Skip to content
Snippets Groups Projects
Select Git revision
  • devel default protected
  • pam
  • release-7.3 protected
  • release-7.4.2 protected
  • genxos-12
  • support-radius-ssh
  • roman-7.4.0a2-shsw-perl-noparallel
  • release-6.5 protected
  • iptv
  • nss
  • snmp
  • firewallmngr_uci
  • nw_firewallmngr
  • rt_fail2ban
  • agnau-nginx-lto
  • sshd_maxretries
  • release-7.4.0alpha2-shsw protected
  • rtsp_puse_res_timeout
  • rtsp_70_fix
  • platform-openwrt-23.05.1
  • v14.07
21 results
Search by author
  • Any Author
  • Amin Ben Romdhane Amin Ben Romdhane amin.benromdhane
  • Andreas Gnau Andreas Gnau AGnau
  • Anjan Chanda Anjan Chanda anjancx
  • Balalakshmi Arunachalam Rajendran Balalakshmi Arunachalam Rajendran arbala
  • Benjamin Larsson Benjamin Larsson benjamin
  • Dariusz Iwanoczko Dariusz Iwanoczko dariusz.iwanoczko
  • Divya Chandrasekaran Divya Chandrasekaran divya.c
  • Elena Vengerova Elena Vengerova helen
  • Erik Karlsson Erik Karlsson erik.karlsson
  • Filip Matusiak Filip Matusiak filmat
  • Fredrik Östling Fredrik Östling fredrik.ostling
  • George Yang George Yang gyang
  • Gouri Natarajan Gouri Natarajan gouri.natarajan
  • Grzegorz Sluja Grzegorz Sluja slujagrz
  • Hope Błaszkowska Hope Błaszkowska jakub.blaszk
  • IOPSYS DevOps Bot IOPSYS DevOps Bot devops_robot
  • Jakob Olsson Jakob Olsson jakob
  • Janusz Dziedzic Janusz Dziedzic janusz
  • Jenkins Inteno Jenkins Inteno jenkins
  • Jerome Rogon Jerome Rogon jerome.rogon
20 authors
  1. Feb 07, 2024
  3. Oct 07, 2023
  5. Sep 15, 2023
  7. May 17, 2023
  9. May 01, 2023
  11. Apr 25, 2023
    • Glen Huang's avatar
      openssh: preserve authorized_keys · e36a55c9
      Glen Huang authored 
      
The root user is usually the user that clients ssh into with, so in most
cases its authorized_keys determines what clients are allowed to ssh
into this device. Without preserving this file, they could potentially
be locked out after upgrading.

Signed-off-by: default avatarGlen Huang <me@glenhuang.com>
      e36a55c9
  13. Mar 18, 2023
  15. Feb 03, 2023
  17. Dec 13, 2022
  19. Apr 13, 2022
  21. Mar 17, 2022
  23. Feb 11, 2022
  25. Nov 12, 2021
  27. Sep 27, 2021
  29. Aug 25, 2021
  31. Apr 20, 2021
  33. Mar 03, 2021
  35. Jan 06, 2021
    • Linos Giannopoulos's avatar
      openssh: Add FIDO2 hardware token support · 855db864
      Linos Giannopoulos authored 
      Version 8.2[0] added support for two new key types: "ecdsa-sk" and
"ed25519-sk". These two type enable the usage of hardware tokens that
implement the FIDO (or FIDO2) standard, as an authentication method for
SSH.

Since we're already on version 8.4 all we need to do is to explicitly enable
the support for hardware keys when compiling OpenSSH and add all the
missing dependencies OpenSSH requires.

OpenSSH depends on libfido2[1], to communicate with the FIDO devices
over USB. In turn, libfido2 depends on libcbor, a C implementation of
the CBOR protocol[2] and OpenSSL.

[0]: https://lwn.net/Articles/812537/
[1]: https://github.com/Yubico/libfido2


[2]: tools.ietf.org/html/rfc7049

Signed-off-by: default avatarLinos Giannopoulos <linosgian00@gmail.com>
      855db864
  37. Dec 15, 2020
  39. Oct 08, 2020
  41. Oct 05, 2020
  43. Jul 07, 2020
  45. Jun 26, 2020
  47. Jun 20, 2020
  49. May 06, 2020
    • Philip Prindeville's avatar
      openssh-server: deprecate the ecdsa HostKey · 73fa0c96
      Philip Prindeville authored 
      
The init.d script for sshd never generates an ecdsa HostKey as seen
here:

	for type in rsa ed25519
	do
		# check for keys
		key=/etc/ssh/ssh_host_${type}_key
		[ ! -f $key ] && {
			# generate missing keys
			[ -x /usr/bin/ssh-keygen ] && {
				/usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&-
			}
		}
	done

so we'll never succeed at loading one.  Get rid of the resultant
error message in logging:

May  5 17:13:59 OpenWrt sshd[20070]: error: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key

Signed-off-by: default avatarPhilip Prindeville <philipp@redfish-solutions.com>
      73fa0c96
  51. Apr 06, 2020
  53. Apr 05, 2020
  55. Nov 09, 2019
  57. Oct 12, 2019
    • Jeffery To's avatar
      treewide: Use default PKG_BUILD_DIR when possible · 53e1692a
      Jeffery To authored 
      This removes lines that set PKG_BUILD_DIR when the set value is no
different from the default value.

Specifically, the line is removed if the assigned value is:

* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)

  The default PKG_BUILD_DIR was updated[1] to incorporate BUILD_VARIANT
  if it is set, so now this is identical to the default value.

* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR)

  if PKG_SOURCE_SUBDIR is set to $(PKG_NAME)-$(PKG_VERSION), making it
  the same as the previous case

* $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

  This is the same as the default PKG_BUILD_DIR when there is no
  BUILD_VARIANT.

* $(BUILD_DIR)/[name]-$(PKG_VERSION)

  where [name] is a string that is identical to PKG_NAME

[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e545fac8d968864a965edb9e50c6f90940b0a6c9



Signed-off-by: default avatarJeffery To <jeffery.to@gmail.com>
      53e1692a
  59. Sep 17, 2019
  61. Jul 21, 2019
  63. Apr 20, 2019
  65. Apr 02, 2019