summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-06-18 23:04:46 +0200
committerChristian Poessinger <christian@poessinger.com>2020-06-18 23:04:48 +0200
commite59da2923cbbb21258cc9769b6a152d6af78abe6 (patch)
tree3a54084962628c6faf15299daab3067586453625
parent067ddcf27ac1fbc33cee710ae66a85b0368a26d9 (diff)
downloadvyos-1x-e59da2923cbbb21258cc9769b6a152d6af78abe6.tar.gz
vyos-1x-e59da2923cbbb21258cc9769b6a152d6af78abe6.zip
console-server: T2490: add SSH support
A user can define a port under the SSH node per device. WHen connecting to that port and authenticating using regular credentials we will immediately drop to the serial console. This is the same as executing "connect serial-proxy <name>".
-rw-r--r--debian/control1
-rw-r--r--interface-definitions/service_serial-proxy.xml.in8
-rwxr-xr-xsrc/conf_mode/service_serial-proxy.py17
-rw-r--r--src/systemd/dropbear@.service14
-rw-r--r--src/systemd/dropbearkey.service11
5 files changed, 46 insertions, 5 deletions
diff --git a/debian/control b/debian/control
index 42d0475e3..bf330c35c 100644
--- a/debian/control
+++ b/debian/control
@@ -59,6 +59,7 @@ Depends: python3,
iputils-arping,
libvyosconfig0,
beep,
+ dropbear,
conserver-server,
conserver-client,
isc-dhcp-server,
diff --git a/interface-definitions/service_serial-proxy.xml.in b/interface-definitions/service_serial-proxy.xml.in
index ca93fcac3..917af0122 100644
--- a/interface-definitions/service_serial-proxy.xml.in
+++ b/interface-definitions/service_serial-proxy.xml.in
@@ -73,6 +73,14 @@
</constraint>
</properties>
</leafNode>
+ <node name="ssh">
+ <properties>
+ <help>SSH remote access to this console</help>
+ </properties>
+ <children>
+ #include <include/port-number.xml.i>
+ </children>
+ </node>
</children>
</tagNode>
</children>
diff --git a/src/conf_mode/service_serial-proxy.py b/src/conf_mode/service_serial-proxy.py
index 0dd1cfc6d..5f510d311 100755
--- a/src/conf_mode/service_serial-proxy.py
+++ b/src/conf_mode/service_serial-proxy.py
@@ -65,11 +65,11 @@ def verify(proxy):
for tmp in proxy['device']:
device = proxy['device'][tmp]
if not device['speed']:
- raise ConfigError(f'Speed must be defined!')
+ raise ConfigError(f'Serial port speed must be defined for "{tmp}"!')
- if device['ssh']:
- if not device['ssh']['port']:
- raise ConfigError(f'SSH port must be defined!')
+ if 'ssh' in device.keys():
+ if 'port' not in device['ssh'].keys():
+ raise ConfigError(f'SSH port must be defined for "{tmp}"!')
return None
@@ -81,13 +81,20 @@ def generate(proxy):
return None
def apply(proxy):
+ call('systemctl stop conserver-server.service')
+ call('systemctl stop dropbear@*.service')
+
if not proxy:
- call('systemctl stop conserver-server.service')
if os.path.isfile(config_file):
os.unlink(config_file)
return None
call('systemctl restart conserver-server.service')
+
+ for device in proxy['device']:
+ if 'ssh' in proxy['device'][device].keys():
+ call('systemctl restart dropbear@{device}.service')
+
return None
if __name__ == '__main__':
diff --git a/src/systemd/dropbear@.service b/src/systemd/dropbear@.service
new file mode 100644
index 000000000..a4df6ad41
--- /dev/null
+++ b/src/systemd/dropbear@.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Dropbear SSH per-connection server
+Requires=dropbearkey.service
+Wants=conserver-server.service
+After=mongodb.service
+After=dropbearkey.service vyos-router.service conserver-server.service
+
+[Service]
+Type=forking
+ExecStartPre=/usr/bin/bash -c '/usr/bin/systemctl set-environment PORT=$(cli-shell-api returnValue service serial-proxy device "%I" ssh port)'
+ExecStart=-/usr/sbin/dropbear -w -j -k -r /etc/dropbear/dropbear_rsa_host_key -c "/usr/bin/console %I" -P /run/conserver/dropbear.%I.pid -p ${PORT}
+PIDFile=/run/conserver/dropbear.%I.pid
+KillMode=process
+
diff --git a/src/systemd/dropbearkey.service b/src/systemd/dropbearkey.service
new file mode 100644
index 000000000..770641c8b
--- /dev/null
+++ b/src/systemd/dropbearkey.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Dropbear SSH Key Generation
+ConditionPathExists=|!/etc/dropbear/dropbear_rsa_host_key
+
+[Service]
+ExecStart=/usr/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
+