Minor dropbear tweaks (#4077)

* Tweak dropbear plugin a bit
Create hostkeys on demand
Make platform-specific stuff only run on the affected platform.

base

@@ -1 +1 @@
-Subproject commit 11e042e56bbb070cbce6fa3dacf3e80d1456bed6
+Subproject commit 3b2706a0db4133a90027e49bd994bec74919882c

plugins/SSH.koplugin/main.lua

@@ -9,9 +9,9 @@ local util = require("util")
 local _ = require("gettext")
 local T = require("ffi/util").template
 
--- This plugin use a patched dropbear that add two things :
+-- This plugin uses a patched dropbear that adds two things:
--- the -n option to allow login without password
+-- the -n option to bypass password checks
--- read the keyfile from the relative path: settings/SSH/authorized_keys
+-- reads the authorized_keys file from the relative path: settings/SSH/authorized_keys
 
 local path = DataStorage:getFullDataDir()
 if not util.pathExists("dropbearmulti") then
@@ -32,13 +32,16 @@ end
 function SSH:start()
     local cmd = string.format("%s %s %s %s%s %s %s %s",
         "./dropbearmulti dropbear",
-        "-E", "-r ", path, "/settings/SSH/dropbear_rsa_host_key",
+        "-E",
+        "-R",
         "-p", self.SSH_port,
         "-P /tmp/dropbear_koreader.pid")
      if self.allow_no_password then
         cmd = string.format("%s %s", cmd, "-n")
     end
-    if os.execute("command -v iptables") then
+
+    -- Make a hole in the Kindle's firewall
+    if Device:isKindle() then
         os.execute(string.format("%s %s %s",
             "iptables -A INPUT -p tcp --dport", self.SSH_port,
             "-m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT"))
@@ -47,17 +50,17 @@ function SSH:start()
             "-m conntrack --ctstate ESTABLISHED -j ACCEPT"))
     end
     -- An SSH/telnet server of course needs to be able to manipulate pseudoterminals...
-    -- Some Kobo don't have this, so we check it on every platfrom, it can't hurt.
+    -- Kobo's init scripts fail to set this up...
-    os.execute([[if [ ! -d "/dev/pts" ] ; then
+    if Device:isKobo() then
-        mkdir -p /dev/pts
+        os.execute([[if [ ! -d "/dev/pts" ] ; then
-        mount -t devpts devpts /dev/pts
+            mkdir -p /dev/pts
-        fi]])
+            mount -t devpts devpts /dev/pts
+            fi]])
+    end
+
     if not util.pathExists(path.."/settings/SSH/") then
         os.execute("mkdir "..path.."/settings/SSH")
     end
-    if not util.pathExists(path.."/settings/SSH/dropbear_rsa_host_key") then
-        os.execute("./dropbearmulti dropbearkey -t rsa -f "..path.."/settings/SSH/dropbear_rsa_host_key")
-    end
     logger.dbg("[Network] Launching SSH server : ", cmd)
     if os.execute(cmd) == 0 then
         local info = InfoMessage:new{
@@ -82,6 +85,16 @@ end
 
 function SSH:stop()
     os.execute("cat /tmp/dropbear_koreader.pid | xargs kill")
+
+    -- Plug the hole in the Kindle's firewall
+    if Device:isKindle() then
+        os.execute(string.format("%s %s %s",
+            "iptables -D INPUT -p tcp --dport", self.SSH_port,
+            "-m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT"))
+        os.execute(string.format("%s %s %s",
+            "iptables -D OUTPUT -p tcp --sport", self.SSH_port,
+            "-m conntrack --ctstate ESTABLISHED -j ACCEPT"))
+    end
 end
 
 function SSH:show_port_dialog()