You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
simplesshd/dropbear
Greg Alexander 4d888fdd81
fix typo
8 years ago
..
debian
libtomcrypt add LTC_SOURCE to each libtomcrypt .c file because that's easier than 10 years ago
libtommath
.hg_archival.txt
.hgsigs
.hgtags
.travis.yml
CHANGES
INSTALL
LICENSE
MULTI
Makefile.in
README
SMALL
TODO
agentfwd.h
algo.h
atomicio.c
atomicio.h
auth.h if there is no authorized_keys file, generate a single-use password 8 years ago
bignum.c
bignum.h
buffer.c
buffer.h
channel.h
chansession.h
circbuffer.c
circbuffer.h
cli-agentfwd.c
cli-auth.c
cli-authinteract.c
cli-authpasswd.c
cli-authpubkey.c
cli-channel.c
cli-chansession.c
cli-kex.c
cli-main.c
cli-runopts.c
cli-session.c
cli-tcpfwd.c
common-algo.c
common-channel.c
common-chansession.c
common-kex.c
common-runopts.c
common-session.c if there is no authorized_keys file, generate a single-use password 8 years ago
compat.c
compat.h
config.guess
config.h.in
config.sub
configure
configure.ac
crypto_desc.c
crypto_desc.h
curve25519-donna.c
dbclient.1
dbmulti.c
dbrandom.c When reading data from various spots in /proc to initialize the random 8 years ago
dbrandom.h
dbutil.c give a warning and "unknown<af>.unknown" if we fail to get a string for 9 years ago
dbutil.h
debug.h
dropbear.8
dropbearconvert.1
dropbearconvert.c
dropbearkey.1
dropbearkey.c
dss.c
dss.h
ecc.c
ecc.h
ecdsa.c
ecdsa.h
fake-rfc2553.c
fake-rfc2553.h
filelist.txt
gendss.c
gendss.h
genrsa.c
genrsa.h
gensignkey.c
gensignkey.h
includes.h
install-sh
kex.h
keyimport.c
keyimport.h
list.c
list.h
listener.c
listener.h
loginrec.c
loginrec.h
ltc_prng.c
ltc_prng.h
options.h enable TCP port forwarding 8 years ago
packet.c
packet.h
process-packet.c
progressmeter.c
progressmeter.h
queue.c
queue.h
release.sh
rsa.c
rsa.h
runopts.h
scp.c scp is now 64-bit capable as well, i think 8 years ago
scpmisc.c
scpmisc.h
service.h
session.h
signkey.c
signkey.h
ssh.h
sshpty.c
sshpty.h
svr-agentfwd.c
svr-auth.c fix typo 8 years ago
svr-authpam.c
svr-authpasswd.c if there is no authorized_keys file, generate a single-use password 8 years ago
svr-authpubkey.c if there is no authorized_keys file, generate a single-use password 8 years ago
svr-authpubkeyoptions.c
svr-chansession.c don't clear the environment when spawning shells, so that android system 8 years ago
svr-kex.c use rename() if the underlying filesystem doesn't support link() 10 years ago
svr-main.c
svr-runopts.c
svr-service.c
svr-session.c
svr-tcpfwd.c
svr-x11fwd.c
sysoptions.h
tcp-accept.c
tcpfwd.h
termcodes.c
termcodes.h
x11fwd.h

README

This is Dropbear, a smallish SSH server and client.
https://matt.ucc.asn.au/dropbear/dropbear.html

INSTALL has compilation instructions.

MULTI has instructions on making a multi-purpose binary (ie a single binary
which performs multiple tasks, to save disk space)

SMALL has some tips on creating small binaries.

See TODO for a few of the things I know need looking at, and please contact
me if you have any questions/bugs found/features/ideas/comments etc :)

Matt Johnston
matt@ucc.asn.au


In the absence of detailed documentation, some notes follow:
============================================================================

Server public key auth:

You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put
the key entries in that file. They should be of the form:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname

You must make sure that ~/.ssh, and the key file, are only writable by the
user. Beware of editors that split the key into multiple lines.

Dropbear supports some options for authorized_keys entries, see the manpage.

============================================================================

Client public key auth:

Dropbear can do public key auth as a client, but you will have to convert
OpenSSH style keys to Dropbear format, or use dropbearkey to create them.

If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to do:

dropbearconvert openssh dropbear ~/.ssh/id_rsa  ~/.ssh/id_rsa.db
dbclient -i ~/.ssh/id_rsa.db <hostname>

Dropbear does not support encrypted hostkeys though can connect to ssh-agent.

============================================================================

If you want to get the public-key portion of a Dropbear private key, look at
dropbearkey's '-y' option.

============================================================================

To run the server, you need to server keys, this is one-off:
./dropbearkey -t rsa -f dropbear_rsa_host_key
./dropbearkey -t dss -f dropbear_dss_host_key
./dropbearkey -t ecdsa -f dropbear_ecdsa_host_key

or alternatively convert OpenSSH keys to Dropbear:
./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key

You can also get Dropbear to create keys when the first connection is made -
this is preferable to generating keys when the system boots. Make sure 
/etc/dropbear/ exists and then pass '-R' to the dropbear server.

============================================================================

If the server is run as non-root, you most likely won't be able to allocate a
pty, and you cannot login as any user other than that running the daemon
(obviously). Shadow passwords will also be unusable as non-root.

============================================================================

The Dropbear distribution includes a standalone version of OpenSSH's scp
program. You can compile it with "make scp", you may want to change the path
of the ssh binary, specified by _PATH_SSH_PROGRAM in options.h . By default
the progress meter isn't compiled in to save space, you can enable it by 
adding 'SCPPROGRESS=1' to the make commandline.