ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-26 18:17:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- Update manuals, include section on authorized_keys

Browse Source 
- Change default PATH to /usr/bin:/bin
- Mention DEBUG_TRACE in -v help text

--HG--
extra : convert_revision : cdcc3c729e29544e8b98a408e2dc60e4483dfd2a
This commit is contained in:
Matt Johnston
2008-11-05 14:14:40 +00:00
parent 1fdfa2ecfd
commit e80f8e8c09
5 changed files with 107 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
CHANGES
View File

@@ -1,3 +1,50 @@
0.52
- Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to tunnel
standard input/output to a TCP port-forwarded remote host.
- Add "proxy command" support to dbclient, to allow using a spawned process for
IO rather than a direct TCP connection. eg
dbclient remotehost
is equivalent to
dbclient -J 'nc remotehost 22' remotehost
(the hostname is still provided purely for looking up saved host keys)
- Combine netcat-alike and proxy support to allow "multihop" connections, with
comma-separated host syntax. Allows running
dbclient user1@host1,user2@host2,user3@host3
to end up at host3 via the other two, using SSH TCP forwarding. It's a bit
like onion-routing. All connections are established from the local machine.
The comma-separated syntax can also be used for scp/rsync, eg
scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump .
to bounce through a few hosts.
- Allow restrictions on authorized_keys logins such as restricting commands
to be run etc. This is a subset of those allowed by OpenSSH, doesn't
yet allow restricting source host.
- Use vfork() for scp on uClinux
- Default to PATH=/usr/bin:/bin for shells.
- Report errors if -R forwarding fails
- Add counter mode cipher support, which avoids some security problems with the
standard CBC mode.
- Support zlib@openssh.com delayed compression for client/server. It can be
required for the Dropbear server with the '-Z' option. This is useful for
security as it avoids exposing the server to attacks on zlib by
unauthenticated remote users, though requires client side support.
- options.h has been split into options.h (user-changable) and sysoptions.h
(less commonly changed)
- Support "dbclient -s sftp" to specify a subsystem
- Fix a bug in replies to channel requests that could be triggered by recent
versions of PuTTY
0.51 - Thu 27 March 2008
- Make a copy of password fields rather erroneously relying on getwpnam()