ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-01-31 10:57:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,771 Commits 5 Branches 63 Tags 14 MiB
8b202f86e2
Commit Graph

1771 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Begley Brothers Inc
8b202f86e2 Default options comments, ignore localoptions.h 
Also trim whitespaces.

Signed-off-by: Begley Brothers Inc <begleybrothers@gmail.com>
 2022-03-30 13:52:04 +08:00
Begley Brothers Inc
f4be5a3c8b Allow user space file locations (rootless support) 
Why:
Running dropbear as a user (rootless) is aided if
files and programs can be saved/removed without
needing sudo.

What:
Use the same convention as DROPBEAR_DEFAULT_CLI_AUTHKEY;
if not starting with '/', then is relative to hedge's /home/hedge:
*_PRIV_FILENAME
DROPBEAR_PIDFILE
SFTPSERVER_PATH

default_options.h commentary added.

Changes kept to a minimum, so log entry in svr_kex.c#163
is refactored.
From:
    Generated hostkey is <path> ... <finger-print>
to:
    Generated hostkey path is <path>
    Generated hostkey fingerprint is <fp>
Otherwise the unexpanded path was reported.

Patch modified by Matt Johnston

Signed-off-by: Begley Brothers Inc <begleybrothers@gmail.com>
 2022-03-30 13:51:57 +08:00
Matt Johnston
2f68f6693f Check authorized_keys permissions as the user 
This is necessary on NFS with squash root.
Based on work from Chris Dragan
This commit also tidies some trailing whitespace.

Fixes github pull #107
 2022-03-30 12:56:09 +08:00
Matt Johnston
6f793d42d0 Disable dh-group1 KEX by default 
Add comments for SK keys
 2022-03-30 12:51:32 +08:00
Matt Johnston
04a4548ba2 Document supported formats for dropbearconvert 2022-03-30 12:03:50 +08:00
Matt Johnston
6ad6210901 Print the key type in "Pubkey auth succeeded" 2022-03-30 11:51:56 +08:00
Matt Johnston
8b68eb55d9 Make SHA1 optional, implement SHA256 fingerprints 
SHA256 is always compiled and only enable SHA1 when needed. Fingerprints
are always SHA256: base64 format, md5 and sha1 are removed. dbrandom now
uses sha256 its hash function.
 2022-03-30 11:44:04 +08:00
Matt Johnston
6dc029f2cb Remove twofish and remnants of blowfish 
Twofish CTR was never enabled by default and CBC modes are
deprecated
 2022-03-30 10:23:39 +08:00
Matt Johnston
9d36e94deb Remove commented ssh.com code from keyimport 2022-03-30 10:10:15 +08:00
Matt Johnston
6ac92cf606 Fix dropbearconvert ecdsa parsing error typo 
Simplify handling for different key types
 2022-03-29 23:55:35 +08:00
Matt Johnston
cb9a00951f Use buf_burn_free() instead of two calls 2022-03-29 23:47:30 +08:00
Matt Johnston
81e3977360 Add ecdsa OpenSSH format for dropbearconvert 2022-03-29 23:27:55 +08:00
Matt Johnston
bcbae1f4ba Fix dropbearconvert for dropbearmulti test 2022-03-29 22:36:30 +08:00
Matt Johnston
ee3828b3f8 Add tests for dropbearconvert 2022-03-29 22:29:17 +08:00
Matt Johnston
81425365de Support RSA OpenSSH new format in dropbearconvert 
Added support for reading and writing. PEM writing support
has been removed.

OpenSSH file format routines have been moved to signkey_ossh.c
 2022-03-29 22:27:55 +08:00
Matt Johnston
3189d12c9f Fix ed25519 dropbear to openssh conversion 
This introduces buf_put_ed25519_priv_ossh and buf_get_ed25519_priv_ossh
to handle OpenSSH internal private key format. Previously writing
OpenSSH format keys didn't write the private part correctly.
 2022-03-29 16:46:06 +08:00
Matt Johnston
a70b9e34c8 Fix act matrix workaround which broke real actions 2022-03-24 16:50:42 +08:00
Matt Johnston
ce745e98c0 Add build test with DEBUG_TRACE 5 2022-03-24 16:47:20 +08:00
Matt Johnston
d142639e38 Add -v variable debug levels for server too 
-vvvv is equivalent to the old -v
 2022-03-24 14:44:13 +08:00
Matt Johnston
bceba1f2ed Only set soft core limit not hard limit 
Otherwise child shells can't enable coredumps if desired.

Fixes #145 on github
 2022-03-24 14:18:45 +08:00
Matt Johnston
3521b58690 Revert "Don't include sk keys at all in KEX list" 
This reverts git commit f972813ecd.
The sk algorithms need to remain in the sigalgs list so that they
are included in the server-sig-algs ext-info message sent by
the server. RFC8308 for server-sig-algs requires that all algorithms are
listed (though OpenSSH client 8.4p1 tested doesn't require that)
 2022-03-24 13:42:08 +08:00
Matt Johnston
635ae3d500 Fix tarball retention-days 2022-03-24 12:26:09 +08:00
Matt Johnston
02eb74fbec Add release.sh --testrel, github action 
This makes github actions create a tarball sha256sum for comparison.
The release.sh script now works in a git repository too.
 2022-03-24 12:22:07 +08:00
Matt Johnston
515db2d706
Merge pull request #152 from HansH111/tracelevel2 2022-03-23 21:55:33 +08:00
Matt Johnston
9411bc21a8 Fix building with DEBUG_TRACE = 0 
Also try a less repetitive way of specifying macros
 2022-03-22 23:29:38 +08:00
Matt Johnston
0d4ab4fc09 Use signature type not key type for debug message 2022-03-22 23:28:24 +08:00
Matt Johnston
be4f9ce8e7 merge 2022-03-22 16:17:47 +08:00
Matt Johnston
f030618543 Split CPPFLAGS and CFLAGS more carefully 
This has no change to the build, but makes it easier to try
other build tools that only want CPPFLAGS
 2022-03-22 16:17:05 +08:00
HansH111
193d967123 changed TRACE to DEBUG3 for dbclient 2022-03-19 09:04:18 +00:00
HansH111
94b693b43c changed TRACE to DEBUG2 for dbclient 2022-03-19 09:03:51 +00:00
HansH111
1f169dafa8 changed TRACE to DEBUG1 for dbclient 2022-03-19 09:02:55 +00:00
HansH111
9ea30b8932 Added DEBUG1,DEBUG2,DEBUG3 to separate functions while keeping TRACE and TRACE2. 2022-03-19 09:01:05 +00:00
HansH111
098263950f increase verboseness by allowing multiple -v 2022-03-19 08:55:31 +00:00
HansH111
d597b66571 Allow for DEBUG_TRACE value 0 - 5 2022-03-19 08:54:25 +00:00
Matt Johnston
98ef42a856 Don't set pubkey_info directly in checkpubkey_line 
This makes it safe to use from fuzzer-pubkey without leaking
the value since the cleanup isn't called
 2022-03-16 18:35:23 +08:00
Matt Johnston
678cc6fcc0 Fix pytest incorrect skip "reason" string 
No change to functionality
 2022-03-16 17:32:43 +08:00
Matt Johnston
b58f96526a Disable aslr pytest for fsanitize test platforms 2022-03-16 17:25:03 +08:00
Matt Johnston
10875e8524 Fix SSH_PUBKEYINFO, limit characters, add tests 
We fix a bad_bufptr() failure from a previous commit. We now limit
the allowed characters to those that will definitely be safe
in a shell. Some scripts/programs may use arbitrary environment
variables without escaping correctly - that could be a problem
in a restricted environment.

The current allowed set is a-z A-Z 0-9 .,_-+@

This also adds a test for SSH_PUBKEYINFO, by default it only runs
under github actions (or "act -j build").
 2022-03-16 17:23:58 +08:00
Matt Johnston
355b248318
Merge pull request #151 from HansH111/pubkeyinfo 2022-03-16 10:43:24 +08:00
HansH111
212583544a use buf_getptr and m_free on every iteration before m_malloc to insure no memory leaks are happening 2022-03-15 18:57:21 +00:00
Matt Johnston
ae8a0abc34 test: Set allow_reuse_addr 
This avoids intermittent "Address already in use" failure
 2022-03-15 15:38:46 +08:00
HansH111
488ffce133 only show banner when cli_opts.quiet is not set 2022-03-14 09:50:07 +08:00
HansH111
360d60fb34 use option -q for suppression remote banner output, pass option also for proxy command 2022-03-14 09:50:07 +08:00
HansH111
fa4a1ab435 added quiet variable in cli_opts 2022-03-14 09:50:07 +08:00
HansH111
35631a21a2 set envvar SSH_PUBKEYINFO if authstate.pubkey_info contains information 2022-03-13 17:38:38 +00:00
HansH111
80e7143fd2 extract pubkey_info when seuccesfully auth with a key and free it in the cleanup function 2022-03-13 17:38:13 +00:00
HansH111
19cfb22d30 add pubkey_info field to authstate structure 2022-03-13 17:37:44 +00:00
Matt Johnston
8d11116dcb Make missing homedir non-fatal, instead use / 
Fixes github #146
 2022-02-24 11:51:51 +08:00
Matt Johnston
26feb8f13e Handle /proc/.../maps being reordered 
We now search for the first r-xp line in the file
 2022-02-03 22:13:06 +08:00
Matt Johnston
9124997602 Avoid unused argument warning when reexec is unused 2022-02-03 22:12:11 +08:00