grazzolini
commented
9 years ago Hi Pezz,
Thank you for using this hook. As for your issue, I will work on them. But just some things that are worth nothing though:
The way the key algorithm is working now, it assumes that, if you have OpenSSH installed, you will use the same host keys of it. This is a security feature, since you can avoid MITM attacks by using the same key. I personally don't use this hook anymore, since I'm using mkinicpio-tinyssh. Tinyssh itself do not have a conversion program as dropbear does, and I still didn't got time to write one.
If you specifically don't want to use the same keys, I suggest you migrate to tinyssh. It uses more secure algorithms and is, as the name implies, tinier than dropbear.
Also, you can control which keys get converted by zeroing the files in the /etc/ssh directory, for example:
/etc/ssh/ssh_host_dsa_key
This is needed because the sshdgenkeys.service will look for the keys, and if they don't exist, it will recreate them. If you keep the file empty, the ssh daemon won't be able to use it and they won't be used by mkinitcpio-dropbear, because it specifically checks if the file exists and is not empty.
As for the ability of passing options, this is something that even the mkinitcpio-tinyssh hook is missing. I just need to decide how this will be accomplished. I want to avoid a configuration file if possible. If are in a hurry to use these right now, just edit the /usr/lib/initcpio/hooks/dropbear and /usr/lib/initcpio/install/dropbear files and rebuild your initramfs.
pezz
Hi there,
I'd like to see the following:
Love your work, cheers.