On Wednesday 27 of July 2016 18:05:01 Dmitry Bogatov wrote: > [2016-07-27 16:13] Jan Mojzis <jan.moj...@gmail.com> > > > > Package: wnpp > > Severity: wishlist > > Owner: Jan Mojzis <jan.moj...@gmail.com> > > > > * Package name : tinyssh > > Version : 20160726 > > Upstream Author : Jan Mojzis <jan.moj...@gmail.com> > > * URL : https://tinyssh.org/ > > * License : public domain > > Programming Lang: C > > Description : Tiny SSH server > > > > This is tiny SSH server which implement 'less'. > > TinySSH supports only secure crypto (min 128-bit security, > > protected against cache-timing attacks). > > Unnecessary features (such SSH1 protocol, compression, scp, sftp, ...), > > unsafe crypto (such rsa, dsa, hmac-md5, hmac-sha1, 3des, arcfour, ...) and > > unsafe features (such password or hostbased authentication) > > are simply NOT implemented. > > TinySSH has less than 100000 words of code, so it's very easy auditable. > > Sounds nice. How does it compare with dropbear?
Hello, TinySSH not implements 100% of SSH protocol. It has limited amount of features. 1. only safe crypto: implemented: ssh-ed25519, curve25519-sha...@libssh.org, chacha20-poly1...@openssh.com also implemented older standard (but disabled by default) ecdsa-sha2-nistp256, ecdh-sha2-nistp256, aes128-ctr, aes256-ctr, hmac-sha2-256 not implemented: rsa, dsa, hmac-md5, hmac-sha1, 3des, arcfour, .... 2. only safe protocol implemented: subset of SSHv2 features not implemented: SSHv1 3. only safe authentification implemented: only authorized_keys authentification not implemented: password or hostbased authentication 4. no unnecesary programs scp (‘rsync -e ssh’ makes same job) sftp (TinySSH doesn’t have sftp program, but can run e.g. OpenSSH /usr/libexec/openssh/sftp-server) 5. TinySSH has less than 100.000 word of code computed using shell command: cat *.c *.h \ | (cpp -fpreprocessed || gcpp -fpreprocessed) \ | sed 's/[_a-zA-Z0-9][_a-zA-Z0-9]*/x/g' \ | tr -d ' \012' | wc -c | tr -d ' ' 'word of code' idea is taken from: https://cr.yp.to/qmail/qmailsec-20071101.pdf[1] Jan -------- [1] https://cr.yp.to/qmail/qmailsec-20071101.pdf
