Dropbear SSH tools with ed25519 and other improvements by pts
Switch branches/tags
Nothing to show
Clone or download
Peter Szabo
Peter Szabo replaced #ifdef DROPBEAR_TWOFISH256 etc. with long #if to pacify gcc-…
…7.3 -Werror=unused-const-variable
Latest commit 7956b72 Aug 16, 2018
Permalink
Failed to load latest commit information.
debian added contents of dropbear-2017.75.tar.bz2 May 17, 2017
libtomcrypt added /*fallthrough*/ comments for compatibility with gcc-7.3 Jul 11, 2018
libtommath added contents of dropbear-2017.75.tar.bz2 May 17, 2017
.gitignore added hostkey_* to .gitignore Sep 30, 2017
.hg_archival.txt added contents of dropbear-2017.75.tar.bz2 May 17, 2017
.hgsigs added contents of dropbear-2017.75.tar.bz2 May 17, 2017
.travis.yml added contents of dropbear-2017.75.tar.bz2 May 17, 2017
CHANGES added contents of dropbear-2017.75.tar.bz2 May 17, 2017
INSTALL added contents of dropbear-2017.75.tar.bz2 May 17, 2017
LICENSE added contents of dropbear-2017.75.tar.bz2 May 17, 2017
MULTI added contents of dropbear-2017.75.tar.bz2 May 17, 2017
Makefile.in added generating OpenSSH private keys, as dropbearkey -Z openssh, wit… Oct 1, 2017
README.dropbear.txt added README.txt Oct 1, 2017
README.txt improved README; added compilation instructions Jul 16, 2018
SMALL added contents of dropbear-2017.75.tar.bz2 May 17, 2017
TODO added contents of dropbear-2017.75.tar.bz2 May 17, 2017
agentfwd.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
algo.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
atomicio.c
atomicio.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
auth.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
bignum.c
bignum.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
buffer.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
buffer.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
c.sh improved README; added compilation instructions Jul 16, 2018
channel.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
chansession.h added AcceptEnv (-A) support to pass environment variables from the c… Sep 30, 2017
circbuffer.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
circbuffer.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
cli-agentfwd.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
cli-auth.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
cli-authinteract.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
cli-authpasswd.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
cli-authpubkey.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
cli-channel.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
cli-chansession.c
cli-kex.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
cli-main.c fixed all gcc-4.8.4 warnings Sep 30, 2017
cli-runopts.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
cli-session.c
cli-tcpfwd.c
common-algo.c replaced #ifdef DROPBEAR_TWOFISH256 etc. with long #if to pacify gcc-… Aug 16, 2018
common-channel.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
common-chansession.c
common-kex.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
common-runopts.c added explicit error message for loading OpenSSH host keys without ma… Jul 13, 2018
common-session.c added ed25519.c and ed25519.h boilerplate; currently copied from dss.… Oct 1, 2017
compat.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
compat.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
config.guess added contents of dropbear-2017.75.tar.bz2 May 17, 2017
config.h.in added contents of dropbear-2017.75.tar.bz2 May 17, 2017
config.sub added contents of dropbear-2017.75.tar.bz2 May 17, 2017
configure added contents of dropbear-2017.75.tar.bz2 May 17, 2017
configure.ac added contents of dropbear-2017.75.tar.bz2 May 17, 2017
crypto_desc.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
crypto_desc.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
curve25519-donna.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dbclient.1
dbhelpers.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dbhelpers.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dbmulti.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dbrandom.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dbrandom.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dbutil.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dbutil.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
debug.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dh_groups.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dh_groups.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dropbear.8 added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dropbearconvert.1 added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dropbearconvert.c added `dropbearconvert' any to autodetect the input private key file … Oct 1, 2017
dropbearkey.1 added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dropbearkey.c fixed use-after-free bug in printpubfile Jul 13, 2018
dss.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
dss.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
ecc.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
ecc.h
ecdsa.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
ecdsa.h
ed25519.c added ed25519 key generation (dropbearkey -t ed25519) Oct 1, 2017
ed25519.h added ssh-ed25519 key loading and writing; verification not implement… Oct 1, 2017
ed25519_crypto.c removed unused consts Jul 11, 2018
ed25519_crypto.h added ed25519 key generation (dropbearkey -t ed25519) Oct 1, 2017
fake-rfc2553.c
fake-rfc2553.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
filelist.txt added ed25519.c and ed25519.h boilerplate; currently copied from dss.… Oct 1, 2017
gendss.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
gendss.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
gened25519.c added ed25519 key generation (dropbearkey -t ed25519) Oct 1, 2017
gened25519.h added ed25519 key generation (dropbearkey -t ed25519) Oct 1, 2017
genrsa.c increased key size limit to dropbearkey -t rsa -s 8192 (from 4096); n… Oct 1, 2017
genrsa.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
gensignkey.c fixed make without WRITEOPENSSHKEYS=1; this fixes #2 Jul 11, 2018
gensignkey.h added generating OpenSSH private keys, as dropbearkey -Z openssh, wit… Oct 1, 2017
includes.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
install-sh added contents of dropbear-2017.75.tar.bz2 May 17, 2017
kex.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
keyimport.c added generating OpenSSH private keys, as dropbearkey -Z openssh, wit… Oct 1, 2017
keyimport.h added generating OpenSSH private keys, as dropbearkey -Z openssh, wit… Oct 1, 2017
list.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
list.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
listener.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
listener.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
loginrec.c fixed all gcc-4.8.4 warnings Sep 30, 2017
loginrec.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
ltc_prng.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
ltc_prng.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
netio.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
netio.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
options.h added ed25519.c and ed25519.h boilerplate; currently copied from dss.… Oct 1, 2017
packet.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
packet.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
parse_dropbear_rsa_private_key.py removed dependency on t3.dropbear May 30, 2018
process-packet.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
progressmeter.c fixed all gcc-4.8.4 warnings Sep 30, 2017
progressmeter.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
queue.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
queue.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
release.sh added contents of dropbear-2017.75.tar.bz2 May 17, 2017
rsa.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
rsa.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
runopts.h added AcceptEnv (-A) support to pass environment variables from the c… Sep 30, 2017
scp.c fixed -Werror=sign-compare errors for gcc -m64 (amd64) Jul 13, 2018
scpmisc.c fixed all gcc-4.8.4 warnings Sep 30, 2017
scpmisc.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
service.h
session.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
signkey.c added ed25519.c and ed25519.h boilerplate; currently copied from dss.… Oct 1, 2017
signkey.h added ed25519.c and ed25519.h boilerplate; currently copied from dss.… Oct 1, 2017
ssh.h added ed25519.c and ed25519.h boilerplate; currently copied from dss.… Oct 1, 2017
sshpty.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
sshpty.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
svr-agentfwd.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
svr-auth.c
svr-authpam.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
svr-authpasswd.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
svr-authpubkey.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
svr-authpubkeyoptions.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
svr-chansession.c
svr-kex.c fixed make WRITEOPENSSHKEYS=1; this fixes #3 Jul 11, 2018
svr-main.c
svr-runopts.c bugfix: changed #ifdef DROPBEAR_DSS to DROPBEAR_ED25519; this fixes #4 Aug 16, 2018
svr-service.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
svr-session.c added ed25519.c and ed25519.h boilerplate; currently copied from dss.… Oct 1, 2017
svr-tcpfwd.c
svr-x11fwd.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
sysoptions.h increased key size limit to dropbearkey -t rsa -s 8192 (from 4096); n… Oct 1, 2017
tcp-accept.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
tcpfwd.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
termcodes.c added contents of dropbear-2017.75.tar.bz2 May 17, 2017
termcodes.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017
x11fwd.h added contents of dropbear-2017.75.tar.bz2 May 17, 2017

README.txt

pts-dropbear: Dropbear SSH tools with ed25519 and other improvements by pts
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pts-dropbear is a C source tree of the Dropbear embedded SSH server, client
and tools for Unix, with modifications by pts.

Based on: dropbear-2017.75.tar.bz2
https://matt.ucc.asn.au/dropbear/releases/dropbear-2017.75.tar.bz2

The most important improvements in pts-dropbear:

* Added ssh-ed25519 crypto for server host keys and user keys. The
  implementation is based on TweetNaCl v20140427.
* Added environment variable propagation (similar to OpenSSH AcceptEnv,
  command-line flag -A) to Dropbear sshd.
* Added autodetection and loading of OpenSSH hostkeys to Dropbear
  sshd (with `make OPENSSHHOSTKEYLOAD=1').
* Added flag to dropbearkey to generate private keys in OpenSSH format
  directly (dropbearkey -Z openssh, with `make WRITEOPENSSHKEYS=1').
* Improved some command-line flags (e.g. dropbear -E is always available).
* Added compilation instructions for pts-xstatic (statically linked i386 Linux
  binary). Binary size is 350456 bytes.
* Added option to compile without loading any system hostkeys (e.g. from
  /etc/dropbear) (with `make NOSYSHOSTKEYLOAD=1').
* Made dropbearkey behavior  more compatible with ssh-keygen in OpenSSH:
** dropbearkey now creates a .pub file.
** -b bits flag.
** -C comment flag. (The comment will be added only to the public key file, and
   not to the private key file.)
** -P passphrase flag. Only the empty passhprase is allowed.
** -N passphrase flag. Only the empty passhprase is allowed.
* Added autodection of the input private key file format, as
  `dropbearconvert any'.

How to compile:

* To compile regularly with the system gcc, run this (without the leading
  `$' signs):

    $ sudo apt-get install gcc make
    $ ./configure
    $ make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" MULTI=1 STATIC=1 SCPPROGRESS=1 NOSYSHOSTKEYLOAD=1 OPENSSHHOSTKEYLOAD=1 WRITEOPENSSHKEYS=1
    $ ls -l dropbearmulti

* To compile with pts-xstatic to get a statically linked Linux i386
  executable binary, run this (without the leading `$' signs) on a Linux
  i386 or amd64 system:

    $ sudo apt-get install gcc make
    $ sudo apt-get install gcc-multilib  # On an amd64 system.
    $ wget http://pts.50.hu/files/pts-xstatic/pts-xstatic-latest.sfx.7z
    $ chmod u+x pts-xstatic-latest.sfx.7z
    $ ./pts-xstatic-latest.sfx.7z -y
    $ XSTATIC=pts-xstatic/bin/xstatic ./c.sh
    ...
    (creates drobpearmulti)

How to generate an ssh-ed25519 server host key:

* Use this command:

    $ dropbearkey -Z openssh -t ed25519 -f dropbear_hostkey_ed25519

  Please note that `-Z openssh' is optional. By default it creates the
  private key file in the OpenSSH format, for improved interoperability. The
  alternative is `-Z dropbear'.

* Alternatively, this command works if you have OpenSSH:

    $ ssh-keygen -N "" -t ed25519 -f dropbear_hostkey_ed25519

* Alternatively, you can use this Python script:
  https://github.com/pts/py_ssh_keygen_ed25519/blob/master/py_ssh_keygen_ed25519.py

  Example invocation:

    $ ./py_ssh_keygen_ed25519.py -t ed25519 -Z openssh -f dropbear_hostkey_ed25519

TODO:

* Send patches to upstream Dropbear.
* Add cipher chacha20-poly1305@openssh.com (for feature parity with
  tinyssh).
* Add querying an ssh-agent to dbclient. (No need to write an ssh-agent,
  the Gnome, gpg and OpenSSH ssh-agent implementations are fine.)
* refactor: split keywrite.c (import_write(...)) out keyimport.c, to make
  the dropbear (not dropbearmulti) binary smaller.
* --disable-wtmp in c.sh? Add at least a command-line flag. Is the stock
  Ubuntu 14.04 /var/log/wtmp compatible with xstatic uClibc wtmp format?

FYI:

* dropbearconvert (and import_read) ignores comments in keys.
* dropbearkey creates private keys without comments (only public keys have comments).
* OpenSSH `ssh -i' ignores comments in the private key file. Good.
* dropbear doesn't support user or host key passphrases.
* dbclient cannot authenticate with an ssh-agent.
* dropbear doesn't try to be smart and slow, e.g. by doing DNS lookups on
  the client IP address.
* Dropbear binary size is smaller (353 kB for dropbearmulti linked with
  xstatic, containing dropbear, dbclient, dropbearkey, dropbearconvert, scp)
  than OpenSSH (836 kB for sshd, 791 kB, 380 kB for ssh-agent for ssh linked
  with xstatic, 7.3p1 without OpenSSL).
* OpenSSH crypto operations are faster than in Dropbear. (Is this true?
  Benchmark!)
* Dropbear 2017.75 supports these ciphers (with the default compiation flags):
  aes128-ctr, aes256-ctr, aes128-cbc, aes256-cbc, twofish256-cbc,
  twofish128-cbc, 3des-ctr, 3des-cbc, 3des.
  blowfish can also be enabled, but twofish is more efficient.
* OpenSSH_5.3p1 supports these ciphers: (twofish is missing.)
  aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc,
  3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour,
  rijndael-cbc@lysator.liu.se.
* OpenSSH_7.2p2 in Ubuntu 14.04 supports these ciphers: (twofish is missing.)
  3des-cbc, aes128-cbc, aes128-ctr, aes128-gcm@openssh.com, aes192-cbc
  aes192-ctr, aes256-cbc, aes256-ctr, aes256-gcm@openssh.com, arcfour,
  arcfour128 arcfour256, chacha20-poly1305@openssh.com,
  rijndael-cbc@lysator.liu.se.
* OpenSSH_7.3p1 compiled without OpenSSL supports these ciphers:
  aes128-ctr, aes192-ctr, aes256-ctr, chacha20-poly1305@openssh.com.
* tinyssh 20161101 (and the latest github on 2017-10-01)
  supports these ciphers: aes256-str, chacha20-poly1305@openssh.com.

__END__