[openssh] Introduce custom openssh-server package for supporting reve…

…rse console SSH (sonic-net#5717)

* Build and install openssh from source
* Copy openssh deb package to dest folder
* Update make rule
* Update sonic debian extension
* Append empty line before EOF
* Update openssh patch
* Add openssh-server to base image dependency
* Fix indent type
* Fix comments
* Use commit id instead of tag id and add comment

Signed-off-by: Jing Kan [email protected]

files/build_templates/sonic_debian_extension.j2

@@ -263,6 +263,9 @@ sudo chmod 600 $FILESYSTEM_ROOT/etc/monit/conf.d/*
 sudo cp $IMAGE_CONFIGS/monit/process_checker $FILESYSTEM_ROOT/usr/bin/
 sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/process_checker
 
+# Install custom-built openssh sshd
+sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_*.deb
+
 # Copy crontabs
 sudo cp -f $IMAGE_CONFIGS/cron.d/* $FILESYSTEM_ROOT/etc/cron.d/
 

rules/openssh.dep

@@ -0,0 +1,8 @@
+SPATH       := $($(OPENSSH_SERVER)_SRC_PATH)
+DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/openssh.mk rules/openssh.dep   
+DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
+DEP_FILES   += $(shell git ls-files $(SPATH))
+
+$(OPENSSH_SERVER)_CACHE_MODE  := GIT_CONTENT_SHA 
+$(OPENSSH_SERVER)_DEP_FLAGS   := $(SONIC_COMMON_FLAGS_LIST)
+$(OPENSSH_SERVER)_DEP_FILES   := $(DEP_FILES)

rules/openssh.mk

@@ -0,0 +1,14 @@
+# openssh package
+
+OPENSSH_VERSION = 7.9p1-10+deb10u2
+
+export OPENSSH_VERSION
+
+OPENSSH_SERVER = openssh-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
+$(OPENSSH_SERVER)_SRC_PATH = $(SRC_PATH)/openssh
+SONIC_MAKE_DEBS += $(OPENSSH_SERVER)
+
+# The .c, .cpp, .h & .hpp files under src/{$DBG_SRC_ARCHIVE list}
+# are archived into debug one image to facilitate debugging.
+#
+DBG_SRC_ARCHIVE += openssh

slave.mk

@@ -802,6 +802,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
                 $(LIBPAM_TACPLUS) \
                 $(LIBNSS_TACPLUS) \
                 $(MONIT) \
+                $(OPENSSH_SERVER) \
                 $(PYTHON_SWSSCOMMON) \
                 $(PYTHON3_SWSSCOMMON) \
                 $(SONIC_UTILITIES_DATA) \

src/openssh/Makefile

@@ -0,0 +1,28 @@
+.ONESHELL:
+SHELL = /bin/bash
+.SHELLFLAGS += -e
+
+MAIN_TARGET = openssh-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
+DERIVED_TARGETS = openssh-server-dbgsym_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
+
+$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
+	# Obtain openssh: https://salsa.debian.org/ssh-team/openssh/-/tree/debian/1%257.9p1-10+deb10u2
+	rm -rf ./openssh-server
+	git clone https://salsa.debian.org/ssh-team/openssh.git openssh-server
+	pushd ./openssh-server
+
+	# Check out tag: debian/1%7.9p1-10+deb10u2
+	git checkout -b openssh-src -f 6d9ca74c48d9911342c6ca5aaac8a25974fa2619
+
+	# Apply patch series
+	stg init
+	stg import -s ../patch/series
+
+	# Build package
+	sudo apt-get -y build-dep openssh
+	dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)
+	popd
+
+	mv $(DERIVED_TARGETS) $* $(DEST)/
+
+$(addprefix $(DEST)/, $(DERIVED_TARGETS)): $(DEST)/% : $(DEST)/$(MAIN_TARGET)

src/openssh/patch/0001-Put-style-as-line-number-to-ssh-session-environment-.patch

@@ -0,0 +1,36 @@
+From 6e8cca780dab4680292192058b90a4a28f35d4ab Mon Sep 17 00:00:00 2001
+From: Blueve <[email protected]>
+Date: Mon, 26 Oct 2020 06:44:59 +0000
+Subject: [PATCH 1/1] Put style as line number to ssh session environment
+ variable
+
+By default, the content between : and @ will be trimmed by sshd before it do
+authentication and the trimmed string will be dropped silently. To use this
+segment as line number for reverse SSH feature, we need to modify the source
+code of OpenSSH and put this segment to a environment variable
+SSH_TARGET_CONSOLE_LINE, then we can insert a short script into /etc/bash.bashrc
+and run command consutil connect $SSH_TARGET_CONSOLE_LINE to enter the
+management session automatically after user login.
+---
+ session.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/session.c b/session.c
+index 19f38637e..654371447 100644
+--- a/session.c
++++ b/session.c
+@@ -1209,6 +1209,11 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
+ 		child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
+ 		    original_command);
+
++	/* Take advantage of authentication style field */
++	if (s->authctxt->style)
++		child_set_env(&env, &envsize, "SSH_TARGET_CONSOLE_LINE",
++		    s->authctxt->style);
++
+ 	if (debug_flag) {
+ 		/* dump the environment */
+ 		fprintf(stderr, "Environment:\n");
+-- 
+2.25.1
+

src/openssh/patch/series

@@ -0,0 +1 @@
+0001-Put-style-as-line-number-to-ssh-session-environment-.patch