mirror of
https://github.com/clearml/dropbear
synced 2025-03-13 07:08:26 +00:00
| .github | ||
| debian | ||
| fuzz | ||
| libtomcrypt | ||
| libtommath | ||
| test | ||
| .gitignore | ||
| .hgignore | ||
| .hgsigs | ||
| .hgtags | ||
| agentfwd.h | ||
| algo.h | ||
| atomicio.c | ||
| atomicio.h | ||
| auth.h | ||
| bignum.c | ||
| bignum.h | ||
| buffer.c | ||
| buffer.h | ||
| chachapoly.c | ||
| chachapoly.h | ||
| CHANGES | ||
| channel.h | ||
| chansession.h | ||
| circbuffer.c | ||
| circbuffer.h | ||
| cli-agentfwd.c | ||
| cli-auth.c | ||
| cli-authinteract.c | ||
| cli-authpasswd.c | ||
| cli-authpubkey.c | ||
| cli-channel.c | ||
| cli-chansession.c | ||
| cli-kex.c | ||
| cli-main.c | ||
| cli-runopts.c | ||
| cli-session.c | ||
| cli-tcpfwd.c | ||
| common-algo.c | ||
| common-channel.c | ||
| common-chansession.c | ||
| common-kex.c | ||
| common-runopts.c | ||
| common-session.c | ||
| compat.c | ||
| compat.h | ||
| config.guess | ||
| config.h.in | ||
| config.sub | ||
| configure | ||
| configure.ac | ||
| crypto_desc.c | ||
| crypto_desc.h | ||
| curve25519.c | ||
| curve25519.h | ||
| dbclient.1 | ||
| dbhelpers.c | ||
| dbhelpers.h | ||
| dbmalloc.c | ||
| dbmalloc.h | ||
| dbmulti.c | ||
| dbrandom.c | ||
| dbrandom.h | ||
| dbutil.c | ||
| dbutil.h | ||
| debug.h | ||
| default_options.h | ||
| DEVELOPING.md | ||
| dh_groups.c | ||
| dh_groups.h | ||
| dropbear_lint.sh | ||
| dropbear.8 | ||
| dropbearconvert.1 | ||
| dropbearconvert.c | ||
| dropbearkey.1 | ||
| dropbearkey.c | ||
| dss.c | ||
| dss.h | ||
| ecc.c | ||
| ecc.h | ||
| ecdsa.c | ||
| ecdsa.h | ||
| ed25519.c | ||
| ed25519.h | ||
| fake-rfc2553.c | ||
| fake-rfc2553.h | ||
| filelist.txt | ||
| fuzz-wrapfd.h | ||
| fuzz.h | ||
| FUZZER-NOTES.md | ||
| fuzzers_test.sh | ||
| gcm.c | ||
| gcm.h | ||
| gendss.c | ||
| gendss.h | ||
| gened25519.c | ||
| gened25519.h | ||
| genrsa.c | ||
| genrsa.h | ||
| gensignkey.c | ||
| gensignkey.h | ||
| ifndef_wrapper.sh | ||
| includes.h | ||
| INSTALL | ||
| install-sh | ||
| kex.h | ||
| keyimport.c | ||
| keyimport.h | ||
| LICENSE | ||
| list.c | ||
| list.h | ||
| listener.c | ||
| listener.h | ||
| loginrec.c | ||
| loginrec.h | ||
| ltc_prng.c | ||
| ltc_prng.h | ||
| Makefile.in | ||
| MULTI | ||
| netio.c | ||
| netio.h | ||
| options.h | ||
| packet.c | ||
| packet.h | ||
| process-packet.c | ||
| progressmeter.c | ||
| progressmeter.h | ||
| pubkeyapi.h | ||
| queue.c | ||
| queue.h | ||
| README | ||
| release.sh | ||
| rsa.c | ||
| rsa.h | ||
| runopts.h | ||
| scp.c | ||
| scpmisc.c | ||
| scpmisc.h | ||
| service.h | ||
| session.h | ||
| signkey_ossh.c | ||
| signkey_ossh.h | ||
| signkey.c | ||
| signkey.h | ||
| sk-ecdsa.c | ||
| sk-ecdsa.h | ||
| sk-ed25519.c | ||
| sk-ed25519.h | ||
| SMALL | ||
| ssh.h | ||
| sshpty.c | ||
| sshpty.h | ||
| svr-agentfwd.c | ||
| svr-auth.c | ||
| svr-authpam.c | ||
| svr-authpasswd.c | ||
| svr-authpubkey.c | ||
| svr-authpubkeyoptions.c | ||
| svr-chansession.c | ||
| svr-kex.c | ||
| svr-main.c | ||
| svr-runopts.c | ||
| svr-service.c | ||
| svr-session.c | ||
| svr-tcpfwd.c | ||
| svr-x11fwd.c | ||
| sysoptions.h | ||
| tcp-accept.c | ||
| tcpfwd.h | ||
| termcodes.c | ||
| termcodes.h | ||
| x11fwd.h | ||
This is Dropbear, a smallish SSH server and client. https://matt.ucc.asn.au/dropbear/dropbear.html INSTALL has compilation instructions. MULTI has instructions on making a multi-purpose binary (ie a single binary which performs multiple tasks, to save disk space) SMALL has some tips on creating small binaries. A mirror of the Dropbear website and tarballs is available at https://dropbear.nl/mirror/ Please contact me if you have any questions/bugs found/features/ideas/comments etc :) There is also a mailing list http://lists.ucc.gu.uwa.edu.au/mailman/listinfo/dropbear Matt Johnston matt@ucc.asn.au In the absence of detailed documentation, some notes follow: ============================================================================ Server public key auth: You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put the key entries in that file. They should be of the form: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname You must make sure that ~/.ssh, and the key file, are only writable by the user. Beware of editors that split the key into multiple lines. Dropbear supports some options for authorized_keys entries, see the manpage. ============================================================================ Client public key auth: Dropbear can do public key auth as a client, but you will have to convert OpenSSH style keys to Dropbear format, or use dropbearkey to create them. If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to do: dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_rsa.db dbclient -i ~/.ssh/id_rsa.db <hostname> Dropbear does not support encrypted hostkeys though can connect to ssh-agent. ============================================================================ If you want to get the public-key portion of a Dropbear private key, look at dropbearkey's '-y' option. ============================================================================ To run the server, you need to generate server keys, this is one-off: ./dropbearkey -t rsa -f dropbear_rsa_host_key ./dropbearkey -t dss -f dropbear_dss_host_key ./dropbearkey -t ecdsa -f dropbear_ecdsa_host_key ./dropbearkey -t ed25519 -f dropbear_ed25519_host_key or alternatively convert OpenSSH keys to Dropbear: ./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key You can also get Dropbear to create keys when the first connection is made - this is preferable to generating keys when the system boots. Make sure /etc/dropbear/ exists and then pass '-R' to the dropbear server. ============================================================================ If the server is run as non-root, you most likely won't be able to allocate a pty, and you cannot login as any user other than that running the daemon (obviously). Shadow passwords will also be unusable as non-root. ============================================================================ The Dropbear distribution includes a standalone version of OpenSSH's scp program. You can compile it with "make scp", you may want to change the path of the ssh binary, specified by _PATH_SSH_PROGRAM in options.h . By default the progress meter isn't compiled in to save space, you can enable it by adding 'SCPPROGRESS=1' to the make commandline.