Mercurial > dropbear
annotate debian/README.runit @ 1630:9579377b5f8b
use strlcpy & strlcat (#74)
* refactor checkpubkeyperms() with safe BSD functions
fix gcc8 warnings
```
svr-authpubkey.c: In function 'checkpubkeyperms':
svr-authpubkey.c:427:2: warning: 'strncat' specified bound 5 equals source length [-Wstringop-overflow=]
strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
svr-authpubkey.c:433:2: warning: 'strncat' specified bound 16 equals source length [-Wstringop-overflow=]
strncat(filename, "/authorized_keys", 16);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
see https://www.sudo.ws/todd/papers/strlcpy.html
* restore strlcpy in xstrdup
see original https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/xmalloc.c?rev=1.16
| author | François Perrad <francois.perrad@gadz.org> |
|---|---|
| date | Wed, 20 Mar 2019 15:09:19 +0100 |
| parents | 8c2d2edadf2a |
| children |
| rev | line source |
|---|---|
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 Using the dropbear SSH server with runit's services supervision |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 --------------------------------------------------------------- |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 The dropbear SSH server is perfectly suited to be run under runit's |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 service supervision, and this package already has prepared an adequate |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 service directory. Follow these steps to enable the dropbear service |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 using the runit package. |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 If not yet installed on your system, install the runit package, and make |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 sure its service supervision is enabled (it's by default) |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 # apt-get install runit |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 Make sure the dropbear service normally handled through the sysv init |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 script is stopped |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 # /etc/init.d/dropbear stop |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 Create the system user ``dropbearlog'' which will run the logger service, |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 and own the logs |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 # adduser --system --home /var/log/dropbear --no-create-home dropbearlog |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 Create the log directory and make the newly created system user the owner |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 of this directory |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 # mkdir -p /var/log/dropbear && chown dropbearlog /var/log/dropbear |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 Optionally adjust the configuration of the dropbear service by editing the |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 run script |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 # vi /etc/dropbear/run |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 |
|
469
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
34 Finally enable the service through runit's update-service(8) program, the |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
35 service will be started within five seconds, and automatically at boot |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
36 time, and the sysv init script will automatically be disabled; see the |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
37 sv(8) program for information on how to control services handled by runit. |
|
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
38 See the svlogd(8) program on how to configure the log service. |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 |
|
469
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
40 # update-service --add /etc/dropbear |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 Optionally check the status of the service a few seconds later |
|
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 |
|
469
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
44 # sv status dropbear |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 |
|
469
8c2d2edadf2a
Update to debian 0.50-4 diff
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
46 -- Gerrit Pape <[email protected]>, Fri, 02 Mar 2007 20:41:08 +0000 |