Skip to content

RDKB-64870: [Spike/POC] Evaluate OpenSSH usage in place of dropbear #325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MonekaLakshmi wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

RDKB-64870: [Spike/POC] Evaluate OpenSSH usage in place of dropbear #325

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
205 changes: 122 additions & 83 deletions source/scripts/init/service.d/service_sshd/service_opensshd.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,104 +39,143 @@
# $1 is the calling event (sshd-restart, lan-status, wan-status, etc)
#------------------------------------------------------------------

# OpenSSH based SSH service for RDK POC

source /etc/utopia/service.d/ulog_functions.sh
source /etc/utopia/service.d/log_capture_path.sh

SERVICE_NAME="sshd"
SELF_NAME="`basename "$0"`"

SSHD=/sbin/sshd
PMON=/etc/utopia/service.d/pmon.sh

do_start() {

SSHD_PID=`pidof sshd`
[ "${SSHD_PID}" ] && return 0

DIR_NAME=/tmp/home/admin
if [ ! -d $DIR_NAME ] ; then
# in order to use user admin for ssh we need to give it a home directory
# echo "[utopia] Creating ssh user admin" > /dev/console
mkdir -p $DIR_NAME
chown admin $DIR_NAME
chgrp admin $DIR_NAME
chmod 755 $DIR_NAME
fi

# if there is no ssh credentials in our secret directory then make them now
if [ ! -f /etc/ssh/ssh_host_dsa_key ] ; then
mkdir -p /etc/ssh
ssh-keygen -q -t dsa -N '' -C '' -f /etc/ssh/ssh_host_dsa_key
chmod 600 /etc/ssh/ssh_host_dsa_key
chmod 644 /etc/ssh/ssh_host_dsa_key.pub
fi
if [ ! -f /etc/ssh/ssh_host_rsa_key ] ; then
ssh-keygen -q -t rsa -N '' -C '' -f /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 644 /etc/ssh/ssh_host_rsa_key.pub
fi

# start a ssh daemon
# echo "[utopia] Starting SSH daemon" > /dev/console
mkdir -p /var/empty
chown root:root /var/empty
chmod 700 /var/empty
[ -z "${SSHD_PID}" ] && ${SSHD} -f /etc/sshd.conf
sysevent set ssh_daemon_state up
SSHD="/usr/sbin/sshd"
SSHD_CONFIG="/etc/ssh/sshd_config_readonly"
PID_FILE="/var/run/sshd.pid"
KEY_DIR="/var/run/ssh"
PMON="/etc/utopia/service.d/pmon.sh"

generate_openssh_keys()
{
mkdir -p "${KEY_DIR}"
chmod 0755 "${KEY_DIR}"

[ -f "${KEY_DIR}/ssh_host_rsa_key" ] || ssh-keygen -q -t rsa -N '' -C '' -f "${KEY_DIR}/ssh_host_rsa_key"
[ -f "${KEY_DIR}/ssh_host_ecdsa_key" ] || ssh-keygen -q -t ecdsa -N '' -C '' -f "${KEY_DIR}/ssh_host_ecdsa_key"
[ -f "${KEY_DIR}/ssh_host_ed25519_key" ] || ssh-keygen -q -t ed25519 -N '' -C '' -f "${KEY_DIR}/ssh_host_ed25519_key"

chmod 600 "${KEY_DIR}"/ssh_host_*_key 2>/dev/null || true
chmod 644 "${KEY_DIR}"/ssh_host_*_key.pub 2>/dev/null || true
Comment on lines +52 to +66
}

do_stop() {
# echo "[utopia] Stopping SSH daemon" > /dev/console
do_start()
{
SSHD_PID=`pidof sshd`
[ ! "${SSHD_PID}" ] && return 0
kill "${SSHD_PID}"
sysevent set ssh_daemon_state down

if [ "${SSHD_PID}" ]; then
echo "${SSHD_PID}" | awk '{print $1}' > "${PID_FILE}"
sysevent set ssh_daemon_state up
echo_t "[utopia] OpenSSH already running. PID: `cat ${PID_FILE}`"
return 0
Comment on lines 71 to +77
fi

generate_openssh_keys

mkdir -p /var/run/sshd
chmod 0755 /var/run/sshd

mkdir -p /var/empty
chown root:root /var/empty
chmod 700 /var/empty

${SSHD} -f "${SSHD_CONFIG}" -o PidFile="${PID_FILE}" 2>>${CONSOLEFILE}

sleep 1

if [ ! -f "${PID_FILE}" ]; then
pidof sshd | awk '{print $1}' > "${PID_FILE}"
fi

if [ -f "${PID_FILE}" ] && [ -s "${PID_FILE}" ]; then
echo_t "[utopia] OpenSSH started. PID: `cat ${PID_FILE}`"
sysevent set ssh_daemon_state up
else
echo_t "[utopia] OpenSSH failed to start"
rm -f "${PID_FILE}"
sysevent set ssh_daemon_state down
fi
}

service_start() {
ulog ${SERVICE_NAME} status "starting ${SERVICE_NAME} service"
do_stop()
{
sysevent set ssh_daemon_state down

REMOTE_ACCESS=`syscfg get mgmt_wan_access`
SSH_REMOTE_ACCESS=`syscfg get mgmt_wan_sshaccess`

do_start
$PMON setproc ssh sshd `pidof -o $$ sshd` "/etc/utopia/service.d/service_sshd.sh sshd-restart"
if [ -f "${PID_FILE}" ] && [ -s "${PID_FILE}" ]; then
kill "`cat ${PID_FILE}`" 2>/dev/null
sleep 1
Comment on lines +107 to +113
fi

sysevent set ${SERVICE_NAME}-errinfo
sysevent set ${SERVICE_NAME}-status "started"
if pidof sshd >/dev/null 2>&1; then
killall sshd 2>/dev/null
Comment on lines +107 to +117
fi

rm -f "${PID_FILE}"
}

service_stop () {
ulog ${SERVICE_NAME} status "stopping ${SERVICE_NAME} service"
service_start()
{
echo_t "[utopia] starting ${SERVICE_NAME} service"
ulog ${SERVICE_NAME} status "starting ${SERVICE_NAME} service"

do_start
#OpenSSH POC: PMON monitoring temporarily disabled.
#if [ -f "${PID_FILE}" ] && [ -s "${PID_FILE}" ]; then
# In this POC, service_opensshd.sh is installed as
# /etc/utopia/service.d/service_sshd.sh during do_install.
# Therefore PMON restart points to the active OpenSSH-aware
# service wrapper, not the original Dropbear implementation.
# ${PMON} setproc ssh sshd "${PID_FILE}" "/etc/utopia/service.d/service_sshd.sh sshd-restart"
#fi

sysevent set ${SERVICE_NAME}-errinfo
sysevent set ${SERVICE_NAME}-status "started"
}

do_stop
$PMON unsetproc ssh
service_stop()
{
echo_t "[utopia] stopping ${SERVICE_NAME} service"
ulog ${SERVICE_NAME} status "stopping ${SERVICE_NAME} service"

sysevent set ${SERVICE_NAME}-errinfo
sysevent set ${SERVICE_NAME}-status "stopped"
do_stop

${PMON} unsetproc ssh

sysevent set ${SERVICE_NAME}-errinfo
sysevent set ${SERVICE_NAME}-status "stopped"
}

service_lanwan_status ()
service_lanwan_status()
{
CURRENT_LAN_STATE=`sysevent get lan-status`
CURRENT_WAN_STATE=`sysevent get wan-status`
if [ "stopped" = "$CURRENT_LAN_STATE" ] && [ "stopped" == "$CURRENT_WAN_STATE" ] ; then
service_stop
else
service_start
fi
CURRENT_LAN_STATE=`sysevent get lan-status`
CURRENT_WAN_STATE=`sysevent get wan-status`

if [ "stopped" = "${CURRENT_LAN_STATE}" ] && [ "stopped" = "${CURRENT_WAN_STATE}" ]; then
service_stop
else
service_start
fi
}

service_bridge_status ()
service_bridge_status()
{
CURRENT_BRIDGE_STATE=`sysevent get bridge-status`
if [ "stopped" = "$CURRENT_BRIDGE_STATE" ] ; then
service_stop
elif [ "started" = "$CURRENT_BRIDGE_STATE" ] ; then
service_start
fi
CURRENT_BRIDGE_STATE=`sysevent get bridge-status`

if [ "stopped" = "${CURRENT_BRIDGE_STATE}" ]; then
service_stop
elif [ "started" = "${CURRENT_BRIDGE_STATE}" ]; then
service_start
fi
}

# Entry
echo_t "[utopia] ${SERVICE_NAME} $1 received"

case "$1" in
"${SERVICE_NAME}-start")
Expand All @@ -145,22 +184,22 @@ case "$1" in
"${SERVICE_NAME}-stop")
service_stop
;;
"${SERVICE_NAME}-restart")
"${SERVICE_NAME}-restart"|"sshd-restart")
service_stop
service_start
;;
lan-status)
service_lanwan_status
;;
wan-status)
lan-status|wan-status)
service_lanwan_status
;;
bridge-status)
service_bridge_status
;;
current_wan_ifname)
service_stop
service_start
;;
*)
echo "Usage: $SELF_NAME [${SERVICE_NAME}-start|${SERVICE_NAME}-stop|${SERVICE_NAME}-restart|lan-status|wan-status|ssh_server_restart|wan-status|lan-status]" >&2
exit 3
;;
echo "Usage: $SELF_NAME [${SERVICE_NAME}-start|${SERVICE_NAME}-stop|${SERVICE_NAME}-restart|sshd-restart|lan-status|wan-status|bridge-status|current_wan_ifname]" >&2
exit 3
;;
esac

Loading