pratik singh | 4 Jun 09:49 2014
Picon

Need SCP Client support with dropbear V0.48

Hi All,I am running the default dropbear (version 0.48) found in the uClinux-dist distribution with my microblaze as the processor. I want to use scp with dropbear. Please let me know how can i achieve this? Appreciate your reply.
--
Thanks & Regards
Pratik Singh
Martin Osterloh | 28 May 22:16 2014

Dropbear and crypt() implementation

Hi All,


I am in the process of porting dropbear to my own operating system (x86 64 architecture). So far, I am happy with the progress. 


However, I just discovered that svr-authpasswd.c uses crypt(). I am using newlib as a  general C library. I am not being provided with crypt() unfortunately. Is there any general consensus what people do in this case? So far I am just returning "send_msg_userauth_success()" which is .... well not that great. 


Any input would be greatly appreciated!


Thanks,

--Martin


ronny.meeus | 19 May 08:22 2014
Picon

[PATCH] Limit size of the iovect passed to writev in packet.c

The writev allows only a limited number of entries to be present in the
iovector. This number depends on the OS. If more entries are passed, the
writev operation fails and the connection is closed.

This patch limits the size of the vector to the maximum number accepted
by the OS. On some operating systems IOV_MAX is not defined, if this is
the case UIO_MAXIOV is being used as the maximum value.

In the problematic scenario the Linux box, running dropbear, has a slow
uplink. If an ssh is done to the box and a command is executed that
generates a lot of small fragments (for example a 'find .' in the root),
a lot of small interactions are seen between dropbear and the shell process.
The observation was that the amount of entries pending in the queue could
go up to 7500. Since all entries present in the queue will be passed to
writev an error will be returned since Linux only accepts 1024 entries to
be present in the vector. The result is that the connection is being closed.

Signed-off-by: Ronny Meeus <ronny.meeus <at> gmail.com>

diff --git a/packet.c b/packet.c
--- a/packet.c
+++ b/packet.c
 <at>  <at>  -64,13 +64,24  <at>  <at>  void write_packet() {
 	struct iovec *iov = NULL;
 	int i;
 	struct Link *l;
+	int iov_max_count;
 #endif
 	
 	TRACE2(("enter write_packet"))
 	dropbear_assert(!isempty(&ses.writequeue));

 #ifdef HAVE_WRITEV
-	iov = m_malloc(sizeof(*iov) * ses.writequeue.count);
+
+#ifndef IOV_MAX
+#define IOV_MAX UIO_MAXIOV
+#endif
+
+	/* Make sure the size of the iov is below the maximum allowed by the OS. */
+	iov_max_count = ses.writequeue.count;
+	if (iov_max_count > IOV_MAX)
+		iov_max_count = IOV_MAX;
+
+	iov = m_malloc(sizeof(*iov) * iov_max_count);
 	for (l = ses.writequeue.head, i = 0; l; l = l->link, i++)
 	{
 		writebuf = (buffer*)l->item;
 <at>  <at>  -83,7 +94,7  <at>  <at>  void write_packet() {
 		iov[i].iov_base = buf_getptr(writebuf, len);
 		iov[i].iov_len = len;
 	}
-	written = writev(ses.sock_out, iov, ses.writequeue.count);
+	written = writev(ses.sock_out, iov, iov_max_count);
 	if (written < 0) {
 		if (errno == EINTR) {
 			m_free(iov);

ronny.meeus | 19 May 08:20 2014
Picon

[PATCH] Print errno information in write_packet

This patch put the error information into the log output to have a better view
on the reason of a packet write failure.

Signed-off-by: Ronny Meeus <ronny.meeus <at> gmail.com>

diff --git a/packet.c b/packet.c
--- a/packet.c
+++ b/packet.c
 <at>  <at>  -90,7 +90,7  <at>  <at>  void write_packet() {
 			TRACE2(("leave write_packet: EINTR"))
 			return;
 		} else {
-			dropbear_exit("Error writing");
+			dropbear_exit("Error writing %s", strerror(errno));
 		}
 	}

 <at>  <at>  -131,7 +131,7  <at>  <at>  void write_packet() {
 			TRACE2(("leave writepacket: EINTR"))
 			return;
 		} else {
-			dropbear_exit("Error writing");
+			dropbear_exit("Error writing %s", strerror(errno));
 		}
 	} 
 	all_ignore = (packet_type == SSH_MSG_IGNORE);

Logan Anderson | 29 Apr 11:03 2014
Picon

Dropbear requiring passphrase

Guys,

I added drop bear to an initramfs I am building for PXE. No matter what I do, dropbear appears to require an ssh passphrase and I really don't know how to handle this. It doesn't ask me for a passphrase when I create the key.

It appears to ask for the passphrase when I use ssh but it simply asks for a password when I use dbclient. What am I doing wrong?

Any direction would be welcome.
Christian Engelmayer | 5 Apr 21:51 2014
Picon
Picon

[PATCH] Fix a potential memory leak in function load_openssh_key()

Fix a memory handling issue in the error path of function load_openssh_key().
When freeing the dynamically allocated struct openssh_key during cleanup, the
pointer itself is memset instead of the pointed to struct memory. Thus the
next instruction results in m_free(0).

Reported by Coverity - CID 1191536.
---
Compile tested, applies against github.com/mkj/dropbear.git
---
 keyimport.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/keyimport.c b/keyimport.c
index 3da14ad..48cc1ba 100644
--- a/keyimport.c
+++ b/keyimport.c
 <at>  <at>  -474,7 +474,7  <at>  <at>  static struct openssh_key *load_openssh_key(const char *filename)
 			memset(ret->keyblob, 0, ret->keyblob_size);
 			m_free(ret->keyblob);
 		}
-		memset(&ret, 0, sizeof(ret));
+		memset(ret, 0, sizeof(*ret));
 		m_free(ret);
 	}
 	if (fp) {
--

-- 
1.8.3.2

Christian Engelmayer | 5 Apr 20:13 2014
Picon
Picon

[PATCH] Fix a potential ressource leak in function lastlog_openseek()

Calling function lastlog_perform_login(), that currently is the only user of
lastlog_openseek(), assumes no need for ressource cleanup in case the function
returns an error. However, lastlog_openseek() leaves the already allocated
file descriptor in place in case the following lseek() fails.

Reported by Coverity - CID 1191538.
---
Compile tested, applies against github.com/mkj/dropbear.git
---
 loginrec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/loginrec.c b/loginrec.c
index d6ec75f..00bd2dc 100644
--- a/loginrec.c
+++ b/loginrec.c
 <at>  <at>  -1344,6 +1344,7  <at>  <at>  lastlog_openseek(struct logininfo *li, int *fd, int filemode)
 		offset = (off_t) ((long)li->uid * sizeof(struct lastlog));

 		if ( lseek(*fd, offset, SEEK_SET) != offset ) {
+			close(*fd);
 			dropbear_log(LOG_WARNING, "lastlog_openseek: %s->lseek(): %s",
 			 lastlog_file, strerror(errno));
 			return 0;
--

-- 
1.8.3.2
Tim Broberg | 19 Mar 23:37 2014

Dropbear channel request race condition?

I'm sending an exec request to a session with a terminal (so I can run
sudo commands).

I send the channel request, then send eof expecting to get data, exit
status, and eof back.

Instead, dropbear server sends eof right away, then the running command
fails because his terminal has been shut down. (See the last 3 lines of
the log snippet below.)

If I don't send eof, it works fine.

I would expect dropbear to wait for the outstanding channel request to run
to completion before sending eof.

Am I making sense, or is there some problem with my use case of requesting
exec from a terminal session? If this is considered an invalid use case,
what would you suggest as an appropriate usage / workaround?

The full log is attached, and an excerpt from receipt of eof to the
failure of the command due to terminal non-existence is below.

Thanks for any help you're able to provide,
    - Tim.

TRACE (2354): enter recv_msg_channel_eof
TRACE (2354): check_close: writefd 6, readfd 6, errfd -1, sent_close 0,
recv_close 0
TRACE (2354): writebuf size 0 extrabuf size 0
TRACE (2354): sesscheckclose, pid is -1
TRACE (2354): sesscheckclose, pid is -1
TRACE (2354): CLOSE some fd 6
TRACE (2354): enter send_msg_channel_eof
TRACE (2354): enter encrypt_packet()
TRACE (2354): encrypt_packet type is 96
TRACE (2354): enter writemac
TRACE (2354): leave writemac
TRACE (2354): enter enqueue
TRACE (2354): leave enqueue
TRACE (2354): leave encrypt_packet()
TRACE (2354): leave send_msg_channel_eof
TRACE (2354): leave recv_msg_channel_eof
TRACE (2354): leave process_packet
TRACE (2354): check_close: writefd -1, readfd -1, errfd -1, sent_close 0,
recv_close 0
TRACE (2354): writebuf size 0 extrabuf size 0
TRACE (2354): sesscheckclose, pid is -1
TRACE (2354): sesscheckclose, pid is -1
TRACE (2354): CLOSE some fd -1
TRACE (2354): enter write_packet
TRACE (2354): empty queue dequeing
TRACE (2354): leave write_packet
TRACE (2354): check_close: writefd -1, readfd -1, errfd -1, sent_close 0,
recv_close 0
TRACE (2354): writebuf size 0 extrabuf size 0
TRACE (2354): sesscheckclose, pid is -1
TRACE (2354): sesscheckclose, pid is -1
TRACE (2354): CLOSE some fd -1
TRACE (2356): back to normal sigchld
[2356] Mar 19 14:13:12 ioctl(TIOCSCTTY): Input/output error
[2356] Mar 19 14:13:12 /dev/pts/1: No such file or directory
[2356] Mar 19 14:13:12 open /dev/tty failed - could not set controlling
tty: No such device or address

Attachment (dropbear_sudo.txt.gz): application/x-gzip, 4377 bytes
William Welch | 28 Feb 21:00 2014
Picon

Microblaze - slow with Dropbear 2014.63

Greetings,

I tried the new Dropbear (which is included with the new Buildroot 2014.02 yeah!) on my slow Microblaze system.  I think there is some improvement, but I wonder if I do not have the configuration optimized...  The noticeable delay is about 85 seconds, at this debug statement from the client SSH:  expecting SSH2_MSG_KEX_ECDH_REPLY

Suggestions welcome!

William



On Wed, Feb 19, 2014 at 8:28 AM, Matt Johnston <matt <at> ucc.asn.au> wrote:
Hi all,

Dropbear 2014.63 is released containing mostly accumulated
bug fixes.  Some are for regressions in the past couple of
releases so it's recommended for everyone.

As usual the URL is
https://matt.ucc.asn.au/dropbear/dropbear.html
or mirrored at
https://dropbear.nl/mirror/

Cheers,
Matt

2014.63 - Wednesday 19 February 2014

- Fix ~. to terminate a client interactive session after waking a laptop
  from sleep.

- Changed port separator syntax again, now using host^port. This is because
  IPv6 link-local addresses use %. Reported by Gui Iribarren

- Avoid constantly relinking dropbearmulti target, fix "make install"
  for multi target, thanks to Mike Frysinger

- Avoid getting stuck in a loop writing huge key files, reported by Bruno
  Thomsen

- Don't link dropbearkey or dropbearconvert to libz or libutil,
  thanks to Nicolas Boos

- Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos

- Avoid crash on exit due to cleaned up keys before last packets are sent,
  debugged by Ronald Wahl

- Fix a race condition in rekeying where Dropbear would exit if it received a
  still-in-flight packet after initiating rekeying. Reported by Oliver Metz.
  This is a longstanding bug but is triggered more easily since 2013.57

- Fix README for ecdsa keys, from Catalin Patulea

- Ensure that generated RSA keys are always exactly the length
  requested. Previously Dropbear always generated N+16 or N+15 bit keys.
  Thanks to Unit 193

- Fix DROPBEAR_CLI_IMMEDIATE_AUTH mode which saves a network round trip if the
  first public key succeeds. Still not enabled by default, needs more
  compatibility testing with other implementations.

- Fix for port 0 forwarding in the client and port forwarding with Apache MINA SSHD. Thanks to

- Fix for bad system linux/pkt-sched.h header file with older Linux
  kernels, from Steve Dover

- Fix signal handlers so that errno is saved, thanks to Erik Ahlén for a patch
  and Mark Wickham for independently spotting the same problem.

Ed Sutter | 27 Feb 19:33 2014

basic shell

Hi,
I'm using dropbear in an embedded linux application pulled in with 
buildroot.
In normal situations it appears to be working fine.
For my project though, I need to run a custom shell that only provides 
the user
with VERY minimal access to the system all through builtins. When I set up a
new user to run this shell and log in from my system's serial port 
console it
works just fine; however, when I try to login as that user using ssh, I 
get...

Permission denied, please try again.

I've narrowed the problem down significantly by running the executable
(as the shell) that is  built with this code:

#include <stdio.h>
#include <stdlib.h>

#define MAX_LENGTH 1024

int main(int argc, char *argv[]) {
   char line[MAX_LENGTH];

   while (1) {
     printf("MYSHELL: ");
     if (!fgets(line, MAX_LENGTH, stdin)) break;
     printf("You typed: <%s>\n",line);
   }

   return 0;
}

Obviously this does nothing, but it *should* work from dropbear's point
of view right?  Any idea why running this as my shell fails with SSH?
Thanks,
Ed

Matt Johnston | 19 Feb 15:28 2014
Picon
Picon
Gravatar

Dropbear 2014.63

Hi all,

Dropbear 2014.63 is released containing mostly accumulated
bug fixes.  Some are for regressions in the past couple of
releases so it's recommended for everyone.

As usual the URL is
https://matt.ucc.asn.au/dropbear/dropbear.html 
or mirrored at
https://dropbear.nl/mirror/

Cheers,
Matt

2014.63 - Wednesday 19 February 2014

- Fix ~. to terminate a client interactive session after waking a laptop
  from sleep.

- Changed port separator syntax again, now using host^port. This is because
  IPv6 link-local addresses use %. Reported by Gui Iribarren

- Avoid constantly relinking dropbearmulti target, fix "make install"
  for multi target, thanks to Mike Frysinger

- Avoid getting stuck in a loop writing huge key files, reported by Bruno
  Thomsen

- Don't link dropbearkey or dropbearconvert to libz or libutil, 
  thanks to Nicolas Boos

- Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos

- Avoid crash on exit due to cleaned up keys before last packets are sent,
  debugged by Ronald Wahl

- Fix a race condition in rekeying where Dropbear would exit if it received a
  still-in-flight packet after initiating rekeying. Reported by Oliver Metz.
  This is a longstanding bug but is triggered more easily since 2013.57

- Fix README for ecdsa keys, from Catalin Patulea

- Ensure that generated RSA keys are always exactly the length
  requested. Previously Dropbear always generated N+16 or N+15 bit keys.
  Thanks to Unit 193

- Fix DROPBEAR_CLI_IMMEDIATE_AUTH mode which saves a network round trip if the
  first public key succeeds. Still not enabled by default, needs more
  compatibility testing with other implementations.

- Fix for port 0 forwarding in the client and port forwarding with Apache MINA SSHD. Thanks to 

- Fix for bad system linux/pkt-sched.h header file with older Linux
  kernels, from Steve Dover

- Fix signal handlers so that errno is saved, thanks to Erik Ahlén for a patch
  and Mark Wickham for independently spotting the same problem.


Gmane