| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DropBear's dropbearkey tool is compatible with OpenSSH
ssh-keygen.
It was set by default as the /usr/bin/ssh-keygen program since
the PR https://github.com/openwrt/openwrt/pull/14174
Now if a user need for a full ssh-keygen the openssh-keygen package
should substitute it gracefully as an alternative.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Link: https://github.com/openwrt/packages/pull/22861
[ wrap to 80 columns ]
Link: https://github.com/openwrt/packages/pull/22861
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Release notes: https://www.openssh.com/txt/release-9.7
Removed upstreamed patch: 010-better_fzero-call-detection.patch
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| |
|
|
|
|
| |
https://github.com/openssh/openssh-portable/commit/1036d77b34a5fa15e56f516b81b9928006848cbd
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
|
|
| |
Release notes: https://www.openssh.com/txt/release-9.6
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog: https://www.openssh.com/txt/release-9.5
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
|
|
|
|
| |
Most distros allow dropping site configuration files into
/etc/sshd_config.d/ so that you don't have to tweak the main
server configuration file.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
|
|
|
|
|
|
| |
OpenSSH 9.1p1 removed remaining dependencies and stopped linking sftp,
sftp-server and scp against libcrypto or libz. This change moves those
package dependencies from the default to those that still need them.
In particular, this will allow sftp-server to be installed for use with
Dropbear without needing to install zlib or openssl.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
|
| |
|
|
|
|
| |
Also point to https for website.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
|
| |
|
|
|
|
| |
Configure the openssh server to respawn. Reload by sending SIGHUP
Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
|
| |
|
|
|
|
|
|
|
| |
The root user is usually the user that clients ssh into with, so in most
cases its authorized_keys determines what clients are allowed to ssh
into this device. Without preserving this file, they could potentially
be locked out after upgrading.
Signed-off-by: Glen Huang <me@glenhuang.com>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
|
|
| |
Remove upstreamed patches.
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
|
| |
|
|
|
|
|
|
| |
In the build environment the autotools finds the `passwd` binary in
/usr/bin. But in the target image it is available under /bin instead.
Manually set the path to `passwd` binary to `/bin/passwd`
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
|
| |
|
|
|
|
|
| |
There is no need to remove root password from /etc/shadow as the
password in the file is blank anyway in the failsafe mode.
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
|
| |
|
|
| |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |
|
|
| |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Version 8.2[0] added support for two new key types: "ecdsa-sk" and
"ed25519-sk". These two type enable the usage of hardware tokens that
implement the FIDO (or FIDO2) standard, as an authentication method for
SSH.
Since we're already on version 8.4 all we need to do is to explicitly enable
the support for hardware keys when compiling OpenSSH and add all the
missing dependencies OpenSSH requires.
OpenSSH depends on libfido2[1], to communicate with the FIDO devices
over USB. In turn, libfido2 depends on libcbor, a C implementation of
the CBOR protocol[2] and OpenSSL.
[0]: https://lwn.net/Articles/812537/
[1]: https://github.com/Yubico/libfido2
[2]: tools.ietf.org/html/rfc7049
Signed-off-by: Linos Giannopoulos <linosgian00@gmail.com>
|
| |
|
|
| |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Adds failsafe support to the openssh package.
Roughly based on an earlier patch.
Ref: https://github.com/openwrt/openwrt/pull/865
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
|
| |
|
|
| |
Signed-off-by: Yuan Tao <ty@wevs.org>
|
| |
|
|
| |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |
|
|
|
|
|
|
| |
Removed outdated options.
Small bashism fix in the init script.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
b933f9cf0cb254e368027cad6d5799e45b237df5 in base made several changes
to OpenWrt's libssp support. It seems this workaround is no longer
needed.
Simplified the configure script slightly.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The init.d script for sshd never generates an ecdsa HostKey as seen
here:
for type in rsa ed25519
do
# check for keys
key=/etc/ssh/ssh_host_${type}_key
[ ! -f $key ] && {
# generate missing keys
[ -x /usr/bin/ssh-keygen ] && {
/usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&-
}
}
done
so we'll never succeed at loading one. Get rid of the resultant
error message in logging:
May 5 17:13:59 OpenWrt sshd[20070]: error: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
| |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes lines that set PKG_BUILD_DIR when the set value is no
different from the default value.
Specifically, the line is removed if the assigned value is:
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
The default PKG_BUILD_DIR was updated[1] to incorporate BUILD_VARIANT
if it is set, so now this is identical to the default value.
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR)
if PKG_SOURCE_SUBDIR is set to $(PKG_NAME)-$(PKG_VERSION), making it
the same as the previous case
* $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
This is the same as the default PKG_BUILD_DIR when there is no
BUILD_VARIANT.
* $(BUILD_DIR)/[name]-$(PKG_VERSION)
where [name] is a string that is identical to PKG_NAME
[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e545fac8d968864a965edb9e50c6f90940b0a6c9
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |
|
|
|
|
| |
Upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
|
|
|
|
| |
Openssl 1.1.1 package in openwrt enabled more than just the devcrypto
engine, so the engine support in openssh should be enabled when general
engine support is enabled in openssl.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
|
|
|
|
| |
Fixes
CVE-2019-6109
CVE-2019-6111
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a couple of patches when setting some openssl options:
* ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
be guarded by OPENSSL_HAS_ECC; otherwise, it will not build with
openssl compiled without ECC support.
* Fix openssl version number in openbsd-compat/openssl-compat.c which
failed to compile --with-ssl-engine; this option is used when
CONFIG_OPENSSL_ENGINE_CRYPTO=y
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
| |
Signed-off-by: Peter Wagner <tripolar@gmx.at>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Five commits from upstream were applied to v. 7.8-p1:
482d23bc upstream: hold our collective noses and use the openssl-1.1.x
API in
48f54b9d adapt -portable to OpenSSL 1.1x API
86e0a9f3 upstream: use only openssl-1.1.x API here too
a3fd8074 upstream: missed a bit of openssl-1.0.x API in this unittest
d64e7852 add compat header
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|