Adding Dropbear SSHd
--------------------

* Download Dropbear latest version

* unzip/untar and move directory to release/src/router/dropbear

* have a parallel dropbear build directory so that yoo can build it for the current platform (e.g i386).
This is needed in order to have the key generation utils which will be used to generate the server keys.
Server keys must have been generated prior to the f/w image creation, because they'll be included in the f/w
Do the following in this directory:
./configure
make
./dropbearkey -t rsa -f dropbear_rsa_host_key
./dropbearkey -t dss -f dropbear_dss_host_key

* cd release/src/router/dropbear
export CC=mipsel-uclibc-gcc
./configure --host=mipsel-unknown-linux-gnu --disable-zlib
cp /opt/brcm/hndtools-mipsel-uclibc/lib/libutil.so.0 .

* copy the server keys here...
cp <i386_dropbear_build_dir>/dropbear_rsa_host_key .
cp <i386_dropbear_build_dir>/dropbear_dss_host_key .

* cd back to release/src/router directory
cd ..

* edit config/Config
add the following record:
	config CONFIG_DROPBEAR
		bool "Dropbear SSHd"
		default y
		help
		Dropbear v0.43

* edit Makefile
Add the following line in the "Configuration" section
	obj-$(CONFIG_DROPBEAR) += dropbear

Add the following in the "overrides" section:
	dropbear:
		$(MAKE) -C dropbear

	dropbear-install:
		install -d -m 755 $(INSTALLDIR)/dropbear/lib
		install -d -m 755 $(INSTALLDIR)/dropbear/etc
		install -d -m 755 $(INSTALLDIR)/dropbear/etc/dropbear

		install -m 755  dropbear/dropbear $(INSTALLDIR)/dropbear/usr/sbin
		install -m 400 dropbear/dropbear_rsa_host_key $(INSTALLDIR)/dropbear/etc/dropbear
		install -m 400 dropbear/dropbear_dss_host_key $(INSTALLDIR)/dropbear/etc/dropbear
		#copy libutil.so.0 to the router/dropbear directory before building the fw
		install -m 755 dropbear/libutil.so.0 $(INSTALLDIR)/dropbear/lib/

		ln -s /tmp/shadow $(INSTALLDIR)/dropbear/etc/shadow
		ln -s /tmp/passwd $(INSTALLDIR)/dropbear/etc/passwd
		ln -s /tmp/group $(INSTALLDIR)/dropbear/etc/group

* In order for dropbear sshd to init on router startup, the following function must be put inside router/rc/services.c
int
start_dropbear(void)
{
        int ret = 0;

	//read passwd, shadow, group file contents from nvram
	//if nvram vars are not ste then restore defaults (usr: root, pass: root)
	char *passwd;
	passwd = nvram_safe_get("passwd");
	if (!strlen(passwd)) {
		nvram_set("passwd", "root:x:0:0:root:/tmp:/bin/sh");
		nvram_commit();
		passwd = nvram_safe_get("passwd");
	}

	char *shadow;
	shadow = nvram_safe_get("shadow");
	if (!strlen(shadow)) {
		nvram_set("shadow", "root:$1$EY7zeAhN$TtFD2kKzQf//ncVlSuwNA.:12753:0:99999:7:::");
		nvram_commit();
		shadow = nvram_safe_get("shadow");
	}

	char *group;
	group = nvram_safe_get("group");
	if (!strlen(group)) {
		nvram_set("group", "root:x:0:");
		nvram_commit();
		group = nvram_safe_get("group");
	}

	// these /tmp/... files are symlinked to /ect/...
	//write contents to /tmp/ files
	FILE* fp = fopen("/tmp/passwd", "w");
	fprintf(fp, "%s\n", passwd);
	fclose(fp);
	chmod("/tmp/passwd", 0400);

	fp = fopen("/tmp/shadow", "w");
	fprintf(fp, "%s\n", shadow);
	fclose(fp);
	chmod("/tmp/shadow", 0400);

	fp = fopen("/tmp/group", "w");
	fprintf(fp, "%s\n", group);
	fclose(fp);
	chmod("/tmp/group", 0400);

	//start dropbear
	ret = eval("/usr/sbin/dropbear");

        dprintf("done\n");
        return ret;
}

Afterwards, the following line must be placed inside start_services() function:
start_dropbear();
start_services() is a function that is called on router startup and is responsible for starting some services, as its name implies.
Also, one has to add the following function declaration inside router/rc/rc.h:
extern int start_dropbear();

The above routine reads the contents of /etc/passwd, /etc/shadow and /etc/groups from the corresponding nvram variables (Obviously, these files have to be created before the f/w installation on another pc) and starts dropbear. These files are symlinks to /tmp files which are constructed on router startup.
Default values are hardcoded in the fw code. These values are:
username: root
passwd: root
It is a good practice to replace these values the first time one operates the rooter. This can be done as follows:
- Construst the group, shadow and etc files on another pc.
- ssh the router using the default user/passwd pair
- set the new nvram values for the above files. For example:
# nvram set passwd='root:x:0:0:root:/tmp:/bin/sh'
# nvram commit
# nvram set shadow='root:$1$EY7zeAhN$TtFD2kKzQf//ncVlSuwNA.:12753:0:99999:7:::'
# nvram commit
# nvram set group='root:x:0:'
# nvram commit
- Restart the router for the new values to take effect. Upon restart, the router will read these nvram nariables and construct the correspondent /tmp/... files, which are symlinked by the correspondent /etc/files that are read by the dropbear server.

- Sample /etc/passwd file:
root:x:0:0:root:/tmp:/bin/sh
pfrag:x:501:501:pfrag:/tmp:/bin/sh

- Sample /etc/group file:
root:x:0:
pfrag:x:501:


* edit release/src/cy_conf.h
Add the following:
	#define DROPBEAR_SUPPORT	1
	#define CONFIG_DROPBEAR	y

* edit release/src/cy_conf.mak
Add the following:
	DROPBEAR_SUPPORT=1
	CONFIG_DROPBEAR=y