meta-phosphor:dropbear: add ECDSA and ED25519 keys
With RSA-SHA1 being deprecated, have our dropbear server also support
ECDSA and ED25519 keys.
Tested:
- Confirmed the following via ssh -vv:
host key algorithms: ssh-ed25519,ecdsa-sha2-nistp384,rsa-sha2-256
Change-Id: Ibe5ac9bdf918de9886c33328152a2524782576d5
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default b/meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default
index b2f1ecc..0035ff5 100644
--- a/meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default
+++ b/meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default
@@ -1 +1 @@
-DROPBEAR_EXTRA_ARGS="-G priv-admin"
+DROPBEAR_EXTRA_ARGS="-G priv-admin -r /etc/dropbear/dropbear_ecdsa_host_key -r /etc/dropbear/dropbear_ed25519_host_key"
diff --git a/meta-phosphor/recipes-core/dropbear/dropbear/dropbearkey.service b/meta-phosphor/recipes-core/dropbear/dropbear/dropbearkey.service
index dfeb17f..a07676b 100644
--- a/meta-phosphor/recipes-core/dropbear/dropbear/dropbearkey.service
+++ b/meta-phosphor/recipes-core/dropbear/dropbear/dropbearkey.service
@@ -12,6 +12,16 @@
@BASE_BINDIR@/mkdir -p ${DROPBEAR_RSAKEY_DIR}; \
@SBINDIR@/dropbearkey -t rsa -f ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key; \
fi"
+ExecStart=@BASE_BINDIR@/sh -c \
+ "if [[ ! -f ${DROPBEAR_RSAKEY_DIR}/dropbear_ecdsa_host_key ]]; then \
+ @BASE_BINDIR@/mkdir -p ${DROPBEAR_RSAKEY_DIR}; \
+ @SBINDIR@/dropbearkey -t ecdsa -f ${DROPBEAR_RSAKEY_DIR}/dropbear_ecdsa_host_key -s 384; \
+ fi"
+ExecStart=@BASE_BINDIR@/sh -c \
+ "if [[ ! -f ${DROPBEAR_RSAKEY_DIR}/dropbear_ed25519_host_key ]]; then \
+ @BASE_BINDIR@/mkdir -p ${DROPBEAR_RSAKEY_DIR}; \
+ @SBINDIR@/dropbearkey -t ed25519 -f ${DROPBEAR_RSAKEY_DIR}/dropbear_ed25519_host_key; \
+ fi"
RemainAfterExit=yes
[Install]