ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-02 03:43:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
940 Commits 5 Branches 63 Tags 14 MiB
9e66b5a9b1
Commit Graph

147 Commits

Author SHA1 Message Date
Thorsten Horstmann
fdb7ffa864 DROPBEAR_ prefix for include guards to avoid collisions 2015-02-24 20:43:01 +08:00
Matt Johnston
c44a78a2e6 Tighten validation of DH values. Odds of x==0 being generated are 
improbable, roughly 2**-1023
Regression in 0.49
 2015-02-10 21:46:19 +08:00
Matt Johnston
a7a79d569a Disable non-delayed zlib for server 2015-01-28 21:38:27 +08:00
Matt Johnston
6165f53fcd Default client key path ~/.ssh/id_dropbear 2015-01-24 00:05:26 +08:00
Matt Johnston
6cbb23a819 Add config option to disable cbc. Disable twofish by default 2015-01-23 22:37:14 +08:00
Matt Johnston
1ed8d3938e Enable sha2 HMACs by default, they're required for ecdsa already 2015-01-13 20:55:04 +08:00
Mike Frysinger
ed2e276b3a use xauth in /usr/bin 
Since the x.org rework, X has been installed into standard paths and not
its own random prefixes.  I think it's time we update the default paths
accordingly.
 2014-08-01 06:14:19 -04:00
Matt Johnston
c884e5000e Make -K keepalive behave like OpenSSH's ServerAliveInterval 2014-07-09 00:15:20 +08:00
Matt Johnston
5e4dc71907 CHANGES for 2014.63 2014-02-19 22:01:01 +08:00
Matt Johnston
61cecbb337 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default 2014-01-17 21:39:27 +08:00
Matt Johnston
de1deaf0bd use oldstyle comments 2013-11-14 22:03:30 +08:00
Matt Johnston
f025277147 comments, turn off debugging options 
--HG--
branch : ecc
 2013-11-09 00:14:28 +08:00
Matt Johnston
1e00d0b926 - Make curve25519 work after fixing a typo, interoperates with OpenSSH 
- comment on ecc binary size effects

--HG--
branch : ecc
 2013-11-09 00:02:26 +08:00
Matt Johnston
29b1455f36 Merge 
--HG--
branch : ecc
 2013-11-08 23:32:13 +08:00
Matt Johnston
0162c116da curve25519 
--HG--
branch : ecc
 2013-11-08 23:11:43 +08:00
Matt Johnston
58fe1c2d2a Add '-R' for delayed hostkey option 
--HG--
branch : keyondemand
 2013-11-07 23:49:37 +08:00
Matt Johnston
4363b8b32d refactor key generation, make it generate as required. 
Needs UI in server command line options

--HG--
branch : keyondemand
 2013-11-07 00:18:52 +08:00
Matt Johnston
51b5cdd430 Enable SMALL_CODE by default 
--HG--
branch : ecc
 2013-05-21 13:44:48 +08:00
Matt Johnston
04518e9e80 merge in HEAD 
--HG--
branch : ecc
 2013-05-21 12:09:35 +08:00
Matt Johnston
95a21c8fd7 ecdsa is working 
--HG--
branch : ecc
 2013-05-03 23:07:48 +08:00
Matt Johnston
43769b5bb3 Don't enable CLI_IMMEDIATE_AUTH by default, it breaks blank password logins 2013-04-18 21:47:38 +08:00
Matt Johnston
7f091e7019 start on ecdsa keys 
--HG--
branch : ecc
 2013-04-09 00:36:04 +08:00
Matt Johnston
c6bdc810ab ecc kind of works, needs fixing/testing 
--HG--
branch : ecc
 2013-04-07 01:36:42 +08:00
Matt Johnston
557d86aa79 Fix a few options and headers 2013-04-03 07:33:47 +08:00
Matt Johnston
99d9cf500b Add kexguess2 behaviour 
--HG--
branch : kexguess
 2013-03-29 23:29:48 +08:00
Matt Johnston
73e22c115c refactor kexdh code a bit, start working on ecdh etc 
--HG--
branch : ecc
 2013-03-26 01:35:22 +08:00
Matt Johnston
845ad0be39 Fix "-c none" so that it allows aes during authentication 
Default for options.h shouldn't allow "none"
 2013-03-20 23:52:49 +08:00
Matt Johnston
d37dcc636f Merge "none" cipher/MAC branch. Also adds sha256 and sha512 2013-03-20 22:41:07 +08:00
Matt Johnston
d7f2153631 DSS_PROTOK is not necessary now that private keys are included 
in the random generation input
 2013-02-23 17:55:46 +08:00
Paul Eggleton
1205fa68df Allow configuring "allow blank password option" at runtime 
Changes this from a compile-time switch to a command-line option.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
 2013-02-12 15:52:57 +00:00
Matt Johnston
d5ccc32b4d Improve RNG seeding. 
Try to read from /dev/urandom multiple times, take input from extra sources,
and use /dev/random when generating private keys
 2012-06-29 23:19:43 +08:00
Matt Johnston
e719a9ef6f - Only request "none" cipher after auth has succeeded 
--HG--
branch : insecure-nocrypto
 2012-05-17 20:52:57 +08:00
Matt Johnston
a02d38072a Add ALLOW_NONE_PASSWORD_AUTH option 
--HG--
branch : insecure-nocrypto
 2012-05-17 08:33:11 +08:00
Matt Johnston
f2cd610750 Merge in "-m"/"-c" code 
--HG--
branch : insecure-nocrypto
 2012-05-17 08:09:19 +08:00
Matt Johnston
db34044c7f ENABLE_USER_ALGO_LIST should work for the client 2012-05-17 00:26:12 +08:00
Matt Johnston
036edd6206 Add rough support for choosing ciphers/hashes with "-c" or "-m" 2012-05-17 00:12:42 +08:00
Matt Johnston
f40ed8bad7 Update insecure-nocrypto to current head 
--HG--
branch : insecure-nocrypto
 2012-05-16 22:54:51 +08:00
Matt Johnston
41f50057f1 Disable SHA256 and SHA512 by default in options.h 
--HG--
branch : sha2
 2012-05-16 21:56:50 +08:00
Matt Johnston
c62e53807f - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be 
getting keyed incorrectly

--HG--
branch : sha2
 2012-05-10 08:38:37 +08:00
Matt Johnston
6b4105ffe6 Fix empty password immediate login 2012-05-09 22:51:59 +08:00
Matt Johnston
3e2b6a1821 Improve comment about sha1-96 2012-04-12 21:57:30 +08:00
Matt Johnston
29e68e9d79 - Add ALLOW_BLANK_PASSWORD option 
- Don't reject blank-password logins via public key

--HG--
extra : convert_revision : 2d4bb3ecb013a7be47a7b470fc6b23e653a43dfb
 2011-10-26 15:49:47 +00:00
Matt Johnston
0993e44b4f merge of '8a608f0ed5e4b491dba4bf330e560636ec7376fd' 
and 'b31879a384d3bf8cbcbe2ed731d7d79d49799b1d'

--HG--
extra : convert_revision : dfa0557e6070859d23ff096789f339e51a870177
 2011-02-28 13:51:34 +00:00
Matt Johnston
d634b502cf - Don't allow setting memLevel since that doesn't work properly 
- Better handling of the case where compressing makes the data
larger (possibly only happens when memLevel is adjusted, but better
to be safe)

--HG--
extra : convert_revision : b31879a384d3bf8cbcbe2ed731d7d79d49799b1d
 2011-02-28 13:51:27 +00:00
Matt Johnston
53fc7eaf03 Compile fix for when both client and server agent forwarding is disabled 
--HG--
extra : convert_revision : 8a608f0ed5e4b491dba4bf330e560636ec7376fd
 2011-02-28 13:39:18 +00:00
Matt Johnston
5a7a88b843 It happened to sony 
--HG--
extra : convert_revision : c2d5690ca9ed85c7d75dd9cc2c150de50503aa3b
 2011-02-24 12:45:17 +00:00
Matt Johnston
52551cb771 - Test for pam_fail_delay() function in configure 
- Recognise "username:" as a PAM prompt
- Add some randomness to the auth-failure delay
- Fix wrongly committed options.h/debug.h

--HG--
extra : convert_revision : f242f0e66fb0ea5d3b374995d2f548d37dd8f3a3
 2009-09-08 14:53:53 +00:00
Matt Johnston
f88bed7a30 Rearrange getaddrstring() etc 
--HG--
extra : convert_revision : 8a18c4a60aeaec085923d13d98fa0f93c506ceba
 2009-09-01 16:38:26 +00:00
Matt Johnston
4b1f9e50f2 - set $SSH_ORIGINAL_COMMAND if a command is forced, and log it 
if LOG_COMMANDS is set

--HG--
extra : convert_revision : d9e8aa0ecbe7607285fa4f96f0d6f9b1523719d8
 2009-08-26 14:09:22 +00:00
Matt Johnston
2f1ed9a34b propagate from branch 'au.asn.ucc.matt.dropbear.cli-agent' (head eb0dae4b62e243ba37a897beb7ba81a4f637d8b3) 
to branch 'au.asn.ucc.matt.dropbear' (head ff0abce7b29e61630e3b09e5fc5820ae6e192808)

--HG--
extra : convert_revision : 49e078caffa785d121cefaf05b64fecc71fecd63
 2009-07-30 15:15:12 +00:00