Skip to content
Snippets Groups Projects
Select Git revision
  • devel default protected
  • pam
  • release-7.3 protected
  • release-7.4.2 protected
  • genxos-12
  • support-radius-ssh
  • roman-7.4.0a2-shsw-perl-noparallel
  • release-6.5 protected
  • iptv
  • nss
  • snmp
  • firewallmngr_uci
  • nw_firewallmngr
  • rt_fail2ban
  • agnau-nginx-lto
  • sshd_maxretries
  • release-7.4.0alpha2-shsw protected
  • rtsp_puse_res_timeout
  • rtsp_70_fix
  • platform-openwrt-23.05.1
  • v14.07
21 results
Search by author
  • Any Author
  • Amin Ben Romdhane Amin Ben Romdhane amin.benromdhane
  • Andreas Gnau Andreas Gnau AGnau
  • Anjan Chanda Anjan Chanda anjancx
  • Balalakshmi Arunachalam Rajendran Balalakshmi Arunachalam Rajendran arbala
  • Benjamin Larsson Benjamin Larsson benjamin
  • Dariusz Iwanoczko Dariusz Iwanoczko dariusz.iwanoczko
  • Divya Chandrasekaran Divya Chandrasekaran divya.c
  • Elena Vengerova Elena Vengerova helen
  • Erik Karlsson Erik Karlsson erik.karlsson
  • Filip Matusiak Filip Matusiak filmat
  • Fredrik Östling Fredrik Östling fredrik.ostling
  • George Yang George Yang gyang
  • Gouri Natarajan Gouri Natarajan gouri.natarajan
  • Grzegorz Sluja Grzegorz Sluja slujagrz
  • Hope Błaszkowska Hope Błaszkowska jakub.blaszk
  • IOPSYS DevOps Bot IOPSYS DevOps Bot devops_robot
  • Jakob Olsson Jakob Olsson jakob
  • Janusz Dziedzic Janusz Dziedzic janusz
  • Jenkins Inteno Jenkins Inteno jenkins
  • Jerome Rogon Jerome Rogon jerome.rogon
20 authors
  1. May 01, 2023
  3. Apr 25, 2023
    • Glen Huang's avatar
      openssh: preserve authorized_keys · e36a55c9
      Glen Huang authored 
      
The root user is usually the user that clients ssh into with, so in most
cases its authorized_keys determines what clients are allowed to ssh
into this device. Without preserving this file, they could potentially
be locked out after upgrading.

Signed-off-by: default avatarGlen Huang <me@glenhuang.com>
      e36a55c9
  5. Mar 18, 2023
  7. Feb 03, 2023
  9. Dec 13, 2022
  11. Apr 13, 2022
  13. Mar 17, 2022
  15. Feb 11, 2022
  17. Nov 12, 2021
  19. Sep 27, 2021
  21. Aug 25, 2021
  23. Apr 20, 2021
  25. Mar 03, 2021
  27. Jan 06, 2021
    • Linos Giannopoulos's avatar
      openssh: Add FIDO2 hardware token support · 855db864
      Linos Giannopoulos authored 
      Version 8.2[0] added support for two new key types: "ecdsa-sk" and
"ed25519-sk". These two type enable the usage of hardware tokens that
implement the FIDO (or FIDO2) standard, as an authentication method for
SSH.

Since we're already on version 8.4 all we need to do is to explicitly enable
the support for hardware keys when compiling OpenSSH and add all the
missing dependencies OpenSSH requires.

OpenSSH depends on libfido2[1], to communicate with the FIDO devices
over USB. In turn, libfido2 depends on libcbor, a C implementation of
the CBOR protocol[2] and OpenSSL.

[0]: https://lwn.net/Articles/812537/
[1]: https://github.com/Yubico/libfido2


[2]: tools.ietf.org/html/rfc7049

Signed-off-by: default avatarLinos Giannopoulos <linosgian00@gmail.com>
      855db864
  29. Dec 15, 2020
  31. Oct 08, 2020
  33. Oct 05, 2020
  35. Jul 07, 2020
  37. Jun 26, 2020
  39. Jun 20, 2020
  41. May 06, 2020
    • Philip Prindeville's avatar
      openssh-server: deprecate the ecdsa HostKey · 73fa0c96
      Philip Prindeville authored 
      
The init.d script for sshd never generates an ecdsa HostKey as seen
here:

	for type in rsa ed25519
	do
		# check for keys
		key=/etc/ssh/ssh_host_${type}_key
		[ ! -f $key ] && {
			# generate missing keys
			[ -x /usr/bin/ssh-keygen ] && {
				/usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&-
			}
		}
	done

so we'll never succeed at loading one.  Get rid of the resultant
error message in logging:

May  5 17:13:59 OpenWrt sshd[20070]: error: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key

Signed-off-by: default avatarPhilip Prindeville <philipp@redfish-solutions.com>
      73fa0c96
  43. Apr 06, 2020
  45. Apr 05, 2020
  47. Nov 09, 2019
  49. Oct 12, 2019
    • Jeffery To's avatar
      treewide: Use default PKG_BUILD_DIR when possible · 53e1692a
      Jeffery To authored 
      This removes lines that set PKG_BUILD_DIR when the set value is no
different from the default value.

Specifically, the line is removed if the assigned value is:

* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)

  The default PKG_BUILD_DIR was updated[1] to incorporate BUILD_VARIANT
  if it is set, so now this is identical to the default value.

* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR)

  if PKG_SOURCE_SUBDIR is set to $(PKG_NAME)-$(PKG_VERSION), making it
  the same as the previous case

* $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

  This is the same as the default PKG_BUILD_DIR when there is no
  BUILD_VARIANT.

* $(BUILD_DIR)/[name]-$(PKG_VERSION)

  where [name] is a string that is identical to PKG_NAME

[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e545fac8d968864a965edb9e50c6f90940b0a6c9



Signed-off-by: default avatarJeffery To <jeffery.to@gmail.com>
      53e1692a
  51. Sep 17, 2019
  53. Jul 21, 2019
  55. Apr 20, 2019
  57. Apr 02, 2019
  59. Mar 22, 2019
  61. Mar 21, 2019
  63. Mar 03, 2019
  65. Feb 10, 2019
  67. Jan 15, 2019
  69. Oct 20, 2018
  71. Oct 19, 2018
  73. Sep 30, 2018