| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
|
|
| |
Remove upstreamed patches.
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
|
| |
|
|
|
|
|
|
| |
In the build environment the autotools finds the `passwd` binary in
/usr/bin. But in the target image it is available under /bin instead.
Manually set the path to `passwd` binary to `/bin/passwd`
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
|
| |
|
|
|
|
|
| |
There is no need to remove root password from /etc/shadow as the
password in the file is blank anyway in the failsafe mode.
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
|
| |
|
|
| |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |
|
|
| |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Version 8.2[0] added support for two new key types: "ecdsa-sk" and
"ed25519-sk". These two type enable the usage of hardware tokens that
implement the FIDO (or FIDO2) standard, as an authentication method for
SSH.
Since we're already on version 8.4 all we need to do is to explicitly enable
the support for hardware keys when compiling OpenSSH and add all the
missing dependencies OpenSSH requires.
OpenSSH depends on libfido2[1], to communicate with the FIDO devices
over USB. In turn, libfido2 depends on libcbor, a C implementation of
the CBOR protocol[2] and OpenSSL.
[0]: https://lwn.net/Articles/812537/
[1]: https://github.com/Yubico/libfido2
[2]: tools.ietf.org/html/rfc7049
Signed-off-by: Linos Giannopoulos <linosgian00@gmail.com>
|
| |
|
|
| |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Adds failsafe support to the openssh package.
Roughly based on an earlier patch.
Ref: https://github.com/openwrt/openwrt/pull/865
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
|
| |
|
|
| |
Signed-off-by: Yuan Tao <ty@wevs.org>
|
| |
|
|
| |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |
|
|
|
|
|
|
| |
Removed outdated options.
Small bashism fix in the init script.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
b933f9cf0cb254e368027cad6d5799e45b237df5 in base made several changes
to OpenWrt's libssp support. It seems this workaround is no longer
needed.
Simplified the configure script slightly.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The init.d script for sshd never generates an ecdsa HostKey as seen
here:
for type in rsa ed25519
do
# check for keys
key=/etc/ssh/ssh_host_${type}_key
[ ! -f $key ] && {
# generate missing keys
[ -x /usr/bin/ssh-keygen ] && {
/usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&-
}
}
done
so we'll never succeed at loading one. Get rid of the resultant
error message in logging:
May 5 17:13:59 OpenWrt sshd[20070]: error: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes lines that set PKG_BUILD_DIR when the set value is no
different from the default value.
Specifically, the line is removed if the assigned value is:
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
The default PKG_BUILD_DIR was updated[1] to incorporate BUILD_VARIANT
if it is set, so now this is identical to the default value.
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR)
if PKG_SOURCE_SUBDIR is set to $(PKG_NAME)-$(PKG_VERSION), making it
the same as the previous case
* $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
This is the same as the default PKG_BUILD_DIR when there is no
BUILD_VARIANT.
* $(BUILD_DIR)/[name]-$(PKG_VERSION)
where [name] is a string that is identical to PKG_NAME
[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e545fac8d968864a965edb9e50c6f90940b0a6c9
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |
|
|
|
|
| |
Upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
|
|
|
|
| |
Openssl 1.1.1 package in openwrt enabled more than just the devcrypto
engine, so the engine support in openssh should be enabled when general
engine support is enabled in openssl.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
|
|
|
|
| |
Fixes
CVE-2019-6109
CVE-2019-6111
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a couple of patches when setting some openssl options:
* ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
be guarded by OPENSSL_HAS_ECC; otherwise, it will not build with
openssl compiled without ECC support.
* Fix openssl version number in openbsd-compat/openssl-compat.c which
failed to compile --with-ssl-engine; this option is used when
CONFIG_OPENSSL_ENGINE_CRYPTO=y
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Five commits from upstream were applied to v. 7.8-p1:
482d23bc upstream: hold our collective noses and use the openssl-1.1.x
API in
48f54b9d adapt -portable to OpenSSL 1.1x API
86e0a9f3 upstream: use only openssl-1.1.x API here too
a3fd8074 upstream: missed a bit of openssl-1.0.x API in this unittest
d64e7852 add compat header
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Build depends refer to source package names, not binary package names.
In many cases, PKG_BUILD_DEPENDS simply duplicated runtime dependencies of
a source package's binary packages; as the corresponding source packages
are implicitly added as bulid dependencies, PKG_BUILD_DEPENDS can simply be
dropped in these cases. In the other cases, *_BUILD_DEPENDS is fixed to
refer to the correct source package name.
Dependency of mysql-server is adjusted from libncursesw to libncurses
(as libncursesw is a virtual package provided by libncurses), so the build
dependency on ncurses is emitted unconditionally.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
|
|
|
| |
This is usefull for hosts to discover the ssh server, especially
on macOS.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The earlier commit ea119211b21 removed 'dsa' as one of the ssh_host_*_key
types that got generated. Problem was that it didn't remove that key
as one of the paths that the server looks for by default. As a
consequence, your log file might fill up with messages like:
2017-06-01T15:43:07-06:00 openwrt sshd[31929]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
The patch is forunately trivial. Don't set the path for the dsa
key file in the server configuration.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
ssh_host_*_key"
The author (@pprindeville) of the original commit noted that the wrong
commit was picked, see
https://github.com/openwrt/packages/commit/325b7d2cd2d6e9d4903c6e7628c7c9ae0ddab564#commitcomment-22387528
"Err... looks like the wrong fix got committed. I was hoping that this
commit d902e5d would have gone in instead."
This reverts commit 325b7d2cd2d6e9d4903c6e7628c7c9ae0ddab564.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
types that got generated. Problem was that it didn't remove that key
as one of the paths that the server looks for by default. As a
consequence, your log file might fill up with messages like:
2017-06-01T15:43:07-06:00 openwrt sshd[31929]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
The patch is forunately trivial. Don't set the path for the dsa
key file in the server configuration.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
| |
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
|
| |
|
|
|
|
|
| |
Add a few mirrors in-front of main site for offloading
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|