mirror/openwrt
1
0
Fork 1
mirror of https://git.openwrt.org/openwrt/openwrt.git synced 2025-12-10 08:44:39 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

dropbear: enable configurable port forwarding options
Some checks are pending
Build Kernel / Build all affected Kernels (push) Waiting to run
Details
Build all core packages / Build all core packages for selected target (push) Waiting to run
Details

Browse source 
Currently its only possible to disable port forwarding only for specific
keys, via the OpenSSH-style restriction in `authorized_keys` file.

In some use cases it might be feasible to disable such features globally
on service level, so lets add new LocalPortForward and RemotePortForward
config knobs.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Link: https://github.com/openwrt/openwrt/pull/21071
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This commit is contained in:
Petr Štetiar 2025-12-06 18:34:37 +00:00 committed by Christian Marangi
parent ed5cefb037
commit 83f6177dbf
No known key found for this signature in database
GPG key ID: AC001D09ADBFEAD7
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
package/network/services/dropbear/files/dropbear.config
View file

@ -5,3 +5,5 @@ config dropbear main
option RootPasswordAuth 'on' option RootPasswordAuth 'on'
option Port '22' option Port '22'
# option BannerFile '/etc/banner' # option BannerFile '/etc/banner'
# option LocalPortForward 'off'
# option RemotePortForward 'off'

4
package/network/services/dropbear/files/dropbear.init
View file

@ -178,6 +178,8 @@ validate_section_dropbear()
'IdleTimeout:uinteger:0' \ 'IdleTimeout:uinteger:0' \
'MaxAuthTries:uinteger:3' \ 'MaxAuthTries:uinteger:3' \
'RecvWindowSize:uinteger:0' \ 'RecvWindowSize:uinteger:0' \
'LocalPortForward:bool:1' \
'RemotePortForward:bool:1' \
'mdns:bool:1' 'mdns:bool:1'
} }
@ -317,6 +319,8 @@ dropbear_instance()
fi fi
[ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
[ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a
[ "${LocalPortForward}" -eq 0 ] && procd_append_param command -j
[ "${RemotePortForward}" -eq 0 ] && procd_append_param command -k
[ -n "${ForceCommand}" ] && procd_append_param command -c "${ForceCommand}" [ -n "${ForceCommand}" ] && procd_append_param command -c "${ForceCommand}"
[ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
[ "${RootLogin}" -eq 0 ] && procd_append_param command -w [ "${RootLogin}" -eq 0 ] && procd_append_param command -w