[openssh-commits] [openssh] 03/11: Special case OpenWrt instead of Dropbear.

git+noreply at mindrot.org git+noreply at mindrot.org
Thu May 25 18:26:15 AEST 2023


This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit bdcaf7939029433635d63aade8f9ac762aca2bbe
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Wed May 10 18:50:46 2023 +1000

    Special case OpenWrt instead of Dropbear.
    
    OpenWrt overrides the location of authorized_keys for root.  Currently we
    assume that all Dropbear installations behave this way, which is not the
    case.  Check for OpenWrt and root user before using that location instead
    of assuming that for all Dropbear servers.  Prompted by Github PR#250.
    
    SSH-Copy-ID-Upstream: 0e1f5d443a9967483c33945793107ae3f3e4af2d
---
 contrib/ssh-copy-id | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
index f29377e8..437a7609 100644
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -242,7 +242,6 @@ populate_new_ids() {
 #    optionally takes an alternative path for authorized_keys
 installkeys_sh() {
   AUTH_KEY_FILE=${1:-.ssh/authorized_keys}
-  AUTH_KEY_DIR=$(dirname "${AUTH_KEY_FILE}")
 
   # In setting INSTALLKEYS_SH:
   #    the tr puts it all on one line (to placate tcsh)
@@ -252,15 +251,20 @@ installkeys_sh() {
   #    the -z `tail ...` checks for a trailing newline. The echo adds one if was missing
   #    the cat adds the keys we're getting via STDIN
   #    and if available restorecon is used to restore the SELinux context
+  # OpenWrt has a special case for root only.
   INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF
 	cd;
 	umask 077;
-	mkdir -p "${AUTH_KEY_DIR}" &&
-		{ [ -z \`tail -1c ${AUTH_KEY_FILE} 2>/dev/null\` ] ||
-			echo >> "${AUTH_KEY_FILE}" || exit 1; } &&
-		cat >> "${AUTH_KEY_FILE}" || exit 1;
+	AUTH_KEY_FILE="${AUTH_KEY_FILE}";
+	[ -f /etc/openwrt_release ] && [ "\$LOGNAME" = "root" ] &&
+		AUTH_KEY_FILE=/etc/dropbear/authorized_keys;
+	AUTH_KEY_DIR=\`dirname "\${AUTH_KEY_FILE}"\`;
+	mkdir -p "\${AUTH_KEY_DIR}" &&
+		{ [ -z \`tail -1c "\${AUTH_KEY_FILE}" 2>/dev/null\` ] ||
+			echo >> "\${AUTH_KEY_FILE}" || exit 1; } &&
+		cat >> "\${AUTH_KEY_FILE}" || exit 1;
 	if type restorecon >/dev/null 2>&1; then
-		restorecon -F "${AUTH_KEY_DIR}" "${AUTH_KEY_FILE}";
+		restorecon -F "\${AUTH_KEY_DIR}" "\${AUTH_KEY_FILE}";
 	fi
 	EOF
   )
@@ -336,13 +340,6 @@ case "$REMOTE_VERSION" in
       exit 1
     fi
     ;;
-  dropbear*)
-    populate_new_ids 0
-    [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
-      $SSH "$@" "$(installkeys_sh /etc/dropbear/authorized_keys)" \
-      || exit 1
-    ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
-    ;;
   *)
     # Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
     populate_new_ids 0

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list