Freddie Chopin | 31 Jul 13:07 2012
Picon

Dropbear on bare-metal ARM Cortex-M3?

Hi!

I was wondering whether it's possible (in a reasonable amount of time) to port
Dropbear to bare-metal platform - one without an OS (like Linux), but with RTOS
(FreeRTOS) that provides tasks, queues and synchronization (semaphores +
mutexes) + LwIP TCP/IP stack?

I would require a very minimal implementation of SSH server, without all
possible encryption options (the code/RAM footprint has to be low) and without
all possible features - ideally only simpliest SSH server that can pass received
strings to other parts of code and transfer strings from code via SSH to
connected client. Of course I'm talking only about command-line interface.

If Dropbear is not a good option for such task, do you have any other
recommendations?

Thx in advance for your help!

4\/3!!

FCh

Maris, Rob | 23 Jul 15:10 2012
Picon

Re: forwarding problems

Thanks for instant answering,

I was still aware of SO_REUSEADDR in dbutil.c, but could not quickly  
determine whether this also applies to forwarding channels. In any case,  
reconnect goes OK when the embedded system gets a reboot prior to poweroff  
(as could be expected).

In the problem case, the host netstat shows up
tcp        0      0 localhost.localdo:51225 localhost.localdo:10526  
CLOSE_WAIT

BTW: I'm using 0.52 on a blackfin platform.

Regarding strace: Must be prepared. Is not yet built into the root file  
system. I'll return later to it.

Rob

Note: I also noticed
     http://comments.gmane.org/gmane.network.ssh.dropbear/962
before, and the suggestions in that thread will probably be realised after  
the current problem has been solved.

Am 23.07.2012, 14:32 Uhr, schrieb Matt Johnston <matt <at> ucc.asn.au>:

> Hi,
>
> Dropbear already does SO_REUSEADDR for all listening
> sockets, see
> https://secure.ucc.asn.au/hg/dropbear/file/983a817f8e41/dbutil.c#l254
(Continue reading)

Maris, Rob | 23 Jul 14:13 2012
Picon

forwarding problems

Use case:
- embedded system running dbclient with server connection that includes a  
port forwarding.
- system is powered off, and powered on again
- upon next boot, the following message is given:
dbclient: Remote TCP forward request failed (port 10526 -> 127.0.0.1:22)

I'd believe that doing a SO_REUSEADDR via setsockopt() would resolve this  
issue.
However, I'm not sure and where to implement this (in cli_tcpfwd.c?)

Thanks for any suggestions.

Rob

Kyle Evans | 1 Jul 03:43 2012

Passphrase keys?

Hello, I do not see any mention of creating keys with a passphrase. If 
it is somehow possible, please inform. Otherwise, has there been any 
thought of adding the support? I do not feel comfortable having a free 
and clear login key on an android device, which I would like to use to 
connect to and openSSH server.

Thanks,
Kyle Evans

Egil Hjelmeland | 20 Jun 15:40 2012
Picon

dropbear and ssh subsystem

Hi
I am considering to use SSH as transport for an application protocol we 
are designing. Inspired by the NETCONF SSH binding rfc6242, I would like 
to invoke the protocol as a SSH subsystem.

I see that dropbear server does not support arbitary SSH systems. But I 
think it can be added quite easisly around line 640 in  
svr-chansession.c . A command line option "-S 
/path/to/dropbear/subsystems" could be added. When a subsystem "xxxx" 
request is received, look for executable file 
/path/to/dropbear/subsystems/xxxx, if found, execute it directly (not 
via shell).

Any thoughts on this?

Best regards
Egil Hjelmeland.

Maxim Cournoyer | 31 May 20:44 2012
Picon

OpenSSH ~/.ssh/config file equivalent?

Hello,

I'm a new Dropbear user (part of Terminal IDE for Android) and was 
wondering if Dropb3ear supports an equivalent of ~/.ssh/config to creat 
server aliases? I've searched online and haven't found the answer. 
Dropbear seems to ignore my current ~/.ssh/config file.

Thank you!

Avner Flesch | 31 May 14:23 2012

Dropbear and PAM auth.

Hi,

 

According to the note in options.h file, PAM auth. Support only simple modules.

Is that mean that for example RADIUS authentication can’t be supported?

 

Thanks

 

Avner

 

Avner Flesch | 31 May 13:23 2012

Dropbear and libtommath

Hi,

 

Has someone did porting of math lib to tomsfastmath (instead of libtommath)?

I am using dropbear 0.52 with such a porting, and it is really reducing  the login time (I have platform with PPC 75Mhz)

But I am looking for such a porting for the new dropbear version.

 

Thanks

 

Avner

 

Bodo Meissner | 7 May 18:55 2012
Picon

help with debugging "Close for unknown channel 0" in dropbear-0.53.1

Hello all,

I need some help with debugging.

I'm using dropbear-0.53.1 on an embedded Linux system and try to use 
the free SSH.NET library to copy files with SCP inside an application
on a Windows PC.

On the PC I get errors 
"An established connection was aborted by the software in your host machine." 
which correspond to syslog messages 
"authpriv.info dropbear[4775]: Exit (system): Close for unknown channel 0"
on the device. (always channel 0)

In the library SSH.NET the remote channel number is always 0 resulting in
channel close messages with channel number 0.

Now I want to find out what's wrong here.

The application on the PC opens an SSH connection and tries to keep it open
permanently for as many SCP transfers (sequentially) as necessary.
Does dropbear always use the same channel number 0 in this case?

Maybe the library sends a wrong channel number?
Or it might try to close the same channel twice?

How can I debug this on the device?
I am able to recompile dropbear for the device, but if possible I don't
want to use a newer version.

I already compiled dropbear with -DDEBUG_TRACE. It is difficult to see the
output because dropbear redirects most of it to /dev/null.

Bodo
Grant Edwards | 26 Apr 17:33 2012
Picon

dropbear still requires password when password is blank

I'm trying to switch from the openssh server to dropbear's server on
an embedded system, and I've run into one snag.  I've enabled the
"allow blank password" feature, but dropbear still prompts for a
password on accounts that have blank passwords.  That's "wrong" -- or
at least it's different than what openssh, telnetd, login do.

Hoping to submit a patch to fix this, I spent some time looking
through dropbear's server code.  Unfortunately, I don't know enough
about how ssh authentication works to know where to start tweaking.

When I ssh to the openssh server using an account with an empty
password, I see that that the auth method "none" succeeds.  When I ssh
to the dropbear server, it ends up using auth method "password" with
an empty password.  Can somebody lend me a clue as to what I need to
do to make dropbear act like openssh/telnetd/login in the case where
a user's password is empty?

Here's a client-side trace when connecting to openssh server:'

OpenSSH_5.9p1-hpn13v11, OpenSSL 1.0.0i 19 Apr 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.250.90 [192.168.250.90] port 22.
debug1: Connection established.
debug1: identity file /home/grante/.ssh/id_rsa type 1
[...]
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8
debug1: match: OpenSSH_5.8 pat OpenSSH*
debug1: Remote is NON-HPN aware
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1-hpn13v11
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA be:5b:6e:45:82:e6:3f:d8:c9:30:ac:97:a6:8e:8f:d9
debug1: Host '192.168.250.90' is known and matches the ECDSA host key.
debug1: Found key in /home/grante/.ssh/known_hosts:97
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentication succeeded (none).
Authenticated to 192.168.250.90 ([192.168.250.90]:22).
debug1: HPN to Non-HPN Connection
debug1: Final hpn_buffer_size = 131072
debug1: HPN Disabled: 0, HPN Buffer Size: 131072
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling

Here's a trace when connecting to the dropbear server:

OpenSSH_5.9p1-hpn13v11, OpenSSL 1.0.0i 19 Apr 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.0.0.99 [10.0.0.99] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/grante/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/grante/.ssh/id_rsa type 1
debug1: identity file /home/grante/.ssh/id_rsa-cert type -1
debug1: identity file /home/grante/.ssh/id_dsa type -1
debug1: identity file /home/grante/.ssh/id_dsa-cert type -1
debug1: identity file /home/grante/.ssh/id_ecdsa type -1
debug1: identity file /home/grante/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version dropbear_2012.55
debug1: no match: dropbear_2012.55
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1-hpn13v11
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "10.0.0.99" from file "/home/grante/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/grante/.ssh/known_hosts:96
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01 <at> openssh.com,ssh-rsa-cert-v00 <at> openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
[...]
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug2: dh_gen_key: priv key bits set: 126/256
debug2: bits set: 1031/2048
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA 55:25:3a:83:bb:e6:a9:7e:4f:f7:62:ca:36:09:2a:9c
debug3: load_hostkeys: loading entries for host "10.0.0.99" from file "/home/grante/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/grante/.ssh/known_hosts:96
debug3: load_hostkeys: loaded 1 keys
debug1: Host '10.0.0.99' is known and matches the RSA host key.
debug1: Found key in /home/grante/.ssh/known_hosts:96
debug2: bits set: 1009/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/grante/.ssh/id_rsa (0x80b6ea0)
debug2: key: /home/grante/.ssh/id_dsa ((nil))
debug2: key: /home/grante/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/grante/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/grante/.ssh/id_dsa
debug3: no such identity: /home/grante/.ssh/id_dsa
debug1: Trying private key: /home/grante/.ssh/id_ecdsa
debug3: no such identity: /home/grante/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root <at> 10.0.0.99's password: 
debug3: packet_send2: adding 64 (len 49 padlen 15 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to 10.0.0.99 ([10.0.0.99]:22).
debug1: Final hpn_buffer_size = 131072
debug1: HPN Disabled: 0, HPN Buffer Size: 131072
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling

--

-- 
Grant Edwards               grant.b.edwards        Yow! This is a NO-FRILLS
                                  at               flight -- hold th' CANADIAN
                              gmail.com            BACON!!

Rayne | 13 Apr 09:35 2012
Picon

Starting Dropbear

Hi,

I've just installed Dropbear, but can't figure out how to start it.

I did

./configure
make
make install
./dropbearkey -t rsa -f dropbear_rsa_host_key

When I did a "ps -ef | grep dropbear", I don't see it running. Running "./dbclient <IP address of the dropbear server>" also gave me the error "./dbclient: Exited: Error connecting: Connection refused".

How do I start dropbear?

Thank you.

Regards,
Rayne

Gmane