Latest Debian Packages are here: gpg --keyserver subkeys.pgp.net --recv-keys 92B84A1E gpg -a --export 92B84A1E | apt-key add -
& add to /etc/apt/sources.list: deb http://cdn.content-network.net/mirror/apt.balocco.name wheezy main php ssh www deb-src http://cdn.content-network.net/mirror/apt.balocco.name wheezy main php ssh www If you use Fail2Ban with Dropbear instructions here to run Fail2Ban as a non root user: https://coderwall.com/p/haj28a My comment on that page to fix the Dropbear filter will only apply to the official debs - the fix is included in the above packages. Also change /etc/fail2ban/jail.local logpath & filter settings for dropbear: [dropbear] enabled = true port = 2222 filter = dropbear logpath = /var/log/auth.log maxretry = 3 Stuart. On 10/06/2013 08:49 PM, Catalin Patulea wrote: > Are there any mirrors of Dropbear releases? OpenWRT used to use > http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/dropbear/ > but it seems that mirror is now defunct. > > On Fri, Oct 4, 2013 at 10:38 AM, Matt Johnston <[email protected]> wrote: >> Hi all, >> >> Dropbear 2013.59 has been released. It fixes a number of >> bugs, including two security issues affecting prior >> releases. >> >> - The Dropbear server could be made to consume large amounts >> of memory because decompressed packet sizes weren't checked. >> Depending on the OS and hardware this might be a denial of >> service. >> >> - Valid users could be identified due to timing variations. >> >> As usual you can download it from >> https://matt.ucc.asn.au/dropbear/dropbear.html >> >> >> Cheers, >> Matt >> >> 2013.59 - Friday 4 October 2013 >> >> - Fix crash from -J command >> Thanks to Lluís Batlle i Rossell and Arnaud Mouiche for patches >> >> - Avoid reading too much from /proc/net/rt_cache since that causes >> system slowness. >> >> - Improve EOF handling for half-closed connections >> Thanks to Catalin Patulea >> >> - Send a banner message to report PAM error messages intended for the user >> Patch from Martin Donnelly >> >> - Limit the size of decompressed payloads, avoids memory exhaustion denial >> of service >> Thanks to Logan Lamb for reporting and investigating it >> >> - Avoid disclosing existence of valid users through inconsistent delays >> Thanks to Logan Lamb for reporting >> >> - Update config.guess and config.sub for newer architectures >> >> - Avoid segfault in server for locked accounts >> >> - "make install" now installs manpages >> dropbearkey.8 has been renamed to dropbearkey.1 >> manpage added for dropbearconvert >> >> - Get rid of one second delay when running non-interactive commands >> >> Releases are signed by PGP key [email protected] 4C647FBC >> D11E 5F8D 2C38 523F 57F1 2166 8CF9 F8B0 4C64 7FBC
