Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[openssh] Introduce custom openssh-server package for supporting reverse console SSH #5717

Merged
merged 10 commits into from
Nov 2, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions files/build_templates/sonic_debian_extension.j2
Original file line number Diff line number Diff line change
Expand Up @@ -263,6 +263,9 @@ sudo chmod 600 $FILESYSTEM_ROOT/etc/monit/conf.d/*
sudo cp $IMAGE_CONFIGS/monit/process_checker $FILESYSTEM_ROOT/usr/bin/
sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/process_checker

# Install custom-built openssh sshd
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_*.deb

# Copy crontabs
sudo cp -f $IMAGE_CONFIGS/cron.d/* $FILESYSTEM_ROOT/etc/cron.d/

Expand Down
8 changes: 8 additions & 0 deletions rules/openssh.dep
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
SPATH := $($(OPENSSH_SERVER)_SRC_PATH)
Blueve marked this conversation as resolved.
Show resolved Hide resolved
DEP_FILES := $(SONIC_COMMON_FILES_LIST) rules/openssh.mk rules/openssh.dep
DEP_FILES += $(SONIC_COMMON_BASE_FILES_LIST)
DEP_FILES += $(shell git ls-files $(SPATH))

$(OPENSSH_SERVER)_CACHE_MODE := GIT_CONTENT_SHA
$(OPENSSH_SERVER)_DEP_FLAGS := $(SONIC_COMMON_FLAGS_LIST)
$(OPENSSH_SERVER)_DEP_FILES := $(DEP_FILES)
14 changes: 14 additions & 0 deletions rules/openssh.mk
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# openssh package

OPENSSH_VERSION = 7.9p1-10+deb10u2

export OPENSSH_VERSION

OPENSSH_SERVER = openssh-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
$(OPENSSH_SERVER)_SRC_PATH = $(SRC_PATH)/openssh
SONIC_MAKE_DEBS += $(OPENSSH_SERVER)

# The .c, .cpp, .h & .hpp files under src/{$DBG_SRC_ARCHIVE list}
# are archived into debug one image to facilitate debugging.
#
DBG_SRC_ARCHIVE += openssh
1 change: 1 addition & 0 deletions slave.mk
Original file line number Diff line number Diff line change
Expand Up @@ -802,6 +802,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
$(LIBPAM_TACPLUS) \
$(LIBNSS_TACPLUS) \
$(MONIT) \
$(OPENSSH_SERVER) \
$(PYTHON_SWSSCOMMON) \
$(PYTHON3_SWSSCOMMON) \
$(SONIC_UTILITIES_DATA) \
Expand Down
28 changes: 28 additions & 0 deletions src/openssh/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
.ONESHELL:
SHELL = /bin/bash
.SHELLFLAGS += -e

MAIN_TARGET = openssh-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
DERIVED_TARGETS = openssh-server-dbgsym_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb

$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
# Obtain openssh: https://salsa.debian.org/ssh-team/openssh/-/tree/debian/1%257.9p1-10+deb10u2
rm -rf ./openssh-server
git clone https://salsa.debian.org/ssh-team/openssh.git openssh-server
pushd ./openssh-server

# Check out tag: debian/1%7.9p1-10+deb10u2
git checkout -b openssh-src -f 6d9ca74c48d9911342c6ca5aaac8a25974fa2619
Blueve marked this conversation as resolved.
Show resolved Hide resolved

# Apply patch series
stg init
stg import -s ../patch/series

# Build package
sudo apt-get -y build-dep openssh
dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)
popd

mv $(DERIVED_TARGETS) $* $(DEST)/

$(addprefix $(DEST)/, $(DERIVED_TARGETS)): $(DEST)/% : $(DEST)/$(MAIN_TARGET)
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
From 6e8cca780dab4680292192058b90a4a28f35d4ab Mon Sep 17 00:00:00 2001
From: Blueve <[email protected]>
Date: Mon, 26 Oct 2020 06:44:59 +0000
Subject: [PATCH 1/1] Put style as line number to ssh session environment
variable

Blueve marked this conversation as resolved.
Show resolved Hide resolved
By default, the content between : and @ will be trimmed by sshd before it do
authentication and the trimmed string will be dropped silently. To use this
segment as line number for reverse SSH feature, we need to modify the source
code of OpenSSH and put this segment to a environment variable
SSH_TARGET_CONSOLE_LINE, then we can insert a short script into /etc/bash.bashrc
and run command consutil connect $SSH_TARGET_CONSOLE_LINE to enter the
management session automatically after user login.
---
session.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/session.c b/session.c
index 19f38637e..654371447 100644
--- a/session.c
+++ b/session.c
@@ -1209,6 +1209,11 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
original_command);

+ /* Take advantage of authentication style field */
+ if (s->authctxt->style)
+ child_set_env(&env, &envsize, "SSH_TARGET_CONSOLE_LINE",
+ s->authctxt->style);
+
if (debug_flag) {
/* dump the environment */
fprintf(stderr, "Environment:\n");
--
2.25.1

1 change: 1 addition & 0 deletions src/openssh/patch/series
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
0001-Put-style-as-line-number-to-ssh-session-environment-.patch