On Mon, Oct 27, 2008 at 08:46:51PM -0700, Brent Roman wrote:
> This is a patch to v0.51 that introduces a new configure time option
> ALLOW_COREDUMPS
> to allow coredumps from processes
> started via dropbear server (and client)
>
> It conditionally rolls back a change introduced around version 0.
On Tue, Oct 28, 2008 at 06:06:16PM +0800, Ming-Ching Tiew wrote:
>
> I am wondering if it makes sense to put failed
> attempts to login into the syslog including the
> information like user and password ?
>
> Right now it only logs information that there
> is a failed attempt when there is inva
On Thu, Oct 30, 2008 at 02:37:44PM +0100, Michael Wiedmann wrote:
> Hi,
>
> how deals dropbear with different clients which are requesting each a remote
> port forwarding to the same local port (on the server side), e.g.
>
> system-1> dbclient -l user1 -N -R :client-ip-1:80 server-ip
> ...
>
On Mon, Nov 03, 2008 at 07:52:14AM +0100, Michael Wiedmann wrote:
> Hi,
>
> am I correct, that the local port used on the client ('YY' in '-R
> :client-ip:YY') is not part of the SSH_MSG_GLOBAL_REQUEST packet (see
> http://www.faqs.org/rfcs/rfc4254.html, 7.1. Requesting Port Forwarding)?
>
On Tue, Oct 28, 2008 at 01:43:05PM +0800, Noor Maszuari wrote:
> Hi,
> I'm newbie in dropbear and I would like to know how to setup SSH tunneling
> using dropbear?
What sort of tunnelling do you want to use? You probably
would do something like:
dbclient -i /path/to/dropbear.key -L 1234:remotehos
On Thu, Nov 06, 2008 at 07:00:08AM -0600, Steve Hein wrote:
> Hi All--
> I am running dropbear on a Microblaze-MMU platform
> (Spartan-3A FPGA, running @ 62.5MHz).
> I've optimized things as far as I know how, but making
> an ssh connection to dropbear still takes about 12 seconds,
> and the scp an
Hi all.
I've put together a release for Dropbear 0.52. It mostly has
new features, as well as a few bugfixes.
The client has gained a few new additions including the
ability to "onion-route" through a few SSH servers, all
established from the local host. Performance connecting to
an OpenSSH serve
On Tue, Nov 11, 2008 at 06:56:49PM +0100, Roman Medina-Heigl Hernandez wrote:
>
> Putty exposes similar behaviour. Summary:
> 2008-11-11 18:51:30 Looking up host "192.168.0.230"
> 2008-11-11 18:51:30 Connecting to 192.168.0.230 port 22
> 2008-11-11 18:51:30 Server version: SSH-2.0-dropbear_0
On Thu, Nov 20, 2008 at 04:54:14PM +0100, Jeroen van der Vegt wrote:
> Hello,
>
>
> We're using Dropbear 0.51 to create a tunnel from an embedded ARM device to
> a server (running openSSH). We use the precompiled dropbear version from
> Debian, and ssh is symlinked to dbclient.
> The tunnel is co
On Fri, 5 Dec 2008 23:12:33 + (UTC), GeorgeM <[EMAIL PROTECTED]>
wrote:
> i'm using dropbear for dynamic port forwarding. i've noticed that if i
> instruct the socks clients to do dns lookups via tunnel the connection
> becomes unusably slow. for example trying to open youtube, or other
> rea
On Mon, Dec 15, 2008 at 09:16:27AM -0500, Robert P. J. Day wrote:
> >
> > host1 <> host2 <---> host3
> > runs runs runs
> > dbclient dropbear openssh
> >
> > then you would run on host1
> > dbclient -L 1234:host3:22 host2
On Fri, Dec 12, 2008 at 08:50:00AM -0500, Robert P. J. Day wrote:
>
> undoubtedly a trivial question but i want to make sure i have this
> mentally worked out before i get to the office and try it.
>
> i want to set up a system running dropbear to do local port
> forwarding to a remote host r
On Thu, Dec 11, 2008 at 02:14:13PM -0500, Brian Minton wrote:
> Is dropbear vulnerable to the CBC mode plaintext recovery attack described at
> http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
Yes, Dropbear is most likely vulnerable to that attack. The
best workaround (if you're running
On Sun, Dec 14, 2008 at 01:30:12PM +0200, Hai Zaar wrote:
> Good day!
> Why does dbclient reads data from tty and not from standard input? For
> example, OpenSSH reads password from tty and data from standard input,
> enabling piping command's stdout to remove host via ssh, like this:
> $> echo asd
On Wed, Dec 17, 2008 at 11:20:07PM +0100, bodr...@mail.dm.unipi.it wrote:
> I patched the 3-way Toom from libtommath with some simple optimizations
> ( http://ln.bodrato.it/FasterToomConvolution_pdf ), now it is
> significantly faster: on my laptop it "obsoletes" the Karatsuba code,
> since it is a
On Sat, Dec 20, 2008 at 08:49:09PM -0600, Rob Landley wrote:
> Matt mentioned that libtomcrypt might not be particularly maintained anymore,
> did Libtomsfastmath replace it or has the maintainer gone on to other things
> entirely?
I think tomsfastmath was meant to be a bit more limited in
what
On Mon, Dec 22, 2008 at 10:51:26AM -0500, Robert P. J. Day wrote:
> > We do have /dev/pts mounted, that may or may not make a difference
> > (didn't check the code).
>
> i may do that at the earliest possible opportunity, but here's
> what's happening. certainly, without mounting /dev/pts, i ex
On Fri, Jan 02, 2009 at 12:02:18PM -0800, sarta53 wrote:
> I have dropbear sshd v0.51 running on a linksys router loaded with dd-wrt
> firmware.
>
> Is there a way to disable sshd from sending the login banner
> (SSH_MSG_USERAUTH_BANNER) to ssh clients? (which requires them to manually
> click
On Thu, 8 Jan 2009 20:47:43 +0100, "Hans J. Koch"
wrote:
> On Thu, Jan 08, 2009 at 02:38:02PM -0500, Robert P. J. Day wrote:
>>
>> i am most emphatically *not* a windows person, but a co-worker wants
>> to set up some kind of graphical (windows XP) client to SCP files to
>> an embedded system r
On Sat, Jan 17, 2009 at 11:18:00AM -0500, card sharing wrote:
>
> I read something about setting the gatewayports and that dropbear -a would
> probably fix this but i can't make it work...
>
> Where do i set gatewayports for dropbear in ubuntu or how do i make my serwer
> public ?!
You shou
On Mon, Jan 19, 2009 at 02:28:28PM +0100, Michael Wiedmann wrote:
> I get a FTP prompt and can login successfully. But obviously this tunnel is
> not sufficient for the FTP data connections (even in passive mode).
>
> Before I dig deeper into this:
> Is there a way to get FTP (active or passive m
Hi,
Do you know which SSH implementation Eclipse is using? I'll
take a look at what's going on. I wonder if perhaps it's
trying to use a channel that failed to open (or Dropbear's
sending a bad failure response).
Cheers,
Matt
On Mon, Mar 09, 2009 at 01:47:46PM +0100, Tom Deseyn wrote:
> Hello.
>
Hi,
It certainly should be doable, though I don't know what the
Wii platform is like. Take a look at common-session.c for
the main select() loop - if the Wii doesn't have posix
sockets then you'll need to replace that and other calls to
read()/write() and setting up non-blocking sockets.
Dropbear
Hi Robert,
It would probably require changing a bit of Dropbear's auth
code to use mechanisms other than /etc/passwd, though
in general probably not much work.
I've been reluctant to add more PAM support since the PAM
programming interface is quite ill-suited to modern network
applications (witho
On Thu, Mar 26, 2009 at 02:05:02AM -0400, Paul Smith wrote:
> In openssh I can do this by setting the SSH daemon parameter to not fail
> on empty passwords.
>
> But, I can't find anything similar in dropbear. Googling around I found
> references to a "allow-nopw.patch" which supposedly adds this
the footprint?What else can I do to decreasethe footprint to a size of
> 110kB as mentioned?Please reply asap as this is kind of urgent :-)Thanks and
> RegardsSourav
> /* Dropbear SSH
> * Copyright (c) 2002,2003 M
It sounds like the attack described last year, see my
comments at
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2008q4/000848.html
Dropbear probably could be modified the same way as OpenSSH by
continuing to make fake reads from the socket for the length
requested, though it seems a bit overly
On Tue, May 19, 2009 at 07:39:28PM +0530, Sourav Chakraborty wrote:
> Hello List,
> We are in the process of understanding Dropbear codebase to use it as SMALL
> footprint ssh server.Please provide us with the finite state machine diagram
> of the ssh v2 server,asap.That would help us immensely i
Hi.
Thanks for the patch (sorry for the slow response to other
mail) - I'll test it out and apply for the next release.
Cheers,
Matt
On Thu, May 21, 2009 at 11:08:14AM +0200, freddy@free.fr wrote:
> Hello,
>
> With -p dropbear can listenning on [addresse:port], but it fail with
> ipv6 addre
I don't think that will work - "-y" doesn't save the key, it
just skips the question for that run.
SCP can't do it as far as I know - the nicest solution might
be to give scp a flag that will pass any argument through to
the ssh client (like -o, but for dashed-flags).
Cheers,
Matt
On Thu, May 21
will get it to <40kB ;)
Matt
/* Dropbear SSH
* Copyright (c) 2002,2003 Matt Johnston
* All rights reserved. See LICENSE for the license. */
#ifndef _OPTIONS_H_
#define _OPTIONS_H_
/**
* Define compile-time options below - the "#i
Hi Farrell,
If the changes are fairly unobtrusive, I think it might be
worth including. Do you have a patch handy?
Cheers,
Matt
On Sat, May 30, 2009 at 03:11:13PM -0400, Farrell Aultman wrote:
> I discovered that dropbear, especially when using libz for
> compression/decompression, causes memory
I'm pretty sure there are some problems running Dropbear
standalone, since that part isn't really vfork safe. Could
you try running from an inetd (give it -i argument) and see
if that works?
Matt
On Tue, Jul 07, 2009 at 02:12:53PM -0400, Steve Spano wrote:
> Hello,
>
> I am attempting to get dr
notes on the "Race condition"
> also desecribed around the sesssigchild_handler.
> Since we use VFORK, and we didn't properly exit the child, the parent stack
> is messed up and we forget our encryption algorithm, which causes a buffer
> error, and subsequent program exit.
>
Hi,
The Dropbear client doesn't currently support X11
forwarding. You could possibly manually set up TCP
forwarding to localhost:6000 (and set up xhost to allow
connections from localhost, if it's trusted) though it might
be a bit tedious.
Matt
On Thu, Jul 23, 2009 at 12:07:37PM +0400, Vasiliy T
On Wed, Aug 05, 2009 at 07:47:44AM -0500, Steven Hein wrote:
> Just wondering if anyone has pondered adding escape
> sequence support to dropbear? (I'm not looking for a
> full set of escape sequences like openssh has, just the
> "~." support to drop the connection).
>
> or more directlyi
You can specify "-p 192.168.14.51:22" and that should work.
The manual needs correcting, I'lll do that.
Cheers,
Matt
On Sat, Sep 12, 2009 at 02:46:56PM -0400, Oliver wrote:
> Hey,
>
> is there a way to tell dropbear to listen just on a particular IP and
> not 0.0.0.0 ?
>
> I see a cmd line opti
On Fri, Sep 25, 2009 at 07:16:13PM -0700, Vishnu Govardhana wrote:
> Hi Gurus,
> I am a newbie to dropbear. I compiled 0.48.1 version with --enable-pam.
> Now after installing it, my connection from a remote system is failing due
> to 'Bad packet length' (the number varies everytime). I tried to d
On Thu, Oct 01, 2009 at 12:34:30AM -0500, Rob Landley wrote:
> On Wednesday 30 September 2009 22:46:17 Mike Frysinger wrote:
> >
> > dbscp is already in the multi build
>
> Really?
...
> Where?
...
> Because I'm not finding it in the output of
>
> ./configure
> make -j 2 MULTI=1
It's not in the
On Thu, Oct 01, 2009 at 02:11:13AM -0400, Mike Frysinger wrote:
> On Thursday 01 October 2009 01:37:52 Matt Johnston wrote:
> > make -j 2 MULTI=1 PROGRAMS="dropbear dbclient dropbearkey dropbearconvert
> > scp"
> >
> > and it should work. I'll make the d
Hi,
Dropbear doesn't know anything particular about FTP. I
suspect that forwarding FTP through dropbear (or any other
SSH server) won't work very well, given they dynamic
port allocation. Perhaps OpenSSH client with socks
forwarding might work?
Cheers,
Matt
On Wed, Oct 07, 2009 at 06:05:08PM +05
Hi,
There isn't anything in options.h, though you could edit
bits of svr-chansession.c to achieve what you want.
Alternatively you could change the shell in /etc/passwd
(depending how the system is set up).
Cheers,
Matt
On Mon, Oct 05, 2009 at 03:49:09PM -0500, Kavita Raghunathan wrote:
> Hi,
>
On Thu, Oct 08, 2009 at 10:06:18PM -0500, Rob Landley wrote:
> On Wednesday 07 October 2009 11:29:48 Matt Johnston wrote:
> > Hi,
> >
> > Dropbear doesn't know anything particular about FTP. I
> > suspect that forwarding FTP through dropbear (or any other
>
Hi,
I've taken a look at the RFCs (below), and I'm fairly sure
that the behaviour of Dropbear is correct:
From rfc3447
- k is the length in octets of the RSA modulus n
- If the length of the signature S is not k octets, output
"invalid signature" and stop.
Regarding interoperability, I'm relu
On Tue, Nov 17, 2009 at 10:48:02PM -0600, Rob Landley wrote:
> Why does ./configure die on a system that hasn't got zlib installed unless
> you
> tell it --disable-zlib?
>
> Isn't the point of configure to find out what you have and haven't got on
> your
> system, and build accordingly?
In ge
Hi Anton,
It certainly is wrong for it to be calling m_burn on the
DROPBEAR_PASSWORD environment variable, I'll fix that. I'm
not totally sure what the correct behaviour for "change
password" or other similar auth prompts is - perhaps
DROPBEAR_PASSWORD should only be used for the first
"no-echo" r
On Tue, Dec 08, 2009 at 03:47:02PM -0800, Ahilan Anantha wrote:
> Hi List,
>
> I plan to use "dbclient" as a low memory footprint alternative to
> OpenSSH's "ssh" for SSH tunnels.
>
> On the client I have software that creates SSH tunnels to many systems.
> Sometimes the connection to these rem
Hi,
Apologies to everyone for the long delay in replying.
On Wed, Jul 07, 2010 at 10:42:11AM +0100, Dan O'Donovan wrote:
> You're correct that the -K option should prevent the server and the routers
> in between from closing the connection.
> I tried using the -I option in the same way that you d
On Wed, Jul 21, 2010 at 01:47:10PM +, Johan Ribenfors wrote:
> This compiled and ran fine - but didn't solve the problem. The server
> (OpenSSH) would still drop the occasional connection and dropbear wouldn't
> notice. I might be using it incorrectly, (I hope I am) but don't think so.
> J
On Thu, Jul 22, 2010 at 02:46:38PM +, Johan Ribenfors wrote:
> Matt Johnston ucc.asn.au> writes:
>
> > This looks sensible (exiting if a -R forward fails when -N
> > is specified). I wonder if anyone would have problems if
> > they're using -N and multiple -L/
What commandline are you running? If it works by hand but
not from a script then that suggests that it might be that the
program needs a TTY to run properly - you could try running
"dbclient -t" in the cronjob?
Testing here redirecting output seems to work as below (the shell is
zsh). I've added -
Hi,
You need to enable "ENABLE_SVR_PAM_AUTH" and disable
"ENABLE_SVR_PASSWORD_AUTH" in options.h. Note that Dropbear
only supports simple PAM auth (asking for a
username/password), nothing more complicated since the API
isn't well suited to network apps.
Cheers,
Matt
On Wed, Jul 28, 2010 at 10:3
Hi,
Could you try running "strace -p " on the
dbclient process when it's running under the wrapper, soon
after it starts? That might give a clue as to how it
differs.
Cheers,
Matt
On Mon, Aug 16, 2010 at 12:54:30PM +0200, Fabrizio Bertocci wrote:
> Hi All,
> Here is an interesting (but inconveni
On Mon, Aug 23, 2010 at 04:06:46PM -0400, Scott Sturdivant wrote:
> Using dropbear 0.50 (I know there's a more recent, but didn't see any
> changelog notes about this issue), if I try to use dbclient to connect to
> a host that has a long banner (1553 chars), I get the following error:
>
> dbcli
On Tue, Aug 24, 2010 at 07:11:47PM +0800, Matt Johnston wrote:
> > On this particular host, I do not have access to change the banner.
> > However on a different machine that I do have access to, I did change its
> > banner and confirmed that indeed when using the lo
The "multi" stuff is defined in the Makefile - compile with
"make MULTI=1" to create the multi-function binary. If
you're only using dbclient it might be easier to just rename
main() in cli-main.c .
libtomcrypt and libtommath are built as static libraries
that are linked to Dropbear. I think you s
On Tue, Oct 12, 2010 at 03:31:29PM +0800, Ming-Ching Tiew wrote:
>
> I used dbclient -y to get pass the prompting of answering 'y'
> to unknown hosts, in batchmode execution.
>
> However, I could not do the same with scp. Tried these :-
>
> scp -q
> scp -o "BatchMode yes"
> scp -y
On Tue, Oct 12, 2010 at 02:28:48AM -0700, Robert Ransom wrote:
> Where is the current Dropbear development source repository?
Ah, the web interface had stopped updating, I've fixed that
now.
http://viewmtn.angrygoats.net/all/branch/changes/au.asn.ucc.matt.dropbear
is the URL or you can pull branc
Hi,
-t won't work without a terminal, so that makes sense. If
you redirect input of the command as:
DROPBEAR_PASSWORD=hello1234 dbclient hostname command < /dev/zero
Does that work? It's a bit of a hack workaround, I need to
figure what's going on properly.
Cheers,
Matt
On Fri, Feb 11, 2011 at
Hi all,
After much too long a delay Dropbear 0.53 is now released.
Tarballs are located at http://matt.ucc.asn.au/dropbear/ as usual,
changes are as listed below.
Cheers,
Matt
0.53 - Thurs 24 February 2011
- Various performance/memory use improvements
- Client agent forwarding now works, using
On Fri, Feb 25, 2011 at 12:13:24AM -0600, Rob Landley wrote:
> On 02/24/2011 08:37 AM, Matt Johnston wrote:
> > Hi all,
> >
> > After much too long a delay Dropbear 0.53 is now released.
> > Tarballs are located at http://matt.ucc.asn.au/dropbear/ as usual,
>
Hi,
I've put up Dropbear 0.53.1 which fixes a few problems with
0.53. These are mostly compile fixes so if 0.53 worked for
you then it's not worth changing. The exception is the zlib
memLevel option - it seems that buffers don't get flushed
properly so I've removed it.
As usual the webpage is
htt
Hi,
What clock speed is the CPU? It looks a bit like it's just taking a very long
time to perform big-number operations.
Cheers,
Matt
Magnus Nilsson wrote:
>Hello,
>
>I have an issue with ~45s delay on every login (ssh, scp etc). Once the
>
>link is up dropbear runs fine.
>
>After reading the
40.htm
>
> If this is expected, what can I do to shorten the delay (without
> compromising security too much)? 45s is a bit long to endure (e.g.
> WinSCP gives up after 15s).
> I'll try get top or a better ps on the board to see how busy the cpu gets.
>
> Kind regards/M
On Tue, Mar 15, 2011 at 02:02:54PM +0100, Magnus Nilsson wrote:
> Sorry, I was unclear - it's only 100% busy during those 45s.
> My question is:
> Is 45s reasonable on a 192MHz cpu, or do you think I might have some
> issue with my compilation options (see my first post,
> http://hi.baidu.com/kkern
On Wed, Mar 16, 2011 at 07:16:34PM -0500, Rob Landley wrote:
> On 03/16/2011 02:25 AM, Peter Turczak wrote:
> > Hi Magnus, hi Rob,
> >
> > a while ago I made the same observations you did. On an m68k-nommu
> > with 166 MHz the RSA exchange took quite forever. After some
> > profiling I found out t
On Tue, May 10, 2011 at 08:58:33AM -0700, Sam Gandhi wrote:
> I am running dropbear 0.53 on my server, when I connect to this
> machine, when my connection closes, due to inactivity, I see following
> message:
>
> Bad packet length 1128090262.
> Disconnecting: Packet corrupt
Hi,
Is the server ru
On Fri, May 13, 2011 at 10:27:51AM -0700, Sam Gandhi wrote:
> > What does a tcpdump or wireshark capture look like? After
> > the first few packets there should be nothing intelligible
> > in the byte stream (it's all encrypted).
> >
> I have attached wireshark capture -- at least -- I cant see any
On Sun, Jun 26, 2011 at 07:42:23PM -0500, Rob Landley wrote:
>
> The 0.53 release of dropbear had -lcrypt symbols referenced in .o or .a
> files _after_ libcrypt on the link command line. Thus they were
> unresolved, and the link failed.
>
> I reported this here, and in response matt moved -lcry
On Thu, Jun 30, 2011 at 10:43:10PM +0800, Matt Johnston wrote:
> Yes, that was a bit unfortunate. I've attached a patch that
Here's the patch, missed it.
Matt
#
# old_revision [c7f6c45c46a2f8e2394756c68ae825d6e4dc7489]
#
# patch "Makefile.in"
# from [ea21753734b01f01e
On Wed, Jul 06, 2011 at 05:33:47AM -0400, Guylhem Aznar wrote:
> However I just can't make port forwarding work. To make sure the issue
> came from dropbear, I tried with tinyproxy listening on port 3128,
> dropbear running on port 220 and openssh-server running on port 222:
...
> channel 9: open f
Hi,
I don't know what your appliance's manufacturer has done,
what device it? I would think you can probably create the
symlink, though it'd depend how things were built.
Matt
On Mon, Jul 18, 2011 at 04:02:33PM +0200, Gilles wrote:
> Hello
>
> On an appliance, I noticed that "dblclient" and "dr
On Tue, Aug 23, 2011 at 06:49:42PM -0400, Guylhem Aznar wrote:
> However a 5 seconds delay remains:
>
> Aug 23 18:37:41 dropbear[6505]: Child connection from (...)
> Aug 23 18:37:45 dropbear[6505]: Pubkey auth succeeded for (...)
>
> Any suggestion?
A slow CPU could take 5 seconds to do the big-
On Tue, Aug 23, 2011 at 11:26:03AM +0800, Amer wrote:
> Hello. I just started using dropbear (compiled from latest source)
> only recently so pardon me if this has been brought up before
>
> I noticed that on some distro, debian based ones mainly such as
> Ubuntu, dropbear doesn't read and set en
Hi,
Sorry for the delayed reply. I have a very brief look at it.
The actual SSH protocol parts probably aren't too hard to
implement, just some similar bits to the existing code in
*kex.c and dsa.c. However I don't know how good
libtomcrypt and libtommath's ECC support is, so possibly
that could
to add it as a feature?
>
> Cheers
>
> Ed W
>
>
> On 24/08/2011 12:54, Matt Johnston wrote:
> > Hi,
> >
> > Sorry for the delayed reply. I have a very brief look at it.
> > The actual SSH protocol parts probably aren't too hard to
> > impl
On Wed, Sep 07, 2011 at 09:39:11AM +1000, Stuart Longland wrote:
>
> One can only hope dropbear_exit is to terminate the connection and not
> the daemon. I haven't spotted where common_channel.c is lurking in CVS.
That's correct - dropbear_exit() exits the current process,
but each connection ru
Dropbear client always uses compression if possible, when it
is compiled in. The -C argument is ignored.
Cheers,
Matt
On Mon, Sep 05, 2011 at 03:46:59PM +0200, Guillaume Dargaud wrote:
> Hello all,
> I'm using dropbear compiled from buildroot:
> $ grep DROP .config
> .config:BR2_PACKAGE_DROPBEAR=
On Thu, Aug 25, 2011 at 01:43:28PM -0400, Guylhem Aznar wrote:
> There is no nfs.
Yes - in my experience well set up NFS isn't slow, though
you have to have very particular versions of Linux for it to
all work properly. That said, NFS certainly has nothing to
do with this.
> Dropbear is executed
On Sat, Sep 10, 2011 at 10:07:49PM -0500, Augie Fackler wrote:
> > Have you tried http://mercurial.selenic.com/wiki/ConvertExtension ?
> >
> > I don't know the state of monotone support in mercurial, but I've never
> > used monotone, so...
>
> Convert should work. If not, feel encouraged to give
Hi,
Thanks for the patch, it answers my commented question six
years later :) What are the implications of "stomping on"
the ECN bit on pre-2.6.39 kernels?
I agree flags for SCP would make sense, I'll take a look
where to do that. I'm not sure how to handle SFTP since
lookup commands should remai
Hi,
The LIBS="-lcrypt" workaround is known bug, it will be fixed in
the next release.
The other problems with compiling statically are more
general. It isn't really possible to compile a program
totally statically against glibc since it will still depend
on dynamic libnss*.so depending on the con
Hi,
Commenting out that code looks like a good idea - I think
it's from before pubkey auth was added to Dropbear. I've got
a separate but related patch to allow empty passwords if you
want, see attached.
PS, mercurial conversion is still planned, but I need to get
time to hack up the mercurial mo
I think you cannot build static programs on Solaris. From the
cc manpage
Note: Many system libraries, such as libc, are only
available as dynamic libraries in the Solaris 64-bit
compilation environment. Therefore, do not use -Bstatic
as the last toggle on the command line.
I guess it's si
On Sat, Sep 10, 2011 at 09:18:02PM -0500, Rob Landley wrote:
> Have you tried http://mercurial.selenic.com/wiki/ConvertExtension ?
>
> I don't know the state of monotone support in mercurial, but I've never
> used monotone, so...
I've finally converted the Dropbear repository to Mercurial
using
Hi all,
A new version 2011.54 of Dropbear SSH is available from
https://matt.ucc.asn.au/dropbear/dropbear.html
Changes are listed below. Note the new version numbering
scheme. Source is now stored with Mercurial at
https://secure.ucc.asn.au/hg/dropbear/
Cheers,
Matt
2011.54 - Tuesday 8 November
Yep, it's on the webpage feature list.
Matt
Vasiliy Tolstov wrote:
2011/11/8 Matt Johnston :
> Hi all,
>
> A new version 2011.54 of Dropbear SSH is available from
> https://matt.ucc.asn.au/dropbear/dropbear.html
>
> Changes are listed below. Note the new version number
It sounds like there are settings in ~/.bash_login or
similar, which only gets evaluated when you get an
interactive login shell (not when you run a command).
You could try moving the commands to ~/.bashrc (or similar,
I don't know what shell you are using).
Alternative you you could run
ssh h
Hi,
The new development repository is
https://secure.ucc.asn.au/hg/dropbear
That has all the old monotone history imported, with branch
names changed. I'm not quite sure the best way for you to
switch to that server.
I only noticed your github conversion after getting the
Mercurial repository go
e to take a look at this, and the cut down repo you
> provided converted without a hitch. Should I try it on the full-size
> repository? I don't see any obviously related changesets in hgext.convert's
> recent history.
>
>
> On Sep 11, 2011, at 8:48 AM, Matt Johnston
On Mon, Nov 28, 2011 at 02:09:55PM -0500, Christopher Barry wrote:
>
> forgive my ignorance, but why the move to mercurial as opposed to say
> git? Is there a technical reason, or is it simply a personal preference?
Personal preference mostly. With Mercurial I've found it
easier to get things don
It looks like you're trying to listen on port 7722 for both
the port 22 and port 80 cases? I think anything that works
in OpenSSH should work in Dropbear 2011.54 (at least for
ipv4). 0.53(.1) had bugs with -R forwarding.
Cheers, Matt
On Sun, Jan 08, 2012 at 09:46:14AM +, Andreas Zoeller wrote
That should work in 2011.54
Cheers,
Matt
On Tue, Jan 10, 2012 at 04:51:25PM +0530, Chandan Tiwari wrote:
> Hi
>
>
>
> I've installed dropbear 0.53.1 on my linux machine and I tried to
> request for remote port forwarding by assigning the port to listen as 0
> using the command :
>
> db
Hi all,
Dropbear 2012.55 is now released, available as usual at
https://matt.ucc.asn.au/dropbear/dropbear.html
This fixes a security bug that could potentially allow
arbitrary code execution as root to a user authenticating
using an authorized_keys file with a command="..."
restriction.
Cheers,
Hi,
I'm not sure that this will work correctly, have you been
using it on a MMU-less system? After the vfork() it doesn't
execve(), so it will be sharing a lot of memory state with
parent process (which also needs to keep running). For
uclinux systems I think people have usually been using inetd
m
Hi,
There isn't any scp specific code, so I think something else
must be going wrong. Does running "ssh tsct hostname" work?
(scp gets run as a command argument like that).
Could it be that 0.55 was compiled against a different libc
that has dependencies on libnss* or something? To me it
looks as
0
> > 0.50: debug2: channel 0: read<=0 rfd 4 len 0
> > 0.50: debug2: channel 0: read failed
> > 0.50: debug2: channel 0: close_read
> > 0.50: debug2: channel 0: input open -> drain
> > 0.50: debug2: channel 0: ibuf empty
> > 0.50: debug2: channel 0: send
Hi,
> When I ssh to the openssh server using an account with an empty
> password, I see that that the auth method "none" succeeds. When I ssh
> to the dropbear server, it ends up using auth method "password" with
> an empty password. Can somebody lend me a clue as to what I need to
> do to make
Hi,
If you run Dropbear with "-F -E -v" arguments it will run in the foreground
with output to standard output/error. -v turns on the debug output from
DEBUG_TRACE. If you send me that I can see if there's anything obvious.
Cheers,
Matt
Bodo Meissner wrote:
>Hello all,
>
>I need some help wi
On Tue, May 08, 2012 at 05:45:50PM +0200, Bodo Meissner wrote:
> With debugging on the PC we found out that the library SSH.NET sometimes
> sends SSH_MSG_CHANNEL_CLOSE twice for the same channel number.
> This seems to depend on which end first decides to close the channel.
> I filed a bug report
101 - 200 of 485 matches
Mail list logo