├── README.md ├── tinyssh_hook ├── LICENSE └── tinyssh_install /README.md: -------------------------------------------------------------------------------- 1 | # mkinitcpio-tinyssh 2 | Archlinux mkinitcpio hook to enable the tinyssh daemon in early userspace 3 | -------------------------------------------------------------------------------- /tinyssh_hook: -------------------------------------------------------------------------------- 1 | #!/usr/bin/ash 2 | 3 | run_hook () 4 | { 5 | [ -d /dev/pts ] || mkdir -p /dev/pts 6 | mount -t devpts devpts /dev/pts 7 | 8 | echo "Starting tinyssh" 9 | /bin/tcpsvd 0 22 /usr/sbin/tinysshd -v /etc/tinyssh/sshkeydir & 10 | } 11 | 12 | run_cleanuphook () 13 | { 14 | umount /dev/pts 15 | rm -R /dev/pts 16 | killall tcpsvd 17 | } 18 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015, Giancarlo Razzolini 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | * Neither the name of mkinitcpio-tinyssh nor the names of its 15 | contributors may be used to endorse or promote products derived from 16 | this software without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 22 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 24 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 25 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 26 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | -------------------------------------------------------------------------------- /tinyssh_install: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | display_fingerprints() { 4 | if [ -d /etc/tinyssh/sshkeydir ]; then 5 | tinysshd-printkey /etc/tinyssh/sshkeydir 6 | fi 7 | } 8 | 9 | generate_keys() { 10 | if [ ! -d /etc/tinyssh/sshkeydir ]; then 11 | tinysshd-makekey /etc/tinyssh/sshkeydir 12 | if [ $? -eq 0 ]; then 13 | echo "Generated tinyssh keys..." 14 | return 0 15 | fi 16 | fi 17 | return 1 18 | } 19 | 20 | copy_openssh_keys() { 21 | local osshed25519="/etc/ssh/ssh_host_ed25519_key" 22 | 23 | local destdir="/etc/tinyssh/sshkeydir" 24 | 25 | local return_code=1 26 | 27 | if [ ! -d $destdir -a -x /usr/bin/tinyssh-convert ]; then 28 | tinyssh-convert $destdir < $osshed25519 29 | if [ $? -eq 0 ]; then 30 | return_code=0 31 | fi 32 | fi 33 | 34 | if [ $return_code -eq 0 ]; then 35 | echo "Converted keys from OpenSSH..." 36 | fi 37 | 38 | return $return_code 39 | } 40 | 41 | create_systemd_customdep () { 42 | add_dir "/etc/systemd/system/tinyssh@22.socket.d" 43 | cat << CUSTOMEOF > "${BUILDROOT}/etc/systemd/system/tinyssh@22.socket.d/cryptsetup-dep.conf" 44 | [Unit] 45 | Before= 46 | Before=cryptsetup.target 47 | CUSTOMEOF 48 | } 49 | 50 | build () 51 | { 52 | # 53 | # Begin real processing 54 | # 55 | 56 | # Are we even needed? 57 | if [ ! -r "/etc/tinyssh/root_key" -o ! -s "/etc/tinyssh/root_key" ]; then 58 | echo "There is no root key in /etc/tinyssh/root_key existent; exit" 59 | return 0 60 | fi 61 | 62 | # if TMPDIR is set leave it alone otherwise set 63 | [ -z $TMPDIR ] && TMPDIR='/tmp/mkinitcpio-tinyssh' 64 | 65 | # check if TMPDIR exsists if not make it 66 | [ -d $TMPDIR ] || mkdir -p $TMPDIR 67 | 68 | umask 0022 69 | 70 | copy_openssh_keys || generate_keys 71 | display_fingerprints 72 | 73 | #systemd enabled 74 | declare -F add_systemd_unit > /dev/null 2>&1 75 | if [ $? -eq 0 ]; then 76 | add_systemd_unit "tinysshgenkeys.service" 77 | add_systemd_unit "tinyssh@.socket" 78 | add_systemd_unit "tinyssh@.service" 79 | systemctl --root "$BUILDROOT" enable tinyssh@22.socket 80 | create_systemd_customdep 81 | #base enabled 82 | else 83 | add_checked_modules "/drivers/net/" 84 | add_binary "rm" 85 | add_binary "killall" 86 | add_binary "tinysshd" 87 | add_file "/lib/libnss_files.so.2" 88 | add_runscript 89 | fi 90 | 91 | #both 92 | add_dir "/root/.ssh" 93 | cat /etc/tinyssh/root_key > "${BUILDROOT}"/root/.ssh/authorized_keys 94 | 95 | #necessary for tinyssh private keys 96 | shopt -s dotglob 97 | add_full_dir "/etc/tinyssh" 98 | shopt -u dotglob 99 | 100 | } 101 | 102 | help () 103 | { 104 | cat<