plutosdr-fw icon indicating copy to clipboard operation
plutosdr-fw copied to clipboard

Published 20 hours ago verified publisher icon analogdevicesinc

Hit & Miss - device_persistent_keys

Open ea7kir opened this issue 3 years ago • 4 comments
trafficstars

Maybe because I have a Pluto Revision D, but getting persistent keys working appears to be broken. After many many installs of either v0.32 or v0.34 via drag & drop or DFU, I've only seen a password being saved twice. Even on those 2 occasions device_persistent_keys returned immediately without printing a response.

ea7kir avatar Jul 09 '22 10:07 ea7kir

Can you check these files exist and that the md5sum match?

# cd /mnt/jffs2/etc/dropbear/
# ls
dropbear_ecdsa_host_key  keys.md5
# cat keys.md5 
13d398d305024806ccb75470b00b3efb  dropbear_ecdsa_host_key
# md5sum dropbear_ecdsa_host_key 
13d398d305024806ccb75470b00b3efb  dropbear_ecdsa_host_key
#

mhennerich avatar Jul 11 '22 06:07 mhennerich

I had the same problem. The cause is the following:

  • the stock firmware ships with /etc/dropbear/dropbear_rsa_host_key
  • /usr/sbin/device_persistent_keys generates /etc/dropbear/dropbear_ecdsa_host_key, so there are now two keys in /etc
  • it then does this in line 13: md5sum dropbear* /etc/dropbear/ 2>/dev/null > /mnt/jffs2/etc/dropbear/keys.md5
  • so now the keys.md5 file contains entries for both keys
  • however, in line 11 it only copied install -D ${KEYFILE} -t /mnt/jffs2/etc/dropbear
  • so now keys.md5 contains an entry for a file that isn't there
  • this leads to the MD5 check failing in/etc/init.d/S21misc
# cd /mnt/jffs2/etc/dropbear/
# ls
dropbear_ecdsa_host_key  keys.md5
# cat keys.md5
ac63201202b9e78fcc43170a32bce0fa  dropbear_ecdsa_host_key
656c2fd8f5e0b41a4897d6e8ee2943a3  dropbear_rsa_host_key
# md5sum -c keys.md5
dropbear_ecdsa_host_key: OK
md5sum: can't open 'dropbear_rsa_host_key': No such file or directory
dropbear_rsa_host_key: FAILED
md5sum: WARNING: 1 of 2 computed checksums did NOT match

To fix this, I think either both files should be copied to /mnt/jffs2/etc/dropbear or, if the RSA key is obsolete, it should be deleted by the script before generating the MD5 file.

As a workaround for the user, you can do this to fix it:

# cd /mnt/jffs2/etc/dropbear/
# cp /etc/dropbear/dropbear_rsa_host_key .
# md5sum dropbear_* > keys.md5
# md5sum -c keys.md5
dropbear_ecdsa_host_key: OK
dropbear_rsa_host_key: OK

Another report for the same issue, I can't reply there due to not having an account: https://ez.analog.com/adieducation/university-program/f/q-a/541846/pluto-sdr-persistent-ssh-keys-command-failing-on-fimrware-0-32

fpw avatar Jul 13 '22 08:07 fpw

Thanks for pointing out. Good catch! I have updated the EZ thread.

The RSA key is not included in the firmware. However dropbear is likely generating it while being started. Let's copy all files and compute the md5.

mhennerich avatar Jul 13 '22 09:07 mhennerich

FYI: https://github.com/analogdevicesinc/buildroot/pull/68

mhennerich avatar Jul 13 '22 12:07 mhennerich