hak5/wifipineapple-openwrt
1
0
Fork 0
mirror of https://github.com/hak5/wifipineapple-openwrt.git synced 2025-10-29 16:57:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

CC: dropbear: Disable telnet in favor of passwordless SSH

Browse Source 
This enables passworldless login for root via SSH whenever no root
password is set (e.g. after reset, flashing without keeping config
or in failsafe) and removes telnet support alltogether.

Signed-off-by: Steven Barth <steven@midlink.org>
This commit is contained in:
Steven Barth
2017-08-31 08:43:09 +02:00
committed by Zoltan HERPAI
parent 12a8f2a3d9
commit bff2da1713
9 changed files with 49 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
package/utils/busybox/Config-defaults.in
View File

@@ -2187,19 +2187,19 @@ config BUSYBOX_DEFAULT_TCPSVD
default n
config BUSYBOX_DEFAULT_TELNET
bool
default y
default n
config BUSYBOX_DEFAULT_FEATURE_TELNET_TTYPE
bool
default y
default n
config BUSYBOX_DEFAULT_FEATURE_TELNET_AUTOLOGIN
bool
default n
config BUSYBOX_DEFAULT_TELNETD
bool
default y
default n
config BUSYBOX_DEFAULT_FEATURE_TELNETD_STANDALONE
bool
default y
default n
config BUSYBOX_DEFAULT_FEATURE_TELNETD_INETD_WAIT
bool
default n

1
package/utils/busybox/Makefile
View File

@@ -110,7 +110,6 @@ define Package/busybox/install
$(INSTALL_DIR) $(1)/etc/init.d
$(CP) $(PKG_INSTALL_DIR)/* $(1)/
$(INSTALL_BIN) ./files/cron $(1)/etc/init.d/cron
$(INSTALL_BIN) ./files/telnet $(1)/etc/init.d/telnet
$(INSTALL_BIN) ./files/sysntpd $(1)/etc/init.d/sysntpd
$(INSTALL_BIN) ./files/ntpd-hotplug $(1)/usr/sbin/ntpd-hotplug
-rm -rf $(1)/lib64

38
package/utils/busybox/files/telnet
View File

@@ -1,38 +0,0 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org
START=50
USE_PROCD=1
PROG=/usr/sbin/telnetd
has_root_pwd() {
local pwd=$([ -f "$1" ] && cat "$1")
pwd="${pwd#*root:}"
pwd="${pwd%%:*}"
test -n "${pwd#[\!x]}"
}
get_root_home() {
local homedir=$([ -f "$1" ] && cat "$1")
homedir="${homedir#*:*:0:0:*:}"
echo "${homedir%%:*}"
}
has_ssh_pubkey() {
( /etc/init.d/dropbear enabled 2> /dev/null && grep -qs "^ssh-" /etc/dropbear/authorized_keys ) || \
( /etc/init.d/sshd enabled 2> /dev/null && grep -qs "^ssh-" "$(get_root_home /etc/passwd)"/.ssh/authorized_keys )
}
start_service() {
if ( ! has_ssh_pubkey && \
! has_root_pwd /etc/passwd && ! has_root_pwd /etc/shadow ) || \
( ! /etc/init.d/dropbear enabled 2> /dev/null && ! /etc/init.d/sshd enabled 2> /dev/null );
then
procd_open_instance
procd_set_param command "$PROG" -F -l /bin/login.sh
procd_close_instance
fi
}