diff options
| -rw-r--r-- | debian/control | 1 | ||||
| -rw-r--r-- | interface-definitions/service_serial-proxy.xml.in | 8 | ||||
| -rwxr-xr-x | src/conf_mode/service_serial-proxy.py | 17 | ||||
| -rw-r--r-- | src/systemd/dropbear@.service | 14 | ||||
| -rw-r--r-- | src/systemd/dropbearkey.service | 11 |
5 files changed, 46 insertions, 5 deletions
diff --git a/debian/control b/debian/control index 42d0475e3..bf330c35c 100644 --- a/debian/control +++ b/debian/control @@ -59,6 +59,7 @@ Depends: python3, iputils-arping, libvyosconfig0, beep, + dropbear, conserver-server, conserver-client, isc-dhcp-server, diff --git a/interface-definitions/service_serial-proxy.xml.in b/interface-definitions/service_serial-proxy.xml.in index ca93fcac3..917af0122 100644 --- a/interface-definitions/service_serial-proxy.xml.in +++ b/interface-definitions/service_serial-proxy.xml.in @@ -73,6 +73,14 @@ </constraint> </properties> </leafNode> + <node name="ssh"> + <properties> + <help>SSH remote access to this console</help> + </properties> + <children> + #include <include/port-number.xml.i> + </children> + </node> </children> </tagNode> </children> diff --git a/src/conf_mode/service_serial-proxy.py b/src/conf_mode/service_serial-proxy.py index 0dd1cfc6d..5f510d311 100755 --- a/src/conf_mode/service_serial-proxy.py +++ b/src/conf_mode/service_serial-proxy.py @@ -65,11 +65,11 @@ def verify(proxy): for tmp in proxy['device']: device = proxy['device'][tmp] if not device['speed']: - raise ConfigError(f'Speed must be defined!') + raise ConfigError(f'Serial port speed must be defined for "{tmp}"!') - if device['ssh']: - if not device['ssh']['port']: - raise ConfigError(f'SSH port must be defined!') + if 'ssh' in device.keys(): + if 'port' not in device['ssh'].keys(): + raise ConfigError(f'SSH port must be defined for "{tmp}"!') return None @@ -81,13 +81,20 @@ def generate(proxy): return None def apply(proxy): + call('systemctl stop conserver-server.service') + call('systemctl stop dropbear@*.service') + if not proxy: - call('systemctl stop conserver-server.service') if os.path.isfile(config_file): os.unlink(config_file) return None call('systemctl restart conserver-server.service') + + for device in proxy['device']: + if 'ssh' in proxy['device'][device].keys(): + call('systemctl restart dropbear@{device}.service') + return None if __name__ == '__main__': diff --git a/src/systemd/dropbear@.service b/src/systemd/dropbear@.service new file mode 100644 index 000000000..a4df6ad41 --- /dev/null +++ b/src/systemd/dropbear@.service @@ -0,0 +1,14 @@ +[Unit] +Description=Dropbear SSH per-connection server +Requires=dropbearkey.service +Wants=conserver-server.service +After=mongodb.service +After=dropbearkey.service vyos-router.service conserver-server.service + +[Service] +Type=forking +ExecStartPre=/usr/bin/bash -c '/usr/bin/systemctl set-environment PORT=$(cli-shell-api returnValue service serial-proxy device "%I" ssh port)' +ExecStart=-/usr/sbin/dropbear -w -j -k -r /etc/dropbear/dropbear_rsa_host_key -c "/usr/bin/console %I" -P /run/conserver/dropbear.%I.pid -p ${PORT} +PIDFile=/run/conserver/dropbear.%I.pid +KillMode=process + diff --git a/src/systemd/dropbearkey.service b/src/systemd/dropbearkey.service new file mode 100644 index 000000000..770641c8b --- /dev/null +++ b/src/systemd/dropbearkey.service @@ -0,0 +1,11 @@ +[Unit] +Description=Dropbear SSH Key Generation +ConditionPathExists=|!/etc/dropbear/dropbear_rsa_host_key + +[Service] +ExecStart=/usr/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target + |