openwrt-mirror/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-12-22 01:44:32 +04:00
Code Issues Packages Projects Releases Wiki Activity

openssh: add FIDO U2F and FIDO2 hardware token support

Browse Source 
Add openssh-sk-helper package containing ssh-sk-helper.

The helper can be used by openssh-client, openssh-sftp-client,
and openssh-keygen to access `ecdsa_sk` and `ed25519_sk keys
provided by a FIDO U2F or FIDO2 hardware token connected over USB.

Close #24509

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
This commit is contained in:
Mikael Magnusson
2025-03-26 18:57:52 +01:00
committed by Tianling Shen
parent 0a3ef8cbf4
commit 2bd00ef789
1 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
net/openssh/Makefile
View File

@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openssh PKG_NAME:=openssh
PKG_REALVERSION:=9.9p2 PKG_REALVERSION:=9.9p2
PKG_VERSION:=9.9_p2 PKG_VERSION:=9.9_p2
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_REALVERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_REALVERSION).tar.gz
PKG_SOURCE_URL:=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ PKG_SOURCE_URL:=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
@@ -159,6 +159,18 @@ define Package/openssh-sftp-avahi-service/conffiles
/etc/avahi/services/sftp-ssh.service /etc/avahi/services/sftp-ssh.service
endef endef
define Package/openssh-sk-helper
$(call Package/openssh/Default)
DEPENDS+= +libopenssl +zlib +libfido2
TITLE+= helper for FIDO U2F and FIDO2 hardware token support
endef
define Package/openssh-sk-helper/description
OpenSSH helper that can be used by openssh-client, openssh-sftp-client,
and openssh-keygen to access `ecdsa_sk` and `ed25519_sk keys
provided by a FIDO U2F or FIDO2 hardware token over USB.
endef
CONFIGURE_ARGS += \ CONFIGURE_ARGS += \
--sysconfdir=/etc/ssh \ --sysconfdir=/etc/ssh \
--with-privsep-user=sshd \ --with-privsep-user=sshd \
@@ -174,6 +186,7 @@ CONFIGURE_ARGS += \
--without-kerberos5 \ --without-kerberos5 \
--with-stackprotect \ --with-stackprotect \
--with$(if $(CONFIG_OPENSSL_ENGINE),,out)-ssl-engine \ --with$(if $(CONFIG_OPENSSL_ENGINE),,out)-ssl-engine \
--with$(if $(CONFIG_PACKAGE_openssh-sk-helper),,out)-security-key-builtin \
--with-cflags-after=-fzero-call-used-regs=skip --with-cflags-after=-fzero-call-used-regs=skip
ifeq ($(BUILD_VARIANT),with-pam) ifeq ($(BUILD_VARIANT),with-pam)
@@ -220,6 +233,11 @@ define Package/openssh-keygen/install
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ssh-keygen $(1)/usr/libexec/ssh-keygen-openssh $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ssh-keygen $(1)/usr/libexec/ssh-keygen-openssh
endef endef
define Package/openssh-sk-helper/install
$(INSTALL_DIR) $(1)/usr/lib
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ssh-sk-helper $(1)/usr/lib/
endef
define Package/openssh-server/install define Package/openssh-server/install
install -d -m0700 $(1)/etc/ssh $(1)/etc/ssh/sshd_config.d install -d -m0700 $(1)/etc/ssh $(1)/etc/ssh/sshd_config.d
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/sshd_config $(1)/etc/ssh/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/sshd_config $(1)/etc/ssh/
@@ -265,6 +283,7 @@ $(eval $(call BuildPackage,openssh-client))
$(eval $(call BuildPackage,openssh-moduli)) $(eval $(call BuildPackage,openssh-moduli))
$(eval $(call BuildPackage,openssh-client-utils)) $(eval $(call BuildPackage,openssh-client-utils))
$(eval $(call BuildPackage,openssh-keygen)) $(eval $(call BuildPackage,openssh-keygen))
$(eval $(call BuildPackage,openssh-sk-helper))
$(eval $(call BuildPackage,openssh-server)) $(eval $(call BuildPackage,openssh-server))
$(eval $(call BuildPackage,openssh-server-pam)) $(eval $(call BuildPackage,openssh-server-pam))
$(eval $(call BuildPackage,openssh-sftp-client)) $(eval $(call BuildPackage,openssh-sftp-client))