ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-01-31 10:57:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,318 Commits 5 Branches 63 Tags 14 MiB
d17dedfa4f
Commit Graph

61 Commits

Author SHA1 Message Date
stellarpower
d17dedfa4f Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements. 2018-02-20 02:11:55 +00:00
Michael Witten
3ee685ad1c options: Complete the transition to numeric toggles (`#if') 
For the sake of review, this commit alters only the code; the affiliated
comments within the source files also need to be updated, but doing so
now would obscure the operational changes that have been made here.

* All on/off options have been switched to the numeric `#if' variant;
  that is the only way to make this `default_options.h.in' thing work
  in a reasonable manner.

* There is now some very minor compile-time checking of the user's
  choice of options.

* NO_FAST_EXPTMOD doesn't seem to be used, so it has been removed.

* ENABLE_USER_ALGO_LIST was supposed to be renamed DROPBEAR_USER_ALGO_LIST,
  and this commit completes that work.

* DROPBEAR_FUZZ seems to be a relatively new, as-yet undocumented option,
  which was added by the following commit:

    commit 6e0b539e9c
    Author: Matt Johnston <matt@ucc.asn.au>
    Date:   Tue May 23 22:29:21 2017 +0800

        split out checkpubkey_line() separately

  It has now been added to `sysoptions.h' and defined as `0' by default.

* The configuration option `DROPBEAR_PASSWORD_ENV' is no longer listed in
  `default_options.h.in'; it is no longer meant to be set by the user, and
  is instead left to be defined in `sysoptions.h' (where it was already being
  defined) as merely the name of the environment variable in question:

    DROPBEAR_PASSWORD

  To enable or disable use of that environment variable, the user must now
  toggle `DROPBEAR_USE_DROPBEAR_PASSWORD'.

* The sFTP support is now toggled by setting `DROPBEAR_SFTPSERVER', and the
  path of the sFTP server program is set independently through the usual
  SFTPSERVER_PATH.
 2018-02-16 23:13:47 +08:00
Matt Johnston
e4ac7ea1ca bind to port as well with -b 2018-01-26 00:28:25 +08:00
houseofkodai
9c7ecf6d14 cli_bind_address_connect 
* replaces -b dummy option in dbclient to be similar with openssh -b option
* useful in multi-wan connections
 2018-01-26 00:28:25 +08:00
Kevin Darbyshire-Bryant
e255101299 dropbear server: support -T max auth tries 
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.

A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
 2017-06-25 11:53:58 +01:00
Matt Johnston
32a28d0d9c Convert #ifdef to #if, other build changes 2016-05-04 15:33:40 +02:00
Jeremy Kerr
ac9a4c839f Add -c <command> option to force a specific command 
This change adds a -c option to dropbear, to force the session to use a
specific command, in a similar fashion to OpenSSH's ForceCommand
configuration option.

This is useful to provide a simple fixed service over ssh, without
requiring an authorized key file for the per-key forced_command option.

This setting takes precedence over the channel session's provided
command, and the per-key forced_command setting.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
 2016-04-12 21:01:08 +08:00
Francois Perrad
3e20c442de fix empty C prototypes 2016-03-16 22:41:20 +08:00
Konstantin Tokarev
2d6bbf341d Moved usingsyslog from svr_runopts to runopts. 2015-12-15 16:43:29 +03:00
Matt Johnston
ed21e75235 Merge pull request #16 from annulen/openssh_options 
Implemented ExitOnForwardFailure option for local and remote forwarding.
 2015-12-15 21:30:59 +08:00
Matt Johnston
e81b6fbc6e ports and addresses must be malloced to avoid segfault on exit 2015-12-02 22:37:20 +08:00
Konstantin Tokarev
4dc1388ac7 Implemented ExitOnForwardFailure option for local and remote forwarding. 2015-11-30 21:05:36 +03:00
Konstantin Tokarev
f76141a704 Fixed build when ENABLE_CLI_REMOTETCPFWD is the only allowed TCP forwarding. 2015-11-27 21:40:00 +03:00
Thorsten Horstmann
fdb7ffa864 DROPBEAR_ prefix for include guards to avoid collisions 2015-02-24 20:43:01 +08:00
Matt Johnston
a7a79d569a Disable non-delayed zlib for server 2015-01-28 21:38:27 +08:00
Matt Johnston
923fc9087c - Don't use multichar constants since recent gcc complains 
- Add release script
- Simplify print_version
 2014-07-27 22:55:29 +08:00
Matt Johnston
ed0552f214 Add '-V' for version 
-h should exit with success
Update manpages
 2014-07-27 22:06:26 +08:00
Matt Johnston
c884e5000e Make -K keepalive behave like OpenSSH's ServerAliveInterval 2014-07-09 00:15:20 +08:00
Matt Johnston
58fe1c2d2a Add '-R' for delayed hostkey option 
--HG--
branch : keyondemand
 2013-11-07 23:49:37 +08:00
Matt Johnston
082a2dde35 Fix specifying a keysize for key generation, fix key name arguments 
--HG--
branch : ecc
 2013-11-01 00:13:09 +08:00
Matt Johnston
04518e9e80 merge in HEAD 
--HG--
branch : ecc
 2013-05-21 12:09:35 +08:00
Matt Johnston
95a21c8fd7 ecdsa is working 
--HG--
branch : ecc
 2013-05-03 23:07:48 +08:00
Matt Johnston
4404126501 -y -y to disable hostkey checking 
fix missing trailing space when passing arguments for multihop mode
From Hans Harder
 2013-04-14 22:49:10 +08:00
Paul Eggleton
1205fa68df Allow configuring "allow blank password option" at runtime 
Changes this from a compile-time switch to a command-line option.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
 2013-02-12 15:52:57 +00:00
Matt Johnston
036edd6206 Add rough support for choosing ciphers/hashes with "-c" or "-m" 2012-05-17 00:12:42 +08:00
Matt Johnston
e3ca0513a0 - Disable compression for non-final multihops 
--HG--
extra : convert_revision : c507a2aacb9e0db4c0266891b8915c614e32857e
 2009-09-11 14:02:04 +00:00
Matt Johnston
f88bed7a30 Rearrange getaddrstring() etc 
--HG--
extra : convert_revision : 8a18c4a60aeaec085923d13d98fa0f93c506ceba
 2009-09-01 16:38:26 +00:00
Matt Johnston
8a19a049b2 - Client auth using an agent's key works. Still need to implement client 
agent forwarding.

--HG--
branch : agent-client
extra : convert_revision : 276cf5e82276b6c879d246ba64739ec6868f5150
 2009-07-06 14:02:45 +00:00
Matt Johnston
c742137dc8 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList 
--HG--
branch : agent-client
extra : convert_revision : 5465e639cc3f5ee0c6c55f0de6e7b6d5a8769da3
 2009-07-06 12:59:13 +00:00
Matt Johnston
709a3e75cf propagate from branch 'au.asn.ucc.matt.dropbear' (head 899a8851a5edf840b2f7925bcc26ffe99dcac54d) 
to branch 'au.asn.ucc.matt.dropbear.cli-agent' (head 6bbab8364de17bd9ecb1dee5ffb796e48c0380d2)

--HG--
branch : agent-client
extra : convert_revision : d39a49137cc36b624768d4e79e564141dde8d355
 2009-07-01 04:16:32 +00:00
Matt Johnston
adc4d0194f Idle timeout patch from Farrell Aultman. Needs testing, unsure if server 
code works

--HG--
extra : convert_revision : ff66e05ae040561110af70114bf83f11ed528f05
 2008-11-07 14:11:06 +00:00
Matt Johnston
e674c73ee6 propagate from branch 'au.asn.ucc.matt.dropbear' (head 4fb35083f0f46ea667e7043e7d4314aecd3df46c) 
to branch 'au.asn.ucc.matt.dropbear.cli-agent' (head 833d0adef6cdbf43ea75283524c665e70b0ee1ee)

--HG--
branch : agent-client
extra : convert_revision : 6bbab8364de17bd9ecb1dee5ffb796e48c0380d2
 2008-09-23 16:05:04 +00:00
Matt Johnston
efe45cddbe - Enable -s for specifying a subsystem (such as sftp) 
--HG--
extra : convert_revision : c7b916e6c522f16f06fe1bd52815ba13aa88b90b
 2008-09-23 15:57:26 +00:00
Matt Johnston
643626d546 Replace calls to strtoul() with a helper m_str_to_uint() 
--HG--
extra : convert_revision : 1f8643c5ba7fe789c120b503c396281ac45f9730
 2008-09-22 14:13:44 +00:00
Matt Johnston
66e2f59c7b propagate from branch 'au.asn.ucc.matt.dropbear.dbclient-netcat-alike' (head b02ba6628cf2095017c60d202ac630f231e6b553) 
to branch 'au.asn.ucc.matt.dropbear' (head 636506b73e973b004cc058b07e6f36a25ff902f8)

--HG--
extra : convert_revision : eb8e95a8227df7802d79007d4dd89098759fa76b
 2008-09-17 14:49:12 +00:00
Matt Johnston
af00c78e21 Rework netcat-alike to be a proper mode, with -B argument. 
--HG--
branch : dbclient-netcat-alike
extra : convert_revision : b02ba6628cf2095017c60d202ac630f231e6b553
 2008-09-17 14:36:49 +00:00
Matt Johnston
e44aa503f0 - "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc. 
--HG--
extra : convert_revision : 45069dd007ebf414330e0a7abf4fb7e0727049c3
 2008-09-15 14:40:30 +00:00
Matt Johnston
b619e88f54 - Split main socket var into ses.sock_in/ses.sock_out in preparation 
for -J proxy_cmd option (and some prelim options for that)

--HG--
extra : convert_revision : 47cdea9a7d66c553c6f5eec43b899821939d4e4c
 2008-09-15 12:51:50 +00:00
Matt Johnston
e41452afeb propagate from branch 'au.asn.ucc.matt.dropbear' (head 8a7db1e2fdc5636abb338adb636babc32f465739) 
to branch 'au.asn.ucc.matt.dropbear.cli-agent' (head d82c25da2f7e4fb6da510d806c64344e80bb270d)

--HG--
branch : agent-client
extra : convert_revision : 78d02301ae8310efa2639f15da0ea62dea110e4b
 2007-08-16 13:34:37 +00:00
Matt Johnston
75ec4d6510 - Add -K keepalive flag for dropbear and dbclient 
- Try to reduce the frequency of select() timeouts
- Add a max receive window size of 1MB

--HG--
extra : convert_revision : 9aa22036cb511cddb35fbc0e09ad05acb39b64d1
 2007-08-08 15:12:06 +00:00
Matt Johnston
e3e4445dc1 Add -W <windowsize> argument and document it. 
--HG--
extra : convert_revision : 98d4c0f15480bf749c451034cbc565d7e9d3b8dc
 2007-07-25 15:44:25 +00:00
Matt Johnston
b01a74a9d7 merge of 'a9b0496634cdd25647b65e585cc3240f3fa699ee' 
and 'c22be8b8f570b48e9662dac32c7b3e7148a42206'

--HG--
extra : convert_revision : 066f6aef2791d54b9ec6a0c3033fd28fa946251f
 2007-02-22 14:53:49 +00:00
Matt Johnston
66643fa5c7 Add -p [address:]port option for binding to addresses, patch from 
Max-Gerd Retzlaff

--HG--
extra : convert_revision : a9b0496634cdd25647b65e585cc3240f3fa699ee
 2007-02-22 14:52:46 +00:00
Matt Johnston
cd0a08896c Add '-y' option to dbclient to accept the host key without checking 
- patch from Luciano Miguel Ferreira Rocha.

--HG--
extra : convert_revision : 924b731b50d4147eed8e9382c98a2573259a6cad
 2007-02-11 08:50:21 +00:00
Matt Johnston
c81e058bb0 add -f background option to dbclient 
--HG--
extra : convert_revision : 5ef61c30c0a634ac0da22a8c694ce235690e8170
 2006-06-07 15:47:04 +00:00
Matt Johnston
be2b7d9725 Add -N "no remote command" dbclient option. 
Document -N in dbclient.1 and -P in dropbear.8

--HG--
extra : convert_revision : 7cada79bf8f61e09a72e5d492170bd10ab0acee3
 2006-06-07 15:01:20 +00:00
Matt Johnston
4aafeb0da2 Add -P pidfile patch from Swen Schillig 
--HG--
extra : convert_revision : 2dd1bf9162d8fc4c14b33c5b3c6ca3cbe2ecd587
 2006-06-07 14:10:21 +00:00
Matt Johnston
f7caf6f5c6 propagate from branch 'au.asn.ucc.matt.dropbear' (head 0501e6f661b5415eb76f3b312d183c3adfbfb712) 
to branch 'au.asn.ucc.matt.dropbear.cli-agent' (head 01038174ec27245b51bd43a66c01ad930880f67b)

--HG--
branch : agent-client
extra : convert_revision : 12b2f59db65e7339d340e95ac67d6d9ddb193c2b
 2006-03-21 16:20:59 +00:00
Matt Johnston
a673d60963 * add -g (dbclient) and -a (dropbear) options for allowing non-local 
hosts to connect to forwarded ports. Rearranged various some of the
	tcp listening code.
	* changed to /* */ style brackets in svr-authpam.c

--HG--
extra : convert_revision : c1e04e648867db464fe9818c4910e4320cd50c32
 2005-12-04 16:13:11 +00:00
Matt Johnston
e444f0cfe6 - progress towards client agent forwarding 
(incomplete and does not compile)

--HG--
branch : agent-client
extra : convert_revision : 01038174ec27245b51bd43a66c01ad930880f67b
 2005-07-18 14:32:52 +00:00