From 26dbcdbd917e4f22fb400153da0d3e7255c8e646 Mon Sep 17 00:00:00 2001 From: Zev Weiss Date: Fri, 10 Sep 2021 18:22:41 -0500 Subject: dropbear: use OpenSSH's sftp-server OpenSSH recently switched their scp client to default to using the sftp protocol instead of the legacy scp protocol [0]. There's still an opt-in flag (-O) available to switch it back, but it'd be nicer to not require it, and avoid the (sometimes problematic, security-wise) escaping/interpretation quirks of the scp protocol. (This also allows using other file-transfer clients like sftp and sshfs.) We're already compiling dropbear with sftp support anyway, it's just missing the sftp-server binary. Tested: in an e3c246d4i build, this increased the squashfs image size by 48KiB, or about 0.25%. With it installed, an OpenSSH scp binary compiled from current upstream HEAD (commit b0ec59a708b4) could successfully transfer files to and from the BMC both with and without the '-O' flag. [0] https://lists.mindrot.org/pipermail/openssh-unix-dev/2021-September/039616.html Signed-off-by: Zev Weiss Change-Id: I533046cfc85f90307c188ad42ca5c2cedeadfab4 --- meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend b/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend index 731f2013d..5113c66bb 100644 --- a/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend +++ b/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend @@ -6,3 +6,7 @@ SRC_URI += "file://dropbearkey.service \ file://localoptions.h \ file://dropbear.default \ " + +# pull in OpenSSH's /usr/libexec/sftp-server so we don't have to rely +# on the crufty old scp protocol for file transfer +RDEPENDS:${PN} += "openssh-sftp-server" -- cgit v1.2.3