I am trying to configure dropbear to do the following.
1) Only listen on port 22 of the tun0 interface (made by openvpn service).
2) Only use public key authorization.
To do this I've overridden the dropbear.socket file with my own.
---------------------------------------------------- start
[Unit]
Conflicts=dropbear.service
After=openvpn@foo.service
Wants=openvpn@foo.service
[Socket]
ListenStream=22
Accept=yes
BindToDevice=tun0 <<<<<<< made by open vpn
[Install]
WantedBy=sockets.target
Also=dropbearkey.service
----------------------------------------------------finish
I also install my public key to where I think dropbear needs the keys.
--------bb append snippet-----------------------------------
do_install_append() {
install -d ${D}/root/.ssh
install -m 0600 ${WORKDIR}/authorized_keys ${D}/root/.ssh/authorized_keys
echo 'DROPBEAR_EXTRA_ARGS="-E -g"'> ${D}${sysconfdir}/default/dropbear
}
FILES_${PN} += "/home/root/.ssh/authorized_keys"
-------------------------------------------------------------------
Currently the system finds a system ordering loop and shuts down openvpn.
How do I get the dropbear.socket to depend on openvpn - when openvpn
depends on the sockets being up (and sockets.target wants
dropbear.socket)? Is there another way to have dropbear only look at
the tun0 port 22 and not the eth0 port 22?
Thanks
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
