Re: Authenticating to dropbear using ecdsa-sha2-nistp256
On Fri, 11 Nov 2022 at 03:20, Matt Johnston wrote: > On Tue, Nov 08, 2022 at 04:57:40PM +0200, Rogan Dawes wrote: > > The targets that I have available are OpenWrt 21.02.1 running Dropbear > > v2020.81 and 22.03.0 running Dropbear v2022.82. > > Ah, OpenWRT doesn't include ecdsa support (for size > reasons) - only remembered that now. You'll have to use rsa > or ed25519 instead if possible. > > It's possible to rebuild their package with the DROPBEAR_ECC > openwrt config option. > > Cheers, > Matt I was under the impression that the ssh protocol included a handshake step where supported algorithms were exchanged, and keys that do not match are eliminated? I’ll check what that shows in the logs. Thanks Rogan >
Authenticating to dropbear using ecdsa-sha2-nistp256
Hi folks, I have created an SSH private key in my M1 Mac's Secure Enclave, and am using it to SSH to various targets. Those using OpenSSH work fine, and I am prompted to unlock the SE. However, those using dropbear do not work, giving me the following result on the client: debug1: Offering public key: ecdsa-sha2-nistp256 ECDSA SHA256:XXX agent debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey I have tried to enable verbose logging on the server side, but have not been able to find any option to actually do this. The targets that I have available are OpenWrt 21.02.1 running Dropbear v2020.81 and 22.03.0 running Dropbear v2022.82. Thanks Rogan
