[PATCH v2] dropbear: Enable Ed25519 for normal devices
Hauke Mehrtens
hauke at hauke-m.de
Sun Jul 26 11:20:26 EDT 2020
On 7/25/20 11:06 PM, Paul Spooren wrote:
> The Ed25519 key pairs are much shorter than RSA pairs and are supported
> by default in OpenSSH. Looking at websites explaining how to create new
> SSH keys, many suggest using Ed25519 rather than RSA, however consider
> the former as not yet widely established. OpenWrt likely has a positive
> influence on that development.
>
> As enabling Ed25519 is a compile time option, it is currently not
> possible to install the feature via `opkg` nor select that option in an
> ImageBuilder.
>
> Due to the size impact of **12kB** the option should only be enabled for
> devices with `!SMALL_FLASH`.
>
> This approach seems cleaner than splitting `dropbear` into two packages
> like `dropbear` and `dropbear-ed25519`.
Can we deactivate something else?
>
> Signed-off-by: Paul Spooren <mail at aparcar.org>
> ---
> v2:
> * Add storage impact to commit message
> * Increase package release
>
> package/network/services/dropbear/Config.in | 2 +-
> package/network/services/dropbear/Makefile | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
> index 3de4189e08..2836229043 100644
> --- a/package/network/services/dropbear/Config.in
> +++ b/package/network/services/dropbear/Config.in
> @@ -51,7 +51,7 @@ config DROPBEAR_ECC_FULL
>
> config DROPBEAR_ED25519
> bool "Ed25519 support"
> - default n
> + default y if !SMALL_FLASH
Will this work reliable?
When we build dropbear with the SDK the SMALL_FLASH option is not set
and the resulting binary would be shared between small and normal targets.
> help
> This enables the following public key algorithm:
> ssh-ed25519
> diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
> index 0a9b5c0a99..e92ead2ff8 100644
> --- a/package/network/services/dropbear/Makefile
> +++ b/package/network/services/dropbear/Makefile
> @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
>
> PKG_NAME:=dropbear
> PKG_VERSION:=2020.80
> -PKG_RELEASE:=1
> +PKG_RELEASE:=2
>
> PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
> PKG_SOURCE_URL:= \
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20200726/036d2324/attachment.sig>
More information about the openwrt-devel
mailing list