SSH management panel (EliasKotlyar#1692)

* SSH management panel - initial commit * Add ssh.conf.dist * Tweaks * Update firmware_mod/www/cgi-bin/ui_system.cgi Co-authored-by: fhl206 <[email protected]> * Add configure SSH pub key to web ui * Tweak wording * Change logic for SSH paasword Co-authored-by: fhl206 <[email protected]>
nx2i · Mar 7, 2021 · d79a153 · d79a153
1 parent fe18a97
commit d79a153
Show file tree

Hide file tree

Showing 5 changed files with 63 additions and 1 deletion.
diff --git a/firmware_mod/config/ssh.conf.dist b/firmware_mod/config/ssh.conf.dist
@@ -0,0 +1,2 @@
+ssh_port=22
+ssh_password=on
diff --git a/firmware_mod/run.sh b/firmware_mod/run.sh
@@ -198,9 +198,30 @@ else
 fi
 
 ## Start SSH Server:
+## Check for .ssh folder, create if not present
+if [ ! -d /system/sdcard/root/.ssh ]; then
+  mkdir /system/sdcard/root/.ssh
+  echo "Created .ssh directory" >> $LOGPATH
+fi
+
+if [ ! -f /root/.ssh/authorized_keys ]; then
+  touch /root/.ssh/authorized_keys
+  echo "Created authorized_keys file" >> $LOGPATH
+fi
+
+if [ ! -f $CONFIGPATH/ssh.conf ]; then
+  cp $CONFIGPATH/ssh.conf.dist $CONFIGPATH/ssh.conf
+fi
+
+chmod 600 -R /root/.ssh
+source $CONFIGPATH/ssh.conf
 ln -s /system/sdcard/bin/dropbearmulti /system/bin/scp
 touch /var/log/lastlog 2>/dev/null
-dropbear_status=$(/system/sdcard/bin/dropbearmulti dropbear -R)
+if [ "$ssh_password" = "off" ]; then
+  dropbear_status=$(/system/sdcard/bin/dropbearmulti dropbear -s -R -p $ssh_port)
+else
+  dropbear_status=$(/system/sdcard/bin/dropbearmulti dropbear -R -p $ssh_port)
+fi
 echo "dropbear: $dropbear_status" >> $LOGPATH
 
 ## Create a certificate for the webserver

diff --git a/firmware_mod/www/cgi-bin/ui_system.cgi b/firmware_mod/www/cgi-bin/ui_system.cgi
@@ -25,6 +25,9 @@ if [ -n "$F_cmd" ]; then
     echo "scan_interval#:#$(get_config /system/sdcard/config/wifi.conf scan_interval)"
     echo "ap_ssid#:#$(get_config /system/sdcard/config/hostapd.conf ssid)"
     echo "usb_eth#:#$([ -f /system/sdcard/config/usb_eth_driver.conf ] && echo on || echo off)"
+    echo "ssh_key#:#$(cat /system/sdcard/root/.ssh/authorized_keys)"
+    echo "ssh_port#:#$(get_config /system/sdcard/config/ssh.conf ssh_port)"
+    echo "ssh_password#:#$(get_config /system/sdcard/config/ssh.conf ssh_password)"
   ;;
   save_config)
 	if [ -n ${F_hostname} ]; then
@@ -78,6 +81,21 @@ if [ -n "$F_cmd" ]; then
 		echo "<p>Setting wifi password to: $wifi_password</p>"
 		wpa_config_set psk "\"$wifi_password\""
 	fi
+  if [ -n ${F_ssh_port} ]; then
+		ssh_port=$(printf '%b' "${F_ssh_port//%/\\x}")
+		echo "<p>Changing SSH port to: $ssh_port</p>"
+		rewrite_config /system/sdcard/config/ssh.conf ssh_port "$ssh_port"
+	fi
+  if [ -n ${F_ssh_password} ]; then
+		ssh_password=$(printf '%b' "${F_ssh_password//%/\\x}")
+		echo "<p>Changing SSH password to: $ssh_password</p>"
+		rewrite_config /system/sdcard/config/ssh.conf ssh_password "$ssh_password"
+	fi
+  if [ -n ${F_ssh_key} ]; then
+		ssh_key=$(printf '%b' "${F_ssh_key//%/\\x}" | sed 's/%20/ /g')
+		echo "<p>Changing SSH key to: $ssh_key</p>"
+		echo "$ssh_key" > /system/sdcard/root/.ssh/authorized_keys
+	fi
   if [ -n ${F_connect_timeout} ]; then
     F_connect_timeout=$(echo "$F_connect_timeout" | sed 's/+/ /g')
     connect_timeout=$(printf '%b' "${F_connect_timeout//%/\\x}")

diff --git a/firmware_mod/www/js/system.js b/firmware_mod/www/js/system.js
@@ -15,6 +15,9 @@ function saveConfig() {
                      connect_timeout: $('#connect_timeout').val(),
                      scan_interval: $('#scan_interval').val(),
                      usb_eth: $('#usb_eth').is(":checked") ? 'on' : 'off',
+                     ssh_port: $('#ssh_port').val(),
+                     ssh_key: $('#ssh_key').val().replace(/ /g,'%20'),
+                     ssh_password: $('#ssh_password').is(":checked") ? 'on' : 'off',
                      ntp: $('#ntp').val()};
 
     $.post("cgi-bin/ui_system.cgi",postData,function(result){
@@ -39,6 +42,8 @@ function getConfig() {
             $('#'+config_info[0]).html(config_info[1]);
          else if (config_info[0] === "usb_eth")
             $('#'+config_info[0]).prop('checked', config_info[1] === 'on');
+         else if (config_info[0] === "ssh_password")
+            $('#'+config_info[0]).prop('checked', config_info[1] === 'on');
          else
             $('#'+config_info[0]).attr("value",config_info[1]);
 

diff --git a/firmware_mod/www/system.html b/firmware_mod/www/system.html
@@ -15,6 +15,9 @@ <h1> System configuration</h1>
     <a href="javascript:void(0)" onclick="openTab(event, 'network');">
       <div class="w3-quarter tablink w3-bottombar w3-hover-light-grey w3-padding">Network</div>
     </a>
+    <a href="javascript:void(0)" onclick="openTab(event, 'ssh');">
+      <div class="w3-quarter tablink w3-bottombar w3-hover-light-grey w3-padding">SSH</div>
+    </a>
   </div>
 
   <div id="properties" class="w3-container tab">
@@ -66,6 +69,19 @@ <h1> System configuration</h1>
         <label for="usb_eth">Enable USB Ethernet (Disables Wifi)</label>
   </div>
 
+  <div id="ssh" class="w3-container tab" style="display:none">
+        <p></p>
+        <label>SSH Authorized Keys</label>
+        <input id="ssh_key" class="w3-input">
+        <br />
+        <label>SSH Port</label>
+        <input id="ssh_port" class="w3-input" type="number">
+        <br />
+        <input id="ssh_password" class="w3-check w3-theme" type="checkbox" checked="checked" />
+        <label for="ssh_password">Allow SSH password login? (restart required)</label>
+        <br />
+  </div>
+
   <p></p>
   <button class="w3-btn w3-theme">Save</button>
   <p></p>