Latest commit 6f6ef48 Sep 7, 2018
Permalink
Failed to load latest commit information.
debian bump debian changelog Feb 27, 2018
libtomcrypt Attempt to fix m_free for libtomcrypt/libtommath Mar 1, 2018
libtommath Don't read uninitialised value. Mar 5, 2018
.gitignore ignore default_options_guard.h Feb 26, 2018
.hgignore fuzz harness May 13, 2017
.hgsigs Added signature for changeset 2f0c3f3361d3 Feb 27, 2018
.hgtags Added tag DROPBEAR_2018.76 for changeset 1c66ca4f3791 Feb 27, 2018
.travis.yml travis fuzz build clang++ Mar 4, 2018
CHANGES mention localoptions.h being build directory, fix underscore in CHANGES Mar 1, 2018
FUZZER-NOTES.md fix some links Mar 5, 2018
INSTALL mention localoptions.h being build directory, fix underscore in CHANGES Mar 1, 2018
LICENSE Fix no-writev fallback May 2, 2015
MULTI - Fix "inst_scp" target since there isn't a manpage Oct 9, 2013
Makefile.in fix some links Mar 5, 2018
README remove references to TODO Feb 26, 2018
SMALL 0.44 release changes Jan 2, 2005
agentfwd.h Pointer parameter could be declared as pointing to const Aug 19, 2017
algo.h Pointer parameter could be declared as pointing to const Aug 19, 2017
atomicio.c upgrade atomicio Nov 15, 2016
atomicio.h upgrade atomicio Nov 15, 2016
auth.h Wait to fail invalid usernames Aug 23, 2018
bignum.c add m_mp_free_multi, be more careful freeing when failing to load keys May 26, 2017
bignum.h add m_mp_free_multi, be more careful freeing when failing to load keys May 26, 2017
buffer.c merge from main Feb 17, 2018
buffer.h Pointer parameter could be declared as pointing to const Aug 19, 2017
channel.h more linting (#55) Feb 17, 2018
chansession.h make signal flags volatile, simplify handling Feb 14, 2018
circbuffer.c Pointer parameter could be declared as pointing to const Aug 19, 2017
circbuffer.h Pointer parameter could be declared as pointing to const Aug 19, 2017
cli-agentfwd.c Pointer parameter could be declared as pointing to const Aug 19, 2017
cli-auth.c rename some options and move some to sysoptions.h Feb 17, 2018
cli-authinteract.c Convert #ifdef to #if, other build changes May 4, 2016
cli-authpasswd.c Convert #ifdef to #if, other build changes May 4, 2016
cli-authpubkey.c Pointer parameter could be declared as pointing to const Aug 19, 2017
cli-channel.c Rearranged some more bits, marked some areas that need work. Oct 2, 2006
cli-chansession.c Pointer parameter could be declared as pointing to const (callback) Aug 19, 2017
cli-kex.c Pointer parameter could be declared as pointing to const Aug 19, 2017
cli-main.c Add dbclient '-J &fd' option for a file descriptor Feb 18, 2018
cli-runopts.c options: Complete the transition to numeric toggles (`#if') Feb 16, 2018
cli-session.c more linting (#58) Feb 26, 2018
cli-tcpfwd.c FIx remote forward listeners Sep 7, 2018
common-algo.c add curve25519-sha256 without @libssh.org Feb 20, 2018
common-channel.c Pointer parameter could be declared as pointing to const Aug 19, 2017
common-chansession.c Chantype handling is sorted Jun 2, 2004
common-kex.c avoid leak of ecdh public key Mar 8, 2018
common-runopts.c Convert #ifdef to #if, other build changes May 4, 2016
common-session.c workaround memory sanitizer FD_ZERO false positives Mar 6, 2018
compat.c Merge pull request #31 from bengardner/PATH_DEVNULL Jun 2, 2017
compat.h fix empty C prototypes Mar 16, 2016
config.guess another new config.guess 2013-06-10 Nov 14, 2013
config.sub Update to 2013-10-01 Dec 3, 2013
configure.ac set up CXX for fuzzing build Mar 4, 2018
crypto_desc.c Convert #ifdef to #if, other build changes May 4, 2016
crypto_desc.h fix empty C prototypes Mar 16, 2016
curve25519-donna.c Update curve25519-donna to f7837adf95a2c2dcc36233cb02a1fb34081c0c4a Jun 24, 2017
dbclient.1 Add dbclient '-J &fd' option for a file descriptor Feb 18, 2018
dbhelpers.c some linting after fuzz merge (#60) Mar 3, 2018
dbhelpers.h include config.h for options.h. don't need to include options.h when Feb 18, 2018
dbmalloc.c Only use malloc wrapper if fuzzing Mar 1, 2018
dbmalloc.h Attempt to fix m_free for libtomcrypt/libtommath Mar 1, 2018
dbmulti.c allow specifying dropbearmulti command as an argument Mar 10, 2016
dbrandom.c workaround memory sanitizer FD_ZERO false positives Mar 6, 2018
dbrandom.h Pointer parameter could be declared as pointing to const Aug 19, 2017
dbutil.c some linting after fuzz merge (#60) Mar 3, 2018
dbutil.h workaround memory sanitizer FD_ZERO false positives Mar 6, 2018
debug.h merge from main Feb 17, 2018
default_options.h mention localoptions.h being build directory, fix underscore in CHANGES Mar 1, 2018
dh_groups.c Fix whitespace missed in merge Mar 18, 2016
dh_groups.h Get rid of group15, move group16 to sha512. Mar 12, 2016
dropbear.8 clarify that -r skips default hostkeys Feb 22, 2018
dropbearconvert.1 Fix minor manpage formatting issues Nov 25, 2015
dropbearconvert.c Convert #ifdef to #if, other build changes May 4, 2016
dropbearkey.1 Fix minor manpage formatting issues Nov 25, 2015
dropbearkey.c fix format Aug 12, 2017
dss.c merge from main Feb 17, 2018
dss.h Pointer parameter could be declared as pointing to const Aug 19, 2017
ecc.c include config.h for options.h. don't need to include options.h when Feb 18, 2018
ecc.h include config.h for options.h. don't need to include options.h when Feb 18, 2018
ecdsa.c include config.h for options.h. don't need to include options.h when Feb 18, 2018
ecdsa.h It turns out you can't have a single-quote in an #error Mar 8, 2018
fake-rfc2553.c - Update fake-rfc2553.{c,h} from OpenSSH 5.5p1 Jul 21, 2010
fake-rfc2553.h DROPBEAR_ prefix for include guards to avoid collisions Feb 24, 2015
filelist.txt filelist.txt Aug 14, 2004
fuzz-common.c Add kexdh and kexecdh fuzzers Mar 5, 2018
fuzz-harness.c Disable wrapfds outside of fuzzed code Mar 8, 2018
fuzz-hostkeys.c fuzz harness May 13, 2017
fuzz-wrapfd.c workaround memory sanitizer FD_ZERO false positives Mar 6, 2018
fuzz-wrapfd.h some linting after fuzz merge (#60) Mar 3, 2018
fuzz.h Add kexdh and kexecdh fuzzers Mar 5, 2018
fuzzer-kexdh.c Fix leaks in kex fuzzers Mar 9, 2018
fuzzer-kexecdh.c Fix leaks in kex fuzzers Mar 9, 2018
fuzzer-preauth.c add fuzzer-preauth_nomaths Jan 23, 2018
fuzzer-preauth_nomaths.c add fuzzer-preauth_nomaths Jan 23, 2018
fuzzer-pubkey.c avoid leak of pubkey_options Mar 6, 2018
fuzzer-verify.c Fix to be able to compile normal(ish) binaries with --enable-fuzz Feb 28, 2018
fuzzers_test.sh add fuzzers to travis Mar 1, 2018
gendss.c Pointer parameter could be declared as pointing to const Aug 19, 2017
gendss.h Convert #ifdef to #if, other build changes May 4, 2016
genrsa.c Convert #ifdef to #if, other build changes May 4, 2016
genrsa.h Convert #ifdef to #if, other build changes May 4, 2016
gensignkey.c add configuration option for default RSA size. Jun 24, 2017
gensignkey.h add configuration option for default RSA size. Jun 24, 2017
ifndef_wrapper.sh avoid extended regex features to avoid caring about sed -r vs -E Jul 24, 2018
includes.h merge from main Feb 26, 2018
install-sh Makefile.in contains updated files required Jun 1, 2004
kex.h merge from main Feb 17, 2018
keyimport.c options: Complete the transition to numeric toggles (`#if') Feb 16, 2018
keyimport.h Pointer parameter could be declared as pointing to const Aug 19, 2017
list.c include config.h for options.h. don't need to include options.h when Feb 18, 2018
list.h fix empty C prototypes Mar 16, 2016
listener.c Pointer parameter could be declared as pointing to const (callback) Aug 19, 2017
listener.h Pointer parameter could be declared as pointing to const (callback) Aug 19, 2017
loginrec.c loginrec close fd on error path Feb 17, 2018
loginrec.h remove unused loginrec_set_addr() Mar 15, 2016
ltc_prng.c include config.h for options.h. don't need to include options.h when Feb 18, 2018
ltc_prng.h include config.h for options.h. don't need to include options.h when Feb 18, 2018
netio.c get rid of unused packet_type in encrypted write queue Mar 4, 2018
netio.h bind to port as well with -b Jan 25, 2018
options.h mention localoptions.h being build directory, fix underscore in CHANGES Mar 1, 2018
packet.c Merge writev #include fix Aug 26, 2018
packet.h get rid of unused packet_type in encrypted write queue Mar 4, 2018
process-packet.c fix empty C prototypes Mar 16, 2016
progressmeter.c Update to scp from OpenSSH portable 4.3p2 Mar 8, 2006
progressmeter.h Makefile.in contains updated files required Jun 1, 2004
queue.c Pointer parameter could be declared as pointing to const Aug 19, 2017
queue.h Pointer parameter could be declared as pointing to const Aug 19, 2017
release.sh release.sh reminds how to sign Nov 25, 2015
rsa.c limit rsa->e size to 64 bits Feb 17, 2018
rsa.h Pointer parameter could be declared as pointing to const Aug 19, 2017
runopts.h add guard HAVE_GETGROUPLIST Feb 27, 2018
scp.c Convert #ifdef to #if, other build changes May 4, 2016
scpmisc.c Use DROPBEAR_PATH_DEVNULL instead of undefined _PATH_DEVNULL May 25, 2016
scpmisc.h upgrade atomicio Nov 15, 2016
service.h fix empty C prototypes Mar 16, 2016
session.h use a full prototype (#56) Feb 20, 2018
signkey.c - #if not #ifdef for DROPBEAR_FUZZ Feb 28, 2018
signkey.h Pointer parameter could be declared as pointing to const Aug 19, 2017
ssh.h propagate from branch 'au.asn.ucc.matt.dropbear' (head 0501e6f661b541… Mar 21, 2006
sshpty.c ignore I_PUSH if it isn't defined, for Android from Reimar Döffinger Mar 19, 2013
sshpty.h Makefile.in contains updated files required Jun 1, 2004
svr-agentfwd.c Pointer parameter could be declared as pointing to const (callback) Aug 19, 2017
svr-auth.c Merge bugfix delay invalid users Aug 23, 2018
svr-authpam.c Wait to fail invalid usernames Aug 23, 2018
svr-authpasswd.c Wait to fail invalid usernames Aug 23, 2018
svr-authpubkey.c Merge bugfix delay invalid users Aug 23, 2018
svr-authpubkeyoptions.c fix leak in option handling Mar 7, 2018
svr-chansession.c more linting (#55) Feb 17, 2018
svr-kex.c - #if not #ifdef for DROPBEAR_FUZZ Feb 28, 2018
svr-main.c workaround memory sanitizer FD_ZERO false positives Mar 6, 2018
svr-runopts.c Only advertise a single server ecdsa key when -R (generate as require… Mar 8, 2018
svr-service.c more linting (#58) Feb 26, 2018
svr-session.c Fix to be able to compile normal(ish) binaries with --enable-fuzz Feb 28, 2018
svr-tcpfwd.c FIx remote forward listeners Sep 7, 2018
svr-x11fwd.c Pointer parameter could be declared as pointing to const (callback) Aug 19, 2017
sysoptions.h Merge bugfix delay invalid users Aug 23, 2018
tcp-accept.c FIx remote forward listeners Sep 7, 2018
tcpfwd.h FIx remote forward listeners Sep 7, 2018
termcodes.c termcodes: make VEOL2, VWERASE, VLNEXT, ECHOCTL, and ECHOKE optional May 25, 2016
termcodes.h DROPBEAR_ prefix for include guards to avoid collisions Feb 24, 2015
x11fwd.h Pointer parameter could be declared as pointing to const Aug 19, 2017

README

This is Dropbear, a smallish SSH server and client.
https://matt.ucc.asn.au/dropbear/dropbear.html

INSTALL has compilation instructions.

MULTI has instructions on making a multi-purpose binary (ie a single binary
which performs multiple tasks, to save disk space)

SMALL has some tips on creating small binaries.

Please contact me if you have any questions/bugs found/features/ideas/comments etc :)
There is also a mailing list http://lists.ucc.gu.uwa.edu.au/mailman/listinfo/dropbear

Matt Johnston
matt@ucc.asn.au


In the absence of detailed documentation, some notes follow:
============================================================================

Server public key auth:

You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put
the key entries in that file. They should be of the form:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname

You must make sure that ~/.ssh, and the key file, are only writable by the
user. Beware of editors that split the key into multiple lines.

Dropbear supports some options for authorized_keys entries, see the manpage.

============================================================================

Client public key auth:

Dropbear can do public key auth as a client, but you will have to convert
OpenSSH style keys to Dropbear format, or use dropbearkey to create them.

If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to do:

dropbearconvert openssh dropbear ~/.ssh/id_rsa  ~/.ssh/id_rsa.db
dbclient -i ~/.ssh/id_rsa.db <hostname>

Dropbear does not support encrypted hostkeys though can connect to ssh-agent.

============================================================================

If you want to get the public-key portion of a Dropbear private key, look at
dropbearkey's '-y' option.

============================================================================

To run the server, you need to server keys, this is one-off:
./dropbearkey -t rsa -f dropbear_rsa_host_key
./dropbearkey -t dss -f dropbear_dss_host_key
./dropbearkey -t ecdsa -f dropbear_ecdsa_host_key

or alternatively convert OpenSSH keys to Dropbear:
./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key

You can also get Dropbear to create keys when the first connection is made -
this is preferable to generating keys when the system boots. Make sure 
/etc/dropbear/ exists and then pass '-R' to the dropbear server.

============================================================================

If the server is run as non-root, you most likely won't be able to allocate a
pty, and you cannot login as any user other than that running the daemon
(obviously). Shadow passwords will also be unusable as non-root.

============================================================================

The Dropbear distribution includes a standalone version of OpenSSH's scp
program. You can compile it with "make scp", you may want to change the path
of the ssh binary, specified by _PATH_SSH_PROGRAM in options.h . By default
the progress meter isn't compiled in to save space, you can enable it by 
adding 'SCPPROGRESS=1' to the make commandline.