Commit Graph

28 Commits

Author SHA1 Message Date
Begley Brothers Inc
8b202f86e2 Default options comments, ignore localoptions.h
Also trim whitespaces.

Signed-off-by: Begley Brothers Inc <begleybrothers@gmail.com>
2022-03-30 13:52:04 +08:00
Begley Brothers Inc
f4be5a3c8b Allow user space file locations (rootless support)
Why:
Running dropbear as a user (rootless) is aided if
files and programs can be saved/removed without
needing sudo.

What:
Use the same convention as DROPBEAR_DEFAULT_CLI_AUTHKEY;
if not starting with '/', then is relative to hedge's /home/hedge:
*_PRIV_FILENAME
DROPBEAR_PIDFILE
SFTPSERVER_PATH

default_options.h commentary added.

Changes kept to a minimum, so log entry in svr_kex.c#163
is refactored.
From:
    Generated hostkey is <path> ... <finger-print>
to:
    Generated hostkey path is <path>
    Generated hostkey fingerprint is <fp>
Otherwise the unexpanded path was reported.

Patch modified by Matt Johnston

Signed-off-by: Begley Brothers Inc <begleybrothers@gmail.com>
2022-03-30 13:51:57 +08:00
Matt Johnston
6f793d42d0 Disable dh-group1 KEX by default
Add comments for SK keys
2022-03-30 12:51:32 +08:00
Matt Johnston
8b68eb55d9 Make SHA1 optional, implement SHA256 fingerprints
SHA256 is always compiled and only enable SHA1 when needed. Fingerprints
are always SHA256: base64 format, md5 and sha1 are removed. dbrandom now
uses sha256 its hash function.
2022-03-30 11:44:04 +08:00
Matt Johnston
6dc029f2cb Remove twofish and remnants of blowfish
Twofish CTR was never enabled by default and CBC modes are
deprecated
2022-03-30 10:23:39 +08:00
HansH111
d597b66571 Allow for DEBUG_TRACE value 0 - 5 2022-03-19 08:54:25 +00:00
Matt Johnston
c7b7c9a99d Add re-exec for server
This allows ASLR to re-randomize the address
space for every connection, preventing some
vulnerabilities from being exploitable by
repeated probing.

Overhead (memory and time) is yet to be confirmed.

At present this is only enabled on Linux. Other BSD platforms
with fexecve() would probably also work though have not been tested.
2022-01-30 10:14:56 +08:00
egor-duda
5edd2ce32e
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys

* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys

* Fix one more potential out-of-bounds read

* Check if nistp256 curve is used in sk-ecdsa-sha2- key

It's the only allowed curve per PROTOCOL.u2f specification

* Implement server-side support for sk-ed25519 FIDO2-backed keys

* Keys with type sk-* make no sense as host keys, so they should be
disabled

* fix typo

* Make sk-ecdsa call buf_ecdsa_verify

This reduces code duplication, the SK code just handles the
different message format.

* Reduce sk specific code

The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey

* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled

* Proper cleanup of sk_app

Co-authored-by: Matt Johnston <matt@codeconstruct.com.au>
2022-01-22 21:53:04 +08:00
Matt Johnston
8552a0e9eb Disable UNAUTH_CLOSE_DELAY by default 2021-03-02 22:20:14 +08:00
Thomas De Schampheleire
49177312fb Introduce extra delay before closing unauthenticated sessions
To make it harder for attackers, introduce a delay to keep an
unauthenticated session open a bit longer, thus blocking a connection
slot until after the delay.

Without this, while there is a limit on the amount of attempts an attacker
can make at the same time (MAX_UNAUTH_PER_IP), the time taken by dropbear to
handle one attempt is still short and thus for each of the allowed parallel
attempts many attempts can be chained one after the other. The attempt rate
is then:
    "MAX_UNAUTH_PER_IP / <process time of one attempt>".

With the delay, this rate becomes:
    "MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
2017-02-15 13:53:04 +01:00
Matt Johnston
a27e8b053e Disable by default 3des, cbc, hmac-sha1-96, x11 forwarding 2020-06-11 00:09:15 +08:00
Matt Johnston
6145289e0d Remove blowfish 2020-06-10 23:42:42 +08:00
Vladislav Grishenko
d3d0d60076
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
* Add Chacha20-Poly1305 authenticated encryption

* Add general AEAD approach.
* Add chacha20-poly1305@openssh.com algo using LibTomCrypt chacha and
  poly1305 routines.

Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated
AES instructions, having the same key size.
Compiling in will add ~5,5kB to binary size on x86-64.

function                                             old     new   delta
chacha_crypt                                           -    1397   +1397
_poly1305_block                                        -     608    +608
poly1305_done                                          -     595    +595
dropbear_chachapoly_crypt                              -     457    +457
.rodata                                            26976   27392    +416
poly1305_process                                       -     290    +290
poly1305_init                                          -     221    +221
chacha_setup                                           -     218    +218
encrypt_packet                                      1068    1270    +202
dropbear_chachapoly_getlength                          -     147    +147
decrypt_packet                                       756     897    +141
chacha_ivctr64                                         -     137    +137
read_packet                                          543     637     +94
dropbear_chachapoly_start                              -      94     +94
read_kex_algos                                       792     880     +88
chacha_keystream                                       -      69     +69
dropbear_mode_chachapoly                               -      48     +48
sshciphers                                           280     320     +40
dropbear_mode_none                                    24      48     +24
dropbear_mode_ctr                                     24      48     +24
dropbear_mode_cbc                                     24      48     +24
dropbear_chachapoly_mac                                -      24     +24
dropbear_chachapoly                                    -      24     +24
gen_new_keys                                         848     854      +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0)         Total: 5388 bytes

* Add AES128-GCM and AES256-GCM authenticated encryption

* Add general AES-GCM mode.
* Add aes128-gcm@openssh.com and aes256-gcm@openssh.com algo using
  LibTomCrypt gcm routines.

AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on
CPU w/o dedicated AES/GHASH instructions therefore disabled by default.
Compiling in will add ~6kB to binary size on x86-64.

function                                             old     new   delta
gcm_process                                            -    1060   +1060
.rodata                                            26976   27808    +832
gcm_gf_mult                                            -     820    +820
gcm_add_aad                                            -     660    +660
gcm_shift_table                                        -     512    +512
gcm_done                                               -     471    +471
gcm_add_iv                                             -     384    +384
gcm_init                                               -     347    +347
dropbear_gcm_crypt                                     -     309    +309
encrypt_packet                                      1068    1270    +202
decrypt_packet                                       756     897    +141
gcm_reset                                              -     118    +118
read_packet                                          543     637     +94
read_kex_algos                                       792     880     +88
sshciphers                                           280     360     +80
gcm_mult_h                                             -      80     +80
dropbear_gcm_start                                     -      62     +62
dropbear_mode_gcm                                      -      48     +48
dropbear_mode_none                                    24      48     +24
dropbear_mode_ctr                                     24      48     +24
dropbear_mode_cbc                                     24      48     +24
dropbear_ghash                                         -      24     +24
dropbear_gcm_getlength                                 -      24     +24
gen_new_keys                                         848     854      +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0)         Total: 6434 bytes
2020-05-25 23:50:25 +08:00
zciendor
002b79e2f9
MOTD enabled by default as the manpage says (#87)
The man page (https://github.com/mkj/dropbear/blob/master/dropbear.8) says MOTD will be printed by default for any login shell, but it was disabled at compile time. Probably happened by accident when this code was moved from `options.h` to `default_options.h`.
2020-03-14 22:21:01 +08:00
Vladislav Grishenko
3d12521735
Add Ed25519 support (#91)
* Add support for Ed25519 as a public key type

Ed25519 is a elliptic curve signature scheme that offers
better security than ECDSA and DSA and good performance. It may be
used for both user and host keys.

OpenSSH key import and fuzzer are not supported yet.

Initially inspired by Peter Szabo.

* Add curve25519 and ed25519 fuzzers

* Add import and export of Ed25519 keys
2020-03-12 00:09:45 +08:00
Matt Johnston
0afcfafbb9 Add a sanity check for DROPBEAR_SVR_MULTIUSER==0 mode 2019-03-20 22:57:06 +08:00
Patrick Stewart
0af22aa8e4 Support servers without multiple user support (#76) 2019-03-20 22:44:49 +08:00
Matt Johnston
8062a4e8d6 mention localoptions.h being build directory, fix underscore in CHANGES 2018-03-01 22:12:30 +08:00
Matt Johnston
3996e93a20 make group1 client-only 2018-02-26 22:42:53 +08:00
Matt Johnston
4aa72b96c1 disable group1 in default config 2018-02-26 22:14:11 +08:00
Matt Johnston
3f3f399231 - Fix dependencies and remove old default_options.h from version control
- Rename default_options.h.in -> default_options.h, and
  default_options.h -> default_options_guard.h
- Fix newlines in default_options.h
2018-02-19 22:16:50 +08:00
Matt Johnston
8fdaf0268d missed regenerating 2018-02-18 23:48:24 +08:00
Matt Johnston
c2f2f2b817 rename some options and move some to sysoptions.h 2018-02-18 00:29:17 +08:00
Matt Johnston
84d415fb66 update default_options.h 2018-02-14 00:17:22 +08:00
Matt Johnston
74ace058a6 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range 2017-06-27 22:20:38 +08:00
Kevin Darbyshire-Bryant
e255101299 dropbear server: support -T max auth tries
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.

A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-25 11:53:58 +01:00
Matt Johnston
a94338dc67 add configuration option for default RSA size.
print key size with dropbearkey
2017-06-24 23:32:25 +08:00
Matt Johnston
8c7ebc02a0 Add generated header default_options.h to version control.
This is a workaround since I cannot figure how to get dependencies
to work properly with "make -j"
2016-05-04 17:59:34 +02:00