Mercurial > dropbear

view debian/dropbear.init @ 1855:35d504d59c05

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implement server-side support for sk-ecdsa U2F-backed keys (#142) * Implement server-side support for sk-ecdsa U2F-backed keys * Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys * Fix one more potential out-of-bounds read * Check if nistp256 curve is used in sk-ecdsa-sha2- key It's the only allowed curve per PROTOCOL.u2f specification * Implement server-side support for sk-ed25519 FIDO2-backed keys * Keys with type sk-* make no sense as host keys, so they should be disabled * fix typo * Make sk-ecdsa call buf_ecdsa_verify This reduces code duplication, the SK code just handles the different message format. * Reduce sk specific code The application id can be stored in signkey, then we don't need to call sk-specific functions from svr-authpubkey * Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled * Proper cleanup of sk_app Co-authored-by: Matt Johnston <[email protected]>
author egor-duda <egor-duda@users.noreply.github.com>
date Sat, 22 Jan 2022 16:53:04 +0300
parents 4ca2872c7d9e
children
line wrap: on
line source

#!/bin/sh
### BEGIN INIT INFO
# Provides:          dropbear
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Dropbear SSH server
### END INIT INFO
#
# Do not configure this file. Edit /etc/default/dropbear instead!
#

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/dropbear
NAME=dropbear
DESC="Dropbear SSH server"

DROPBEAR_PORT=22
DROPBEAR_EXTRA_ARGS=
NO_START=0

set -e

cancel() { echo "$1" >&2; exit 0; };
test ! -r /etc/default/dropbear || . /etc/default/dropbear
test -x "$DAEMON" || cancel "$DAEMON does not exist or is not executable."
test ! -x /usr/sbin/update-service || ! update-service --check dropbear ||
  cancel 'The dropbear service is controlled through runit, use the sv(8) program'

test -z "$DROPBEAR_BANNER" || \
  DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
test -n "$DROPBEAR_RSAKEY" || \
  DROPBEAR_RSAKEY="/etc/dropbear/dropbear_rsa_host_key"
test -n "$DROPBEAR_DSSKEY" || \
  DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key"
test -n "$DROPBEAR_RECEIVE_WINDOW" || \
  DROPBEAR_RECEIVE_WINDOW="65536"

case "$1" in
  start)
	test "$NO_START" = "0" || cancel 'NO_START is not set to zero.'
	echo -n "Starting $DESC: "
	start-stop-daemon --start --quiet --pidfile /var/run/"$NAME".pid \
	  --exec "$DAEMON" -- -d "$DROPBEAR_DSSKEY" -r "$DROPBEAR_RSAKEY" \
	    -p "$DROPBEAR_PORT" -W "$DROPBEAR_RECEIVE_WINDOW" $DROPBEAR_EXTRA_ARGS
	echo "$NAME."
	;;
  stop)
	echo -n "Stopping $DESC: "
	start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/"$NAME".pid
	echo "$NAME."
	;;
  restart|force-reload)
	test "$NO_START" = "0" || cancel 'NO_START is not set to zero.'
	echo -n "Restarting $DESC: "
	start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/"$NAME".pid
	sleep 1
	start-stop-daemon --start --quiet --pidfile /var/run/"$NAME".pid \
	  --exec "$DAEMON" -- -d "$DROPBEAR_DSSKEY" -r "$DROPBEAR_RSAKEY" \
	    -p "$DROPBEAR_PORT" -W "$DROPBEAR_RECEIVE_WINDOW" $DROPBEAR_EXTRA_ARGS
	echo "$NAME."
	;;
  *)
	N=/etc/init.d/$NAME
	echo "Usage: $N {start|stop|restart|force-reload}" >&2
	exit 1
	;;
esac

exit 0