diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 34f864b6d21d..c322c58aa003 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -263,6 +263,9 @@ sudo chmod 600 $FILESYSTEM_ROOT/etc/monit/conf.d/* sudo cp $IMAGE_CONFIGS/monit/process_checker $FILESYSTEM_ROOT/usr/bin/ sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/process_checker +# Install custom-built openssh sshd +sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_*.deb + # Copy crontabs sudo cp -f $IMAGE_CONFIGS/cron.d/* $FILESYSTEM_ROOT/etc/cron.d/ diff --git a/rules/openssh.dep b/rules/openssh.dep new file mode 100644 index 000000000000..7450743e667b --- /dev/null +++ b/rules/openssh.dep @@ -0,0 +1,8 @@ +SPATH := $($(OPENSSH_SERVER)_SRC_PATH) +DEP_FILES := $(SONIC_COMMON_FILES_LIST) rules/openssh.mk rules/openssh.dep +DEP_FILES += $(SONIC_COMMON_BASE_FILES_LIST) +DEP_FILES += $(shell git ls-files $(SPATH)) + +$(OPENSSH_SERVER)_CACHE_MODE := GIT_CONTENT_SHA +$(OPENSSH_SERVER)_DEP_FLAGS := $(SONIC_COMMON_FLAGS_LIST) +$(OPENSSH_SERVER)_DEP_FILES := $(DEP_FILES) diff --git a/rules/openssh.mk b/rules/openssh.mk new file mode 100644 index 000000000000..0cc3de621039 --- /dev/null +++ b/rules/openssh.mk @@ -0,0 +1,14 @@ +# openssh package + +OPENSSH_VERSION = 7.9p1-10+deb10u2 + +export OPENSSH_VERSION + +OPENSSH_SERVER = openssh-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb +$(OPENSSH_SERVER)_SRC_PATH = $(SRC_PATH)/openssh +SONIC_MAKE_DEBS += $(OPENSSH_SERVER) + +# The .c, .cpp, .h & .hpp files under src/{$DBG_SRC_ARCHIVE list} +# are archived into debug one image to facilitate debugging. +# +DBG_SRC_ARCHIVE += openssh diff --git a/slave.mk b/slave.mk index a4a7f7a85897..ba82e717910d 100644 --- a/slave.mk +++ b/slave.mk @@ -802,6 +802,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \ $(LIBPAM_TACPLUS) \ $(LIBNSS_TACPLUS) \ $(MONIT) \ + $(OPENSSH_SERVER) \ $(PYTHON_SWSSCOMMON) \ $(PYTHON3_SWSSCOMMON) \ $(SONIC_UTILITIES_DATA) \ diff --git a/src/openssh/Makefile b/src/openssh/Makefile new file mode 100644 index 000000000000..66c6f019619f --- /dev/null +++ b/src/openssh/Makefile @@ -0,0 +1,28 @@ +.ONESHELL: +SHELL = /bin/bash +.SHELLFLAGS += -e + +MAIN_TARGET = openssh-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb +DERIVED_TARGETS = openssh-server-dbgsym_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb + +$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% : + # Obtain openssh: https://salsa.debian.org/ssh-team/openssh/-/tree/debian/1%257.9p1-10+deb10u2 + rm -rf ./openssh-server + git clone https://salsa.debian.org/ssh-team/openssh.git openssh-server + pushd ./openssh-server + + # Check out tag: debian/1%7.9p1-10+deb10u2 + git checkout -b openssh-src -f 6d9ca74c48d9911342c6ca5aaac8a25974fa2619 + + # Apply patch series + stg init + stg import -s ../patch/series + + # Build package + sudo apt-get -y build-dep openssh + dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) + popd + + mv $(DERIVED_TARGETS) $* $(DEST)/ + +$(addprefix $(DEST)/, $(DERIVED_TARGETS)): $(DEST)/% : $(DEST)/$(MAIN_TARGET) diff --git a/src/openssh/patch/0001-Put-style-as-line-number-to-ssh-session-environment-.patch b/src/openssh/patch/0001-Put-style-as-line-number-to-ssh-session-environment-.patch new file mode 100644 index 000000000000..a11c7bf46c37 --- /dev/null +++ b/src/openssh/patch/0001-Put-style-as-line-number-to-ssh-session-environment-.patch @@ -0,0 +1,36 @@ +From 6e8cca780dab4680292192058b90a4a28f35d4ab Mon Sep 17 00:00:00 2001 +From: Blueve +Date: Mon, 26 Oct 2020 06:44:59 +0000 +Subject: [PATCH 1/1] Put style as line number to ssh session environment + variable + +By default, the content between : and @ will be trimmed by sshd before it do +authentication and the trimmed string will be dropped silently. To use this +segment as line number for reverse SSH feature, we need to modify the source +code of OpenSSH and put this segment to a environment variable +SSH_TARGET_CONSOLE_LINE, then we can insert a short script into /etc/bash.bashrc +and run command consutil connect $SSH_TARGET_CONSOLE_LINE to enter the +management session automatically after user login. +--- + session.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/session.c b/session.c +index 19f38637e..654371447 100644 +--- a/session.c ++++ b/session.c +@@ -1209,6 +1209,11 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) + child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", + original_command); + ++ /* Take advantage of authentication style field */ ++ if (s->authctxt->style) ++ child_set_env(&env, &envsize, "SSH_TARGET_CONSOLE_LINE", ++ s->authctxt->style); ++ + if (debug_flag) { + /* dump the environment */ + fprintf(stderr, "Environment:\n"); +-- +2.25.1 + diff --git a/src/openssh/patch/series b/src/openssh/patch/series new file mode 100644 index 000000000000..a645ad25833f --- /dev/null +++ b/src/openssh/patch/series @@ -0,0 +1 @@ +0001-Put-style-as-line-number-to-ssh-session-environment-.patch