axhttpd need reconfiguration via "make menuconfig" in order to enable external key-files.
Uncheck "SSL Library->Enable default key"
And set "SSL Library->Private key file location" to "/etc/axhttpd.key"
Also set "SSL Library->Generate X.509 Certificate->X.509 Common Name" to "OggStreamer"
this config will let the axhttpd use the /etc/axhttpd.key File and generate the Certificate on startup.
the key-file is not generated on the OggStreamer - so on the (Linux-)PC issue the following commands:
generate the private key (a 1024 bit key is used in this example)
openssl genrsa -out my_private_key.pem 1024
convert the private key into DER format
openssl rsa -in ./my_private_key.pem -out ./my_private_key -outform DER
and transfer my_private_key to /etc/axhttpd.key (on the OggStreamer)
dropbear - the Lantronix 18.104.22.168 SDK is using dropbear 0.52 - which has a vulnarability when using a public key (authorized_keys file) for user authentification - We don't use this feature - but OggStreamer-Users should be aware of this issue - using a newer dropbear-2013.59 with the Lantronix SDK was straight forward (same issues within scp.c #ifdef HAVE_CYGWIN setmode(O_BINARY) - which has to be commented out) - but dropbear-2013.59 shows aweful long connection setup times so we stick to dropbear 0.52 at the moment.
to regenerate the host_key_files - one has to consider that we are using AUFS so we first need to generate the directory /mnt/flash/etc/dropbear - before we can replace/overlay the files on the romfs (/etc/dropbear)
mkdir /mnt/flash/etc/dropbear cd /mnt/flash/etc/dropbear dropbearkey -t dss -f dropbear_dss_host_key dropbearkey -t rsa -f dropbear_rsa_host_key /sbin/reboot
note that this takes some minutes (espacially generating dss takes a while)
Log in to post a comment.