ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-07 13:21:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,708 Commits 5 Branches 63 Tags 14 MiB
cafebe2d30
Commit Graph

1708 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matt Johnston
cafebe2d30 Reduce sk specific code 
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
 2022-01-22 15:45:07 +08:00
Matt Johnston
cc481a646d Make sk-ecdsa call buf_ecdsa_verify 
This reduces code duplication, the SK code just handles the
different message format.
 2022-01-22 14:50:42 +08:00
Egor Duda
2634c4586b
fix typo 2022-01-17 20:41:56 +03:00
Egor Duda
712d529164
Keys with type sk-* make no sense as host keys, so they should be 
disabled
 2022-01-17 18:33:24 +03:00
Egor Duda
2ad020ff30
Implement server-side support for sk-ed25519 FIDO2-backed keys 2022-01-16 00:50:39 +03:00
Egor Duda
0c62c0db7f
Check if nistp256 curve is used in sk-ecdsa-sha2- key 
It's the only allowed curve per PROTOCOL.u2f specification
 2021-12-24 14:26:09 +03:00
Egor Duda
2993eedaba
Fix one more potential out-of-bounds read 2021-12-24 12:26:31 +03:00
Egor Duda
c66f0e98c9
Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys 2021-12-24 12:10:36 +03:00
Egor Duda
c8fcc08fe0
Implement server-side support for sk-ecdsa U2F-backed keys 2021-12-23 09:23:34 +03:00
Matt Johnston
483b427335 debugging test runner authorized_keys perms 2021-10-19 13:45:59 +08:00
Matt Johnston
27ffea3223 Debug pytest password auth failing 2021-10-19 13:30:58 +08:00
Matt Robinson
742e296115
Use HOME before /etc/passwd to find id_dropbear (#137) 
Currently dbclient uses the value of HOME by default when looking for
~/.ssh/known_hosts, falling back to /etc/passwd if HOME is not set (so
that people can work around broken values in /etc/passwd).

However, when locating the default authentication key (defaults to
~/.ssh/id_dropbear), paths not starting with / are always prefixed with
the value from /etc/passwd.

Make the behaviour consistent by adjusting expand_homedir_path to use
the value of HOME, falling back to /etc/passwd if HOME is not set.
 2021-10-19 13:02:47 +08:00
Matt Johnston
0e43d68d81 Remove caching and socat from build.yml 
socat isn't needed and it consumes exit codes

Caching seems impossible to invalidate
 2021-10-19 12:49:19 +08:00
Matt Johnston
bcb9d78d83 Add configure --enable-werror argument 
This should be used instead of putting -Werror in CFLAGS
before configure, as -Werror interferes with conftests.

Update github actions to use that.
 2021-10-19 12:16:20 +08:00
Matt Johnston
8da9646c83 Upload config.log on failure 
Change tests to avoid double-negative for skipcheck

Skip some actions when running under act
 2021-10-19 11:50:12 +08:00
Matt Johnston
da482ede60 github action workaround macos ranlib 2021-10-18 23:45:09 +08:00
Matt Johnston
f0495697e5 disable fuzzstandalone github action for now, needs debugging 2021-10-18 23:36:23 +08:00
Matt Johnston
f9ced2c880 fix github actions arguments 
If only we could test this locally with the same setup....
 2021-10-18 23:33:41 +08:00
Matt Johnston
17e0c7e76f github action, don't try apt or python on macos 2021-10-18 23:31:23 +08:00
Matt Johnston
30adc15860 Use sudo for the real github action job 
(Wasn't required by act's runner)
 2021-10-18 23:25:20 +08:00
Matt Johnston
6138bdc62f Add github actions build workflow, remove travis CI 2021-10-18 23:21:52 +08:00
Matt Johnston
e05945f67a Add a default 10 second timeout for tests 2021-10-18 23:20:32 +08:00
Matt Johnston
3e640acd17 Only redirect stderr after the session login. That lets errors 
get recorded on the server parent side, rather than being sent
over a SSH connection.
 2021-10-18 23:20:08 +08:00
Matt Johnston
ae25761c7c Rename "make test" to "make check". Also run lint 2021-10-18 15:17:14 +08:00
Matt Johnston
e6152ccd7d Update .hgignore and .gitignore with tests 2021-10-18 14:26:59 +08:00
Matt Johnston
8b0d31ab20 Add "make test" target to run pytest 
This will create a virtualenv if required.

There is a bit of churn here reverting to autoconf 2.59 in generated
config.h.in and configure
 2021-10-18 14:24:32 +08:00
Matt Johnston
65f6e48a06 Add first channel tests 
These initial tests are checking various edge cases of channel handling
that have cropped up over the years.
 2021-10-18 14:22:37 +08:00
Matt Johnston
a7ef149463 Bring back recently removed channel->flushing 
This resolves the "sleep 10&echo hello" case which should
return immediately
 2021-10-14 20:55:15 +08:00
Matt Johnston
043b0fbd1b Increase max window size to 10MB, fallback rather than 
exiting if an invalid value is given.
 2021-10-12 23:32:10 +08:00
Matt Johnston
110b55214b Partial strings from strtoul should return error 2021-10-12 23:31:09 +08:00
Matt Johnston
c08177a3af Banner size should account for newlines 2021-10-12 21:29:42 +08:00
Matt Johnston
3c2436cd05 Comment on reason for DROPBEAR_MAX_PASSWORD_LEN limit 2021-10-12 21:29:25 +08:00
Matt Johnston
f3b72bfd18 Merge 2021-10-11 15:46:49 +08:00
Matt Johnston
f17400e738 Replace ChanType.sepfds with Channel.bidir_fd 
This handles the case where a svrchansess has separate FDs
for nopty, but a single FD for pty mode.

The use of sepfds was also previously incorrect for X11 and
agent forwarding
 2021-10-11 15:42:14 +08:00
Matt Johnston
8e6f73e879 - Remove "flushing" handling for exited processes, it should be 
handled by normal file descriptor reads.

- Fix sesscheckclose() handling if a channel was closed before a
  process was ever launched
 2021-10-11 15:16:54 +08:00
Matt Johnston
7c2470ba3a Fix some outdated comments 2021-10-11 15:14:46 +08:00
Matt Johnston
cc59c08605 Move comment to svr_chansess_checksignal() where it belongs 2021-10-11 15:13:42 +08:00
Matt Johnston
661d8ca225 Add a comment about sending initial auth request 2021-10-11 15:12:22 +08:00
fidomax
41d4b4e7f7
keep LANG env variable for child process (#111) 2021-08-19 23:49:52 +08:00
Anton Bershanskiy
dc016f900b
Remove unused argument of do_cmd() in scp.c (#125) 2021-08-19 23:40:58 +08:00
Sven Roederer
4c8c879b38
signkey: remove !! from SHA1 digest (#130) 
Remove the "!!" chars from message when printing the key-fingerprint, as it's
confusing users. They have been added when switching from MD5, but SHA1 can be
considered as standard today.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
 2021-08-19 23:39:31 +08:00
Manfred Kaiser
210a983349
added option to disable trivial auth methods (#128) 
* added option to disable trivial auth methods

* rename argument to match with other ssh clients

* fixed trivial auth detection for pubkeys
 2021-08-19 23:37:14 +08:00
Matt Johnston
69e5709f75 Clarify help text for dropbear -e environment option 2021-08-19 23:17:34 +08:00
Roland Vollgraf
2157d52352
pass on sever process environment to child processes (option -e) (#118) 2021-08-19 23:13:41 +08:00
Matt Johnston
846d38fe43 Add "restrict" authorized_keys option 2021-05-01 20:47:15 +08:00
Matt Johnston
a8d6dac2c5 Don't include .hg_archival.txt in tarballs. They're now reproducible. 2021-03-31 23:31:26 +08:00
Matt Johnston
ee49a1b16d merge 2021-03-31 23:24:55 +08:00
Matt Johnston
325d0c1d02 Add configure script to version control. Set timezone for release tarball 2021-03-31 23:23:14 +08:00
Matt Johnston
17f209f9b7 Update config.sub and config.guess to latest 2021-03-31 23:21:30 +08:00
Matt Johnston
924d5a06a6 Make releases tarballs more deterministic 
Not fully tested on different systems yet
 2021-03-30 22:08:14 +08:00