Best practice to configure dropbear
GabrieleV
It is sufficient to add
-s
to the line
ssh stream tcp nowait root /usr/sbin/dropbear dropbear -i
in the file
/etc/inetd.conf
This posed me towards the possibility of adding such a feature to the web gui, adding the "configure" butto to the ssh network-inetd service
I've analyzed the sources, but it seems there is no standard way to manage options for inetd services.
Unfortunately dropbear has no config file options as vsftpd, so I can't clone the config management of this package.
So the choices are:
- Write a specific routine to manage dropbear line in inetd.conf
- Define together a best-practice/framewrok to do this for other packages too
- Evaluate something like uci (http://wiki.openwrt.org/doc/uci)
Gabriele
Joao Cardoso
> I need to modify dropbear behaviour to allow pubkey auth only.
> It is sufficient to add
> -s
> to the line
> ssh stream tcp nowait root /usr/sbin/dropbear dropbear
> -i in the file
> /etc/inetd.conf
>
> This posed me towards the possibility of adding such a feature to the web
> gui, adding the "configure" butto to the ssh network-inetd service
> I've analyzed the sources, but it seems there is no standard way to manage
> options for inetd services.
Just drop the attached file to /usr/www/cgi-bin and the configure button will
magically appear :)
Then you only have to parse inetd.conf and present the relevant option; you
then need to write ssh_proc.cgi and 'sed -i' the relevant option.
When settings are saved, inetd.conf will be saved on flash.
If you do that, please contribute back, adding a one-line copyright/licence
message.
If openssh is installed, you could even ask if the ssh service should use
dropbear or ssh (not recommended, if the disk containing packages is
removed/damaged then ssh will not work)
I have not thought "deeply" about dropbear/openssh compatibility problems, the
openssh package is there only for "advanced" cli-users, kind of "you are now
on your own"
> Unfortunately dropbear has no config file options as vsftpd, so I can't
> clone the config management of this package.
> So the choices are:
>
> 1. Write a specific routine to manage dropbear line in inetd.conf
> 2. Define together a best-practice/framewrok to do this for other
> packages too
> 3. Evaluate something like uci (http://wiki.openwrt.org/doc/uci)
>
> Cheers,
> Gabriele
Joao Cardoso
On Sep 24, 6:49 pm, Joao Cardoso <whoami.jc...@gmail.com> wrote:
> On Saturday, September 24, 2011 17:38:35 GabrieleV wrote:
> > I need to modify dropbear behaviour to allow pubkey auth only.
> > It is sufficient to add
> > -s
> > to the line
> > ssh stream tcp nowait root /usr/sbin/dropbear dropbear
> > -i in the file
> > /etc/inetd.conf
>
> > This posed me towards the possibility of adding such a feature to the web
> > gui, adding the "configure" butto to the ssh network-inetd service
> > I've analyzed the sources, but it seems there is no standard way to manage
> > options for inetd services.
>
> Just drop the attached file to /usr/www/cgi-bin and the configure button will
> magically appear :)
packages installed, ipkg itself will be enough. Read the
HowToFixOrCustomizeFirmware wiki entry.
GabrieleV
Just drop the attached file to /usr/www/cgi-bin and the configure button will
magically appear :)
Then you only have to parse inetd.conf and present the relevant option; you
then need to write ssh_proc.cgi and 'sed -i' the relevant option.
openssh package is there only for "advanced" cli-users, kind of "you are now
on your own"
> 3. Evaluate something like uci (http://wiki.openwrt.org/doc/uci)
Gabriele