Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

atlas-sw-probe: improve key creation #15488

Merged
merged 1 commit into from
Apr 23, 2021
Merged

atlas-sw-probe: improve key creation #15488

merged 1 commit into from
Apr 23, 2021

Conversation

Ansuel
Copy link
Member

@Ansuel Ansuel commented Apr 21, 2021

  • Exit start if a probe_key is not present
  • Add create_key command to generate a private_key based on the provided username in the atlas config.

@ja-pa

Signed-off-by: Ansuel Smith [email protected]

@Ansuel
Copy link
Member Author

Ansuel commented Apr 21, 2021

Some context...

I tested the package and it works good...

Problem is that i notice that if the atlas-probe script is run without a key, by adding one and restarting the probe won't register.
I need to remove the data dir in /tmp and restart to actually start the probe registration. I fixed this by simply not start when there isn't a key.

I added a create_key function to facilitate all the things...
I still need to test if the dropbearkey function generate a correct private key. It does generate a binary private key so i don't know if it does work with atlas-probe scripts.

Anyway i can confirm that this package works in 2 different router. (both r7800 running openwrt)

@Ansuel Ansuel force-pushed the improve-atlas branch 2 times, most recently from 04d1efb to 84e2e95 Compare April 21, 2021 02:38
@BKPepe
Copy link
Member

BKPepe commented Apr 21, 2021

Guys, don't forget to bump PKG_RELEASE.

@Ansuel Ansuel marked this pull request as draft April 21, 2021 18:26
@Ansuel
Copy link
Member Author

Ansuel commented Apr 21, 2021

I notice that the key is lost on sysupgrade... I'm testing my solution and I will add it to this pr

@Ansuel Ansuel marked this pull request as ready for review April 21, 2021 19:44
@Ansuel
Copy link
Member Author

Ansuel commented Apr 21, 2021

Ok I tested the changes... Now should be all correct. @ja-pa can you checkout the changes? What do you think about variable names? Any suggestions?

@Ansuel
Copy link
Member Author

Ansuel commented Apr 21, 2021

I notice that dropbear private key is not compatible... so I had to add the package dropbearconvert if dropbear is present (with openssl server, ssh-keygen should be available right?)

Anyway I tested now and the converted private key works correctly and the probe correctly registers.

@Ansuel
Copy link
Member Author

Ansuel commented Apr 22, 2021

@neheb i read some warning for the dropbearconvert bin... Do you think that can cause some security risk ?

@neheb
Copy link
Contributor

neheb commented Apr 22, 2021

What error?

@Ansuel
Copy link
Member Author

Ansuel commented Apr 22, 2021
edited
Loading 

All arguments must be specified
Usage: dropbearconvert <inputtype> <outputtype> <inputfile> <outputfile>

CAUTION: This program is for convenience only, and is not secure if used on
untrusted input files, ie it could allow arbitrary code execution.
All parameters must be specified in order.

The input and output types are one of:

Someone should be root to exec dropbearconvert soooo ?

@Ansuel
atlas-sw-probe: improve key creation
0afe371 
- Exit start if a probe_key is not present
- Add create_key command to generate a private_key based on the provided username in the atlas config.
- Add registration instruction in /etc/atlas
- Rework script to save probe_key on sysupgrade (the key are now adviced to be placed in the /etc/atlas dir and a link is used to make them accessible in the atlas-sw-scripts etc dir)

Signed-off-by: Ansuel Smith <[email protected]>
@ja-pa
Copy link
Contributor

ja-pa commented Apr 23, 2021

LGTM. Thanks !

BKPepe
BKPepe reviewed Apr 23, 2021
View reviewed changes
net/atlas-sw-probe/files/atlas.readme
@@ -0,0 +1,12 @@
# Atlas probe setup instruction
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am wondering if we want to ship this file together with the file as it seems we are supplying documentation. Well, there should be, I know, but in my view, I can copy&paste the documentation which I wrote together with @ja-pa and move it to OpenWrt's documentation.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

However, we can solve it later. Let's dont delay merging this. :-)

@BKPepe BKPepe merged commit 2f498b6 into openwrt:master Apr 23, 2021
@kempniu kempniu mentioned this pull request Jul 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@neheb neheb neheb left review comments

@BKPepe BKPepe BKPepe left review comments

@ja-pa ja-pa ja-pa left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Ansuel @BKPepe @neheb @ja-pa