From: Etienne Champetier <champetier.etienne@gmail.com>
Date: Mon, 10 Jul 2023 05:56:05 +0000 (+0200)
Subject: dropbear: add ed25519 for failsafe key
X-Git-Tag: v23.05.0-rc3~85
X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=ee910d1e67c5ebba3bc2c136c8c6b5358a8c17b5;p=openwrt%2Fstaging%2Fhauke.git

dropbear: add ed25519 for failsafe key

At least Fedora and RHEL 9 set RSAMinSize=2048, so when trying to use
failsafe, we get 'Bad server host key: Invalid key length'
To workaround the issue, we can use: ssh -o RSAMinSize=1024 ...

Generating 2048 bits RSA is extremely slow, so add ed25519.
We keep RSA 1024 to be as compatible as possible.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 6ac61dead99ff6b9df00c29b7a858772449718b2)
---

diff --git a/package/network/services/dropbear/files/dropbear.failsafe b/package/network/services/dropbear/files/dropbear.failsafe
index a98ede459a..97bd12d58a 100755
--- a/package/network/services/dropbear/files/dropbear.failsafe
+++ b/package/network/services/dropbear/files/dropbear.failsafe
@@ -1,8 +1,9 @@
 #!/bin/sh
 
 failsafe_dropbear () {
-	dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key
-	dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1
+	dropbearkey -t rsa -s 1024 -f /tmp/dropbear_rsa_failsafe_host_key
+	dropbearkey -t ed25519 -f /tmp/dropbear_ed25519_failsafe_host_key
+	dropbear -r /tmp/dropbear_rsa_failsafe_host_key -r /tmp/dropbear_ed25519_failsafe_host_key <> /dev/null 2>&1
 }
 
 boot_hook_add failsafe failsafe_dropbear