Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / b6f7e109a5f18d50e1d0a09c6e5232b6300a314b^! / . / meta-phosphor / common / recipes-core / dropbear / dropbear_%.bbappend
commitb6f7e109a5f18d50e1d0a09c6e5232b6300a314b[log] [tgz]
authorCamVan Nguyen <ctnguyen@us.ibm.com>Tue Feb 20 13:28:52 2018 -0600
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Thu Mar 01 14:00:34 2018 +0000
treec8cee1d076d76cd4f0f01694d88bd293f174fef5
parentfda75e54b2d90855e0edba27f1f94be9bf12b27d [diff] [blame]
dropbear: Don't load default host keys

On an ssh connection, we are getting Warning messages similar to below:

dropbear[3956]: Failed loading /etc/dropbear/dropbear_rsa_host_key
dropbear[3956]: Failed loading /etc/dropbear/dropbear_dss_host_key
dropbear[3956]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key

This is because dropbearkey.service creates the RSA host key in
/var/lib/dropbear and does not create any DSS and ECDSA host keys.
And the dropbear service is started with the -r option which
points to /var/lib/dropbear/dropbear_rsa_host_key as the key to
load.  However, dropbear will attempt to load any key specified
by the -r option as well as all 3 keys from the default path
/etc/dropbear.  This is a change to dropbear to not load the 3
keys from /etc/dropbear by default if a key and path is specified
by the dropbear -r option. This will get rid of the above Warning
messages which can fill up the log buffer in a Continuous Test
environment where many ssh connections are made.

This change has been upstreamed.

Resolves openbmc/openbmc#1340
Resolves openbmc/openbmc#1998

Change-Id: I58f8290f68a6eba7e3a77986a8ecb0ebdf321352
Signed-off-by: CamVan Nguyen <ctnguyen@us.ibm.com>

diff --git a/meta-phosphor/common/recipes-core/dropbear/dropbear_%.bbappend b/meta-phosphor/common/recipes-core/dropbear/dropbear_%.bbappend
index 51a98d4..165a19e 100644
--- a/meta-phosphor/common/recipes-core/dropbear/dropbear_%.bbappend
+++ b/meta-phosphor/common/recipes-core/dropbear/dropbear_%.bbappend

@@ -1,7 +1,11 @@
 inherit obmc-phosphor-discovery-service
 
+# 0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch
+# has been upstreamed.  This patch can be removed once we upgrade
+# to yocto 2.5 or later which will pull in the latest dropbear code.
 FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 SRC_URI += "file://dropbearkey.service \
-	    file://0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch"
+	    file://0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch \
+	    file://0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch"
 
 REGISTERED_SERVICES_${PN} += "ssh:tcp:22 sftp:tcp:22"