[yocto] Dropbear configuration
Khem Raj
raj.khem at gmail.com
Fri Jul 24 17:02:33 PDT 2015
On 15-05-29 10:40:35, Matthew Karas wrote:
> I am trying to configure dropbear to do the following.
>
> 1) Only listen on port 22 of the tun0 interface (made by openvpn service).
> 2) Only use public key authorization.
>
> To do this I've overridden the dropbear.socket file with my own.
>
> ---------------------------------------------------- start
> [Unit]
> Conflicts=dropbear.service
> After=openvpn at foo.service
> Wants=openvpn at foo.service
may be ise 'Requires' here
>
> [Socket]
> ListenStream=22
> Accept=yes
> BindToDevice=tun0 <<<<<<< made by open vpn
>
> [Install]
> WantedBy=sockets.target
> Also=dropbearkey.service
>
> ----------------------------------------------------finish
>
> I also install my public key to where I think dropbear needs the keys.
>
> --------bb append snippet-----------------------------------
> do_install_append() {
> install -d ${D}/root/.ssh
> install -m 0600 ${WORKDIR}/authorized_keys ${D}/root/.ssh/authorized_keys
> echo 'DROPBEAR_EXTRA_ARGS="-E -g"'> ${D}${sysconfdir}/default/dropbear
> }
>
> FILES_${PN} += "/home/root/.ssh/authorized_keys"
> -------------------------------------------------------------------
>
> Currently the system finds a system ordering loop and shuts down openvpn.
>
> How do I get the dropbear.socket to depend on openvpn - when openvpn
> depends on the sockets being up (and sockets.target wants
> dropbear.socket)? Is there another way to have dropbear only look at
> the tun0 port 22 and not the eth0 port 22?
>
> Thanks
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
More information about the yocto
mailing list