Alexey Kotlyarov | 20 Jun 10:58 2014

[PATCH] Accept pre-configured environment variables

Read /etc/dropbear/environment for environment variables to add to new client
  chansession.h     |  4 ++++
  dbutil.c          |  8 +++----
  options.h         |  9 ++++++++
  svr-chansession.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
  4 files changed, 79 insertions(+), 4 deletions(-)

diff --git a/chansession.h b/chansession.h
index ef252ea..ac68f3c 100644
--- a/chansession.h
+++ b/chansession.h
 <at>  <at>  -83,6 +83,10  <at>  <at>  struct ChildPid {

  void addnewvar(const char* param, const char* var);

+void addextravars();
  void cli_send_chansess_request();
  void cli_tty_cleanup();
  void cli_chansess_winchange();
diff --git a/dbutil.c b/dbutil.c
index 145bc33..e723488 100644
--- a/dbutil.c
+++ b/dbutil.c
 <at>  <at>  -781,11 +781,11  <at>  <at>  int buf_readfile(buffer* buf, const char* filename) {
  	return ret;
(Continue reading)

Fredrik Fornwall | 16 Jun 12:24 2014

[PATCH] Replace obsolete S_IWRITE with S_IWUSR in scp.c

S_IWRITE is obsolete and should, judging from the same change in other
projects, be safe to replace with S_IWUSR. This fixes compilation on
diff -r 68723d66dec6 scp.c
--- a/scp.c	Tue May 20 21:21:02 2014 +0800
+++ b/scp.c	Mon Jun 16 12:21:59 2014 +0200
 <at>  <at>  -992,7 +992,7  <at>  <at> 
 		omode = mode;
-		mode |= S_IWRITE;
+		mode |= S_IWUSR;
 		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
 bad:			run_err("%s: %s", np, strerror(errno));
Utkarsh Kumar | 11 Jun 14:03 2014

SSH problem with dropbear on microblaze


I am using the default dropbear version 0.48 with uClinux-dist distribution on microblaze processor. While trying to ssh its taking 60 seconds per session i.e. if only one ssh session is opened it takes 60 seconds to connect but if 2 sessions are opened simultaneously, it takes 120 seconds for the 2nd session. same way for n session it take n*60 seconds for the nth session to connect.

Request you to help me achieve the followings:
1. How to reduce the time to connect ssh (currently its taking 60 seconds)
2. How to reduce the time for the subsequent sessions, if opened simultaneously.

Please find the logs below:

#ssh -v

OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to [] port 22.
debug1: Connection established.
debug1: identity file /homes/utkarsh/.ssh/identity type -1
debug1: identity file /homes/utkarsh/.ssh/id_rsa type -1
debug1: identity file /homes/utkarsh/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version dropbear_0.48
debug1: no match: dropbear_0.48
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
============== long pause here... about 40+ seconds

debug1: Host '' is known and matches the DSA host key.
debug1: Found key in /homes/utkarsh/.ssh/known_hosts:5
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentication succeeded (none).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8

Appreciate you reply.

pratik singh | 4 Jun 09:49 2014

Need SCP Client support with dropbear V0.48

Hi All,I am running the default dropbear (version 0.48) found in the uClinux-dist distribution with my microblaze as the processor. I want to use scp with dropbear. Please let me know how can i achieve this? Appreciate your reply.
Thanks & Regards
Pratik Singh
Martin Osterloh | 28 May 22:16 2014

Dropbear and crypt() implementation

Hi All,

I am in the process of porting dropbear to my own operating system (x86 64 architecture). So far, I am happy with the progress. 

However, I just discovered that svr-authpasswd.c uses crypt(). I am using newlib as a  general C library. I am not being provided with crypt() unfortunately. Is there any general consensus what people do in this case? So far I am just returning "send_msg_userauth_success()" which is .... well not that great. 

Any input would be greatly appreciated!



ronny.meeus | 19 May 08:22 2014

[PATCH] Limit size of the iovect passed to writev in packet.c

The writev allows only a limited number of entries to be present in the
iovector. This number depends on the OS. If more entries are passed, the
writev operation fails and the connection is closed.

This patch limits the size of the vector to the maximum number accepted
by the OS. On some operating systems IOV_MAX is not defined, if this is
the case UIO_MAXIOV is being used as the maximum value.

In the problematic scenario the Linux box, running dropbear, has a slow
uplink. If an ssh is done to the box and a command is executed that
generates a lot of small fragments (for example a 'find .' in the root),
a lot of small interactions are seen between dropbear and the shell process.
The observation was that the amount of entries pending in the queue could
go up to 7500. Since all entries present in the queue will be passed to
writev an error will be returned since Linux only accepts 1024 entries to
be present in the vector. The result is that the connection is being closed.

Signed-off-by: Ronny Meeus <ronny.meeus <at>>

diff --git a/packet.c b/packet.c
--- a/packet.c
+++ b/packet.c
 <at>  <at>  -64,13 +64,24  <at>  <at>  void write_packet() {
 	struct iovec *iov = NULL;
 	int i;
 	struct Link *l;
+	int iov_max_count;
 	TRACE2(("enter write_packet"))

-	iov = m_malloc(sizeof(*iov) * ses.writequeue.count);
+#ifndef IOV_MAX
+	/* Make sure the size of the iov is below the maximum allowed by the OS. */
+	iov_max_count = ses.writequeue.count;
+	if (iov_max_count > IOV_MAX)
+		iov_max_count = IOV_MAX;
+	iov = m_malloc(sizeof(*iov) * iov_max_count);
 	for (l = ses.writequeue.head, i = 0; l; l = l->link, i++)
 		writebuf = (buffer*)l->item;
 <at>  <at>  -83,7 +94,7  <at>  <at>  void write_packet() {
 		iov[i].iov_base = buf_getptr(writebuf, len);
 		iov[i].iov_len = len;
-	written = writev(ses.sock_out, iov, ses.writequeue.count);
+	written = writev(ses.sock_out, iov, iov_max_count);
 	if (written < 0) {
 		if (errno == EINTR) {

ronny.meeus | 19 May 08:20 2014

[PATCH] Print errno information in write_packet

This patch put the error information into the log output to have a better view
on the reason of a packet write failure.

Signed-off-by: Ronny Meeus <ronny.meeus <at>>

diff --git a/packet.c b/packet.c
--- a/packet.c
+++ b/packet.c
 <at>  <at>  -90,7 +90,7  <at>  <at>  void write_packet() {
 			TRACE2(("leave write_packet: EINTR"))
 		} else {
-			dropbear_exit("Error writing");
+			dropbear_exit("Error writing %s", strerror(errno));

 <at>  <at>  -131,7 +131,7  <at>  <at>  void write_packet() {
 			TRACE2(("leave writepacket: EINTR"))
 		} else {
-			dropbear_exit("Error writing");
+			dropbear_exit("Error writing %s", strerror(errno));
 	all_ignore = (packet_type == SSH_MSG_IGNORE);

Logan Anderson | 29 Apr 11:03 2014

Dropbear requiring passphrase


I added drop bear to an initramfs I am building for PXE. No matter what I do, dropbear appears to require an ssh passphrase and I really don't know how to handle this. It doesn't ask me for a passphrase when I create the key.

It appears to ask for the passphrase when I use ssh but it simply asks for a password when I use dbclient. What am I doing wrong?

Any direction would be welcome.
Christian Engelmayer | 5 Apr 21:51 2014

[PATCH] Fix a potential memory leak in function load_openssh_key()

Fix a memory handling issue in the error path of function load_openssh_key().
When freeing the dynamically allocated struct openssh_key during cleanup, the
pointer itself is memset instead of the pointed to struct memory. Thus the
next instruction results in m_free(0).

Reported by Coverity - CID 1191536.
Compile tested, applies against
 keyimport.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/keyimport.c b/keyimport.c
index 3da14ad..48cc1ba 100644
--- a/keyimport.c
+++ b/keyimport.c
 <at>  <at>  -474,7 +474,7  <at>  <at>  static struct openssh_key *load_openssh_key(const char *filename)
 			memset(ret->keyblob, 0, ret->keyblob_size);
-		memset(&ret, 0, sizeof(ret));
+		memset(ret, 0, sizeof(*ret));
 	if (fp) {


Christian Engelmayer | 5 Apr 20:13 2014

[PATCH] Fix a potential ressource leak in function lastlog_openseek()

Calling function lastlog_perform_login(), that currently is the only user of
lastlog_openseek(), assumes no need for ressource cleanup in case the function
returns an error. However, lastlog_openseek() leaves the already allocated
file descriptor in place in case the following lseek() fails.

Reported by Coverity - CID 1191538.
Compile tested, applies against
 loginrec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/loginrec.c b/loginrec.c
index d6ec75f..00bd2dc 100644
--- a/loginrec.c
+++ b/loginrec.c
 <at>  <at>  -1344,6 +1344,7  <at>  <at>  lastlog_openseek(struct logininfo *li, int *fd, int filemode)
 		offset = (off_t) ((long)li->uid * sizeof(struct lastlog));

 		if ( lseek(*fd, offset, SEEK_SET) != offset ) {
+			close(*fd);
 			dropbear_log(LOG_WARNING, "lastlog_openseek: %s->lseek(): %s",
 			 lastlog_file, strerror(errno));
 			return 0;

Tim Broberg | 19 Mar 23:37 2014

Dropbear channel request race condition?

I'm sending an exec request to a session with a terminal (so I can run
sudo commands).

I send the channel request, then send eof expecting to get data, exit
status, and eof back.

Instead, dropbear server sends eof right away, then the running command
fails because his terminal has been shut down. (See the last 3 lines of
the log snippet below.)

If I don't send eof, it works fine.

I would expect dropbear to wait for the outstanding channel request to run
to completion before sending eof.

Am I making sense, or is there some problem with my use case of requesting
exec from a terminal session? If this is considered an invalid use case,
what would you suggest as an appropriate usage / workaround?

The full log is attached, and an excerpt from receipt of eof to the
failure of the command due to terminal non-existence is below.

Thanks for any help you're able to provide,
    - Tim.

TRACE (2354): enter recv_msg_channel_eof
TRACE (2354): check_close: writefd 6, readfd 6, errfd -1, sent_close 0,
recv_close 0
TRACE (2354): writebuf size 0 extrabuf size 0
TRACE (2354): sesscheckclose, pid is -1
TRACE (2354): sesscheckclose, pid is -1
TRACE (2354): CLOSE some fd 6
TRACE (2354): enter send_msg_channel_eof
TRACE (2354): enter encrypt_packet()
TRACE (2354): encrypt_packet type is 96
TRACE (2354): enter writemac
TRACE (2354): leave writemac
TRACE (2354): enter enqueue
TRACE (2354): leave enqueue
TRACE (2354): leave encrypt_packet()
TRACE (2354): leave send_msg_channel_eof
TRACE (2354): leave recv_msg_channel_eof
TRACE (2354): leave process_packet
TRACE (2354): check_close: writefd -1, readfd -1, errfd -1, sent_close 0,
recv_close 0
TRACE (2354): writebuf size 0 extrabuf size 0
TRACE (2354): sesscheckclose, pid is -1
TRACE (2354): sesscheckclose, pid is -1
TRACE (2354): CLOSE some fd -1
TRACE (2354): enter write_packet
TRACE (2354): empty queue dequeing
TRACE (2354): leave write_packet
TRACE (2354): check_close: writefd -1, readfd -1, errfd -1, sent_close 0,
recv_close 0
TRACE (2354): writebuf size 0 extrabuf size 0
TRACE (2354): sesscheckclose, pid is -1
TRACE (2354): sesscheckclose, pid is -1
TRACE (2354): CLOSE some fd -1
TRACE (2356): back to normal sigchld
[2356] Mar 19 14:13:12 ioctl(TIOCSCTTY): Input/output error
[2356] Mar 19 14:13:12 /dev/pts/1: No such file or directory
[2356] Mar 19 14:13:12 open /dev/tty failed - could not set controlling
tty: No such device or address

Attachment (dropbear_sudo.txt.gz): application/x-gzip, 4377 bytes