Mercurial > dropbear
annotate debian/dropbear.init @ 994:5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Prefer diffie-hellman-group14-sha1 (2048 bit) over
diffie-hellman-group1-sha1 (1024 bit).
Due to meet-in-the-middle attacks the effective key length of
three key 3DES is 112 bits. AES is stronger and faster then 3DES.
Prefer to delay the start of compression until after authentication
has completed. This avoids exposing compression code to attacks
from unauthenticated users.
(github pull request #9)
| author | Fedor Brunner <fedor.brunner@azet.sk> |
|---|---|
| date | Fri, 23 Jan 2015 23:00:25 +0800 |
| parents | 8c2d2edadf2a |
| children | 3c3cef8a32e6 4ca2872c7d9e |
| rev | line source |
|---|---|
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
1 #!/bin/sh |
|
469
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
451
diff
changeset
|
2 ### BEGIN INIT INFO |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
451
diff
changeset
|
3 # Provides: dropbear |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
451
diff
changeset
|
4 # Required-Start: $remote_fs $syslog |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
451
diff
changeset
|
5 # Required-Stop: $remote_fs $syslog |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
451
diff
changeset
|
6 # Default-Start: 2 3 4 5 |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
451
diff
changeset
|
7 # Default-Stop: 0 1 6 |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
451
diff
changeset
|
8 ### END INIT INFO |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 # |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 # Do not configure this file. Edit /etc/default/dropbear instead! |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 # |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 DAEMON=/usr/sbin/dropbear |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 NAME=dropbear |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 DESC="Dropbear SSH server" |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 DROPBEAR_PORT=22 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 DROPBEAR_EXTRA_ARGS= |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 NO_START=0 |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
21 |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 set -e |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 |
|
218
3ee0c2f85e1e
* patch up to date with debian 0.45-3 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
24 cancel() { echo "$1" >&2; exit 0; }; |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
25 test ! -r /etc/default/dropbear || . /etc/default/dropbear |
|
218
3ee0c2f85e1e
* patch up to date with debian 0.45-3 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
26 test -x "$DAEMON" || cancel "$DAEMON does not exist or is not executable." |
|
469
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
451
diff
changeset
|
27 test ! -x /usr/sbin/update-service || ! update-service --check dropbear || |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
451
diff
changeset
|
28 cancel 'The dropbear service is controlled through runit, use the sv(8) program' |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
30 test -z "$DROPBEAR_BANNER" || \ |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
31 DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER" |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
32 test -n "$DROPBEAR_RSAKEY" || \ |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
33 DROPBEAR_RSAKEY="/etc/dropbear/dropbear_rsa_host_key" |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
34 test -n "$DROPBEAR_DSSKEY" || \ |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
35 DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key" |
|
451
f2aa5aeea619
Add default argument for receive window
Matt Johnston <matt@ucc.asn.au>
parents:
450
diff
changeset
|
36 test -n "$DROPBEAR_RECEIVE_WINDOW" || \ |
|
f2aa5aeea619
Add default argument for receive window
Matt Johnston <matt@ucc.asn.au>
parents:
450
diff
changeset
|
37 DROPBEAR_RECEIVE_WINDOW="65536" |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 case "$1" in |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 start) |
| 263 | 41 test "$NO_START" = "0" || cancel 'NO_START is not set to zero.' |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 echo -n "Starting $DESC: " |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
43 start-stop-daemon --start --quiet --pidfile /var/run/"$NAME".pid \ |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
44 --exec "$DAEMON" -- -d "$DROPBEAR_DSSKEY" -r "$DROPBEAR_RSAKEY" \ |
|
451
f2aa5aeea619
Add default argument for receive window
Matt Johnston <matt@ucc.asn.au>
parents:
450
diff
changeset
|
45 -p "$DROPBEAR_PORT" -W "$DROPBEAR_RECEIVE_WINDOW" $DROPBEAR_EXTRA_ARGS |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 echo "$NAME." |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 ;; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 stop) |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 echo -n "Stopping $DESC: " |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
50 start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/"$NAME".pid |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 echo "$NAME." |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 ;; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 restart|force-reload) |
| 263 | 54 test "$NO_START" = "0" || cancel 'NO_START is not set to zero.' |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 echo -n "Restarting $DESC: " |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
56 start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/"$NAME".pid |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 sleep 1 |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
58 start-stop-daemon --start --quiet --pidfile /var/run/"$NAME".pid \ |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
59 --exec "$DAEMON" -- -d "$DROPBEAR_DSSKEY" -r "$DROPBEAR_RSAKEY" \ |
|
450
c23c7f0f594c
Use the -W <windowsize> argument in startup scripts, with a default of 64kB
Matt Johnston <matt@ucc.asn.au>
parents:
263
diff
changeset
|
60 -p "$DROPBEAR_PORT" -W "$DROPBEAR_RECEIVE_WINDOW" $DROPBEAR_EXTRA_ARGS |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 echo "$NAME." |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 ;; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 *) |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 N=/etc/init.d/$NAME |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 echo "Usage: $N {start|stop|restart|force-reload}" >&2 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 exit 1 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 ;; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 esac |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 exit 0 |