
|
||||||
|
procd_open_instance $cfg
|
||||||
|
procd_set_param command $PROG -D
|
||||||
|
procd_append_param command -o "PidFile $pid_file"
|
||||||
|
|
||||||
|
set_params
|
||||||
|
|
||||||
|
procd_set_param respawn
|
||||||
|
procd_close_instance
|
||||||
|
}
|
||||||
|
|
||||||
|
# for adding trigger
|
||||||
|
load_interfaces()
|
||||||
|
{
|
||||||
|
config_get Interface "$1" Interface
|
||||||
|
config_get enable "$1" enable 1
|
||||||
|
|
||||||
|
[ "${enable}" = "1" ] && interfaces=" ${Interface} ${interfaces}"
|
||||||
|
}
|
||||||
|
|
||||||
|
start_service()
|
||||||
|
{
|
||||||
for type in rsa ed25519
|
for type in rsa ed25519
|
||||||
do
|
do
|
||||||
# check for keys
|
# check for keys
|
||||||
|
@ -20,19 +111,28 @@ start_service() {
|
||||||
}
|
}
|
||||||
done
|
done
|
||||||
mkdir -m 0700 -p /var/empty
|
mkdir -m 0700 -p /var/empty
|
||||||
|
mkdir -m 0700 -p /root/.ssh
|
||||||
|
|
||||||
local lport=$(awk '/^Port / { print $2; exit }' /etc/ssh/sshd_config)
|
config_load "${NAME}"
|
||||||
[ -z "$lport" ] && lport=22
|
config_foreach validate_section_sshd sshd sshd_instance
|
||||||
|
|
||||||
procd_open_instance
|
|
||||||
procd_add_mdns "ssh" "tcp" "$lport"
|
|
||||||
procd_set_param command $PROG -D
|
|
||||||
procd_set_param respawn
|
|
||||||
procd_close_instance
|
|
||||||
}
|
}
|
||||||
|
|
||||||
reload_service() {
|
service_triggers()
|
||||||
procd_send_signal sshd
|
{
|
||||||
|
local interfaces
|
||||||
|
|
||||||
|
procd_add_config_trigger "config.change" "sshd" /etc/init.d/sshd reload
|
||||||
|
|
||||||
|
config_load "${NAME}"
|
||||||
|
config_foreach load_interfaces sshd
|
||||||
|
|
||||||
|
[ -n "${interfaces}" ] && {
|
||||||
|
for n in $interfaces ; do
|
||||||
|
procd_add_interface_trigger "interface.*" $n /etc/init.d/sshd reload
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
procd_add_validation validate_section_sshd
|
||||||
}
|
}
|
||||||
|
|
||||||
shutdown() {
|
shutdown() {
|
||||||
|
|
Loading…
Reference in New Issue