mirror of
http://galexander.org/git/simplesshd.git
synced 2024-11-30 11:18:12 +00:00
0ff8cc90aa
Revert "somehow #define LTC_SOURCE 1 (which should really be in all libtomcrypt"
This reverts commit
|
||
---|---|---|
.. | ||
debian | ||
libtomcrypt | ||
libtommath | ||
.hg_archival.txt | ||
.hgsigs | ||
.hgtags | ||
.travis.yml | ||
agentfwd.h | ||
algo.h | ||
atomicio.c | ||
atomicio.h | ||
auth.h | ||
bignum.c | ||
bignum.h | ||
buffer.c | ||
buffer.h | ||
CHANGES | ||
channel.h | ||
chansession.h | ||
circbuffer.c | ||
circbuffer.h | ||
cli-agentfwd.c | ||
cli-auth.c | ||
cli-authinteract.c | ||
cli-authpasswd.c | ||
cli-authpubkey.c | ||
cli-channel.c | ||
cli-chansession.c | ||
cli-kex.c | ||
cli-main.c | ||
cli-runopts.c | ||
cli-session.c | ||
cli-tcpfwd.c | ||
common-algo.c | ||
common-channel.c | ||
common-chansession.c | ||
common-kex.c | ||
common-runopts.c | ||
common-session.c | ||
compat.c | ||
compat.h | ||
config.guess | ||
config.h.in | ||
config.sub | ||
configure | ||
configure.ac | ||
crypto_desc.c | ||
crypto_desc.h | ||
curve25519-donna.c | ||
dbclient.1 | ||
dbmulti.c | ||
dbrandom.c | ||
dbrandom.h | ||
dbutil.c | ||
dbutil.h | ||
debug.h | ||
dropbear.8 | ||
dropbearconvert.1 | ||
dropbearconvert.c | ||
dropbearkey.1 | ||
dropbearkey.c | ||
dss.c | ||
dss.h | ||
ecc.c | ||
ecc.h | ||
ecdsa.c | ||
ecdsa.h | ||
fake-rfc2553.c | ||
fake-rfc2553.h | ||
filelist.txt | ||
gendss.c | ||
gendss.h | ||
genrsa.c | ||
genrsa.h | ||
gensignkey.c | ||
gensignkey.h | ||
includes.h | ||
INSTALL | ||
install-sh | ||
kex.h | ||
keyimport.c | ||
keyimport.h | ||
LICENSE | ||
list.c | ||
list.h | ||
listener.c | ||
listener.h | ||
loginrec.c | ||
loginrec.h | ||
ltc_prng.c | ||
ltc_prng.h | ||
Makefile.in | ||
MULTI | ||
options.h | ||
packet.c | ||
packet.h | ||
process-packet.c | ||
progressmeter.c | ||
progressmeter.h | ||
queue.c | ||
queue.h | ||
README | ||
release.sh | ||
rsa.c | ||
rsa.h | ||
runopts.h | ||
scp.c | ||
scpmisc.c | ||
scpmisc.h | ||
service.h | ||
session.h | ||
signkey.c | ||
signkey.h | ||
SMALL | ||
ssh.h | ||
sshpty.c | ||
sshpty.h | ||
svr-agentfwd.c | ||
svr-auth.c | ||
svr-authpam.c | ||
svr-authpasswd.c | ||
svr-authpubkey.c | ||
svr-authpubkeyoptions.c | ||
svr-chansession.c | ||
svr-kex.c | ||
svr-main.c | ||
svr-runopts.c | ||
svr-service.c | ||
svr-session.c | ||
svr-tcpfwd.c | ||
svr-x11fwd.c | ||
sysoptions.h | ||
tcp-accept.c | ||
tcpfwd.h | ||
termcodes.c | ||
termcodes.h | ||
TODO | ||
x11fwd.h |
This is Dropbear, a smallish SSH server and client. https://matt.ucc.asn.au/dropbear/dropbear.html INSTALL has compilation instructions. MULTI has instructions on making a multi-purpose binary (ie a single binary which performs multiple tasks, to save disk space) SMALL has some tips on creating small binaries. See TODO for a few of the things I know need looking at, and please contact me if you have any questions/bugs found/features/ideas/comments etc :) Matt Johnston matt@ucc.asn.au In the absence of detailed documentation, some notes follow: ============================================================================ Server public key auth: You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put the key entries in that file. They should be of the form: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname You must make sure that ~/.ssh, and the key file, are only writable by the user. Beware of editors that split the key into multiple lines. Dropbear supports some options for authorized_keys entries, see the manpage. ============================================================================ Client public key auth: Dropbear can do public key auth as a client, but you will have to convert OpenSSH style keys to Dropbear format, or use dropbearkey to create them. If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to do: dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_rsa.db dbclient -i ~/.ssh/id_rsa.db <hostname> Dropbear does not support encrypted hostkeys though can connect to ssh-agent. ============================================================================ If you want to get the public-key portion of a Dropbear private key, look at dropbearkey's '-y' option. ============================================================================ To run the server, you need to server keys, this is one-off: ./dropbearkey -t rsa -f dropbear_rsa_host_key ./dropbearkey -t dss -f dropbear_dss_host_key ./dropbearkey -t ecdsa -f dropbear_ecdsa_host_key or alternatively convert OpenSSH keys to Dropbear: ./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key You can also get Dropbear to create keys when the first connection is made - this is preferable to generating keys when the system boots. Make sure /etc/dropbear/ exists and then pass '-R' to the dropbear server. ============================================================================ If the server is run as non-root, you most likely won't be able to allocate a pty, and you cannot login as any user other than that running the daemon (obviously). Shadow passwords will also be unusable as non-root. ============================================================================ The Dropbear distribution includes a standalone version of OpenSSH's scp program. You can compile it with "make scp", you may want to change the path of the ssh binary, specified by _PATH_SSH_PROGRAM in options.h . By default the progress meter isn't compiled in to save space, you can enable it by adding 'SCPPROGRESS=1' to the make commandline.