Home Explore Help
Register Sign In
OpenWrt
/
openwrt
mirror of https://github.com/openwrt/openwrt.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

dropbear: add ed25519 for failsafe key

At least Fedora and RHEL 9 set RSAMinSize=2048, so when trying to use
failsafe, we get 'Bad server host key: Invalid key length'
To workaround the issue, we can use: ssh -o RSAMinSize=1024 ...

Generating 2048 bits RSA is extremely slow, so add ed25519.
We keep RSA 1024 to be as compatible as possible.

Signed-off-by: Etienne Champetier <[email protected]>
Etienne Champetier 2 years ago
parent
6b11f0ec83
commit
6ac61dead9
1 changed files with 3 additions and 2 deletions
Split View Show Diff Stats
  1. 3 2
      package/network/services/dropbear/files/dropbear.failsafe

+ 3 - 2
package/network/services/dropbear/files/dropbear.failsafe
View File 

@@ -1,8 +1,9 @@
 
 #!/bin/sh
 
 
 failsafe_dropbear () {
 
-	dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key
 
-	dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1
 
+	dropbearkey -t rsa -s 1024 -f /tmp/dropbear_rsa_failsafe_host_key
 
+	dropbearkey -t ed25519 -f /tmp/dropbear_ed25519_failsafe_host_key
 
+	dropbear -r /tmp/dropbear_rsa_failsafe_host_key -r /tmp/dropbear_ed25519_failsafe_host_key <> /dev/null 2>&1
 
 }
 
 
 boot_hook_add failsafe failsafe_dropbear