There are potential security issues from using pre-generated host keys. We made the recipe available for autobuilder testing purposes but concerns remain about how easily this could end up in production.
I thought we'd already done this, but limit the recipe to qemu* machines, which means any real hardware trying to use it will need to be a bit more explicit about it and specifically enable it. Signed-off-by: Richard Purdie <[email protected]> --- .../ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb index ede18a00317..4a62ddacd5f 100644 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb @@ -8,6 +8,8 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda INHIBIT_DEFAULT_DEPS = "1" +COMPATIBLE_MACHINE = "^qemu.*$" + do_install () { install -d ${D}${sysconfdir}/dropbear install ${UNPACKDIR}/dropbear_rsa_host_key -m 0600 ${D}${sysconfdir}/dropbear/ @@ -16,4 +18,4 @@ do_install () { install ${UNPACKDIR}/openssh/* ${D}${sysconfdir}/ssh/ chmod 0600 ${D}${sysconfdir}/ssh/* chmod 0644 ${D}${sysconfdir}/ssh/*.pub -} \ No newline at end of file +} -- 2.40.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#199145): https://lists.openembedded.org/g/openembedded-core/message/199145 Mute This Topic: https://lists.openembedded.org/mt/105999232/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
