summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Bump version to 2022.82HEADmasterMatt Johnston2022-04-013-14/+29
|
* Fix -q to hide the bannerMatt Johnston2022-04-011-0/+5
| | | | Got lost merging the DEBUG/TRACE level patch
* Fix IPv6 address parsing for dbclient -bMatt Johnston2022-04-014-53/+83
| | | | | | | Now can correctly handle '-b [ipv6address]:port' Code is shared with dropbear -p, though they handle colon-less arguments differently
* Allow dbclient -J to be used with multihopMatt Johnston2022-04-011-37/+28
| | | | | | Based on a patch from Hans Harder. This also tidies formatting and un-needed parts
* Add m_snprintf() that won't return negativeMatt Johnston2022-04-012-0/+15
|
* Fix extra default -i arguments for multihopMatt Johnston2022-04-011-8/+11
| | | | | | | When multihop executes dbclient it should only add -i arguments from the original commandline, not the default id_dropbear key. Otherwise multiple -i arguments keep getting added which results in servers disconnecting with too many auth attempts
* dbclient print remote fingerprint with -vMatt Johnston2022-04-011-1/+1
|
* Write CHANGES since last releaseMatt Johnston2022-03-301-6/+122
|
* Add /usr/sbin and /sbin to default root PATHRaphael Hertzog2018-07-092-1/+6
| | | | | | | | | | | | | | | | | | | | | | | When dropbear is used in a very restricted environment (such as in a initrd), the default user shell is often also very restricted and doesn't take care of setting the PATH so the user ends up with the PATH set by dropbear. Unfortunately, dropbear always sets "/usr/bin:/bin" as default PATH even for the root user which should have /usr/sbin and /sbin too. For a concrete instance of this problem, see the "Remote Unlocking" section in this tutorial: https://paxswill.com/blog/2013/11/04/encrypted-raspberry-pi/ It speaks of a bug in the initramfs script because it's written "blkid" instead of "/sbin/blkid"... this is just because the scripts from the initramfs do not expect to have a PATH without the sbin directories and because dropbear is not setting the PATH appropriately for the root user. I'm thus suggesting to use the attached patch to fix this misbehaviour (I did not test it, but it's easy enough). It might seem anecdotic but multiple Kali users have been bitten by this. From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403
* Update to latest config.guess and config.subMatt Johnston2022-03-302-622/+706
|
* Handle ecdsa-sk flags, reject no-touchMatt Johnston2022-03-303-3/+24
| | | | | | | | | For the time being Dropbear will only allow SK auth with default parameters, user-presence needs to be set. In future handling of authorized_keys option "no-touch-required" can be added. This code would also be refactored to share between ecdsa and ed25519 once I get hardware/emulation to test ed25519.
* Fix declaration after statementMatt Johnston2022-03-301-1/+1
| | | | Caught by just-added c89 build
* Add c89 build testMatt Johnston2022-03-301-0/+7
|
* Fix C99 commentMatt Johnston2022-03-301-1/+1
|
* Fix tilde expansion of pathsMatt Johnston2022-03-302-9/+9
| | | | (Part was missed from previous series of commits)
* Expand home path for MOTD fileBegley Brothers Inc2020-07-091-1/+5
| | | | | | Patch modified by Matt Johnston Signed-off-by: Begley Brothers Inc <begleybrothers@gmail.com>
* Default options comments, ignore localoptions.hBegley Brothers Inc2020-07-093-16/+20
| | | | | | Also trim whitespaces. Signed-off-by: Begley Brothers Inc <begleybrothers@gmail.com>
* Allow user space file locations (rootless support)Begley Brothers Inc2020-07-095-19/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Why: Running dropbear as a user (rootless) is aided if files and programs can be saved/removed without needing sudo. What: Use the same convention as DROPBEAR_DEFAULT_CLI_AUTHKEY; if not starting with '/', then is relative to hedge's /home/hedge: *_PRIV_FILENAME DROPBEAR_PIDFILE SFTPSERVER_PATH default_options.h commentary added. Changes kept to a minimum, so log entry in svr_kex.c#163 is refactored. From: Generated hostkey is <path> ... <finger-print> to: Generated hostkey path is <path> Generated hostkey fingerprint is <fp> Otherwise the unexpanded path was reported. Patch modified by Matt Johnston Signed-off-by: Begley Brothers Inc <begleybrothers@gmail.com>
* Check authorized_keys permissions as the userMatt Johnston2022-03-301-41/+39
| | | | | | | | This is necessary on NFS with squash root. Based on work from Chris Dragan This commit also tidies some trailing whitespace. Fixes github pull #107
* Disable dh-group1 KEX by defaultMatt Johnston2022-03-301-2/+4
| | | | Add comments for SK keys
* Document supported formats for dropbearconvertMatt Johnston2022-03-301-5/+14
|
* Print the key type in "Pubkey auth succeeded"Matt Johnston2022-03-301-2/+4
|
* Make SHA1 optional, implement SHA256 fingerprintsMatt Johnston2022-03-308-124/+66
| | | | | | SHA256 is always compiled and only enable SHA1 when needed. Fingerprints are always SHA256: base64 format, md5 and sha1 are removed. dbrandom now uses sha256 its hash function.
* Remove twofish and remnants of blowfishMatt Johnston2022-03-305-48/+2
| | | | | Twofish CTR was never enabled by default and CBC modes are deprecated
* Remove commented ssh.com code from keyimportMatt Johnston2022-03-301-728/+1
|
* Fix dropbearconvert ecdsa parsing error typoMatt Johnston2022-03-291-37/+21
| | | | Simplify handling for different key types
* Use buf_burn_free() instead of two callsMatt Johnston2022-03-299-28/+18
|
* Add ecdsa OpenSSH format for dropbearconvertMatt Johnston2022-03-294-106/+63
|
* Fix dropbearconvert for dropbearmulti testMatt Johnston2022-03-291-0/+1
|
* Add tests for dropbearconvertMatt Johnston2022-03-292-0/+141
|
* Support RSA OpenSSH new format in dropbearconvertMatt Johnston2022-03-294-201/+179
| | | | | | | Added support for reading and writing. PEM writing support has been removed. OpenSSH file format routines have been moved to signkey_ossh.c
* Fix ed25519 dropbear to openssh conversionMatt Johnston2022-03-291-22/+75
| | | | | | This introduces buf_put_ed25519_priv_ossh and buf_get_ed25519_priv_ossh to handle OpenSSH internal private key format. Previously writing OpenSSH format keys didn't write the private part correctly.
* Fix act matrix workaround which broke real actionsMatt Johnston2022-03-241-2/+3
|
* Add build test with DEBUG_TRACE 5Matt Johnston2022-03-241-0/+13
|
* Add -v variable debug levels for server tooMatt Johnston2022-03-245-6/+8
| | | | -vvvv is equivalent to the old -v
* Only set soft core limit not hard limitMatt Johnston2022-03-241-3/+8
| | | | | | Otherwise child shells can't enable coredumps if desired. Fixes #145 on github
* Revert "Don't include sk keys at all in KEX list"Matt Johnston2022-03-242-0/+12
| | | | | | | | This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72. The sk algorithms need to remain in the sigalgs list so that they are included in the server-sig-algs ext-info message sent by the server. RFC8308 for server-sig-algs requires that all algorithms are listed (though OpenSSH client 8.4p1 tested doesn't require that)
* Fix tarball retention-daysMatt Johnston2022-03-241-2/+2
|
* Add release.sh --testrel, github actionMatt Johnston2022-03-242-16/+80
| | | | | This makes github actions create a tarball sha256sum for comparison. The release.sh script now works in a git repository too.
* Merge pull request #152 from HansH111/tracelevel2Matt Johnston2022-03-2313-66/+126
|\
| * Fix building with DEBUG_TRACE = 0Matt Johnston2022-03-222-43/+33
| | | | | | | | Also try a less repetitive way of specifying macros
| * Use signature type not key type for debug messageMatt Johnston2022-03-221-1/+1
| |
| * changed TRACE to DEBUG3 for dbclientHansH1112022-03-191-1/+1
| |
| * changed TRACE to DEBUG2 for dbclientHansH1112022-03-191-8/+8
| |
| * changed TRACE to DEBUG1 for dbclientHansH1112022-03-196-28/+32
| |
| * Added DEBUG1,DEBUG2,DEBUG3 to separate functions while keeping TRACE and TRACE2.HansH1112022-03-193-19/+82
| |
| * increase verboseness by allowing multiple -vHansH1112022-03-191-2/+2
| |
| * Allow for DEBUG_TRACE value 0 - 5HansH1112022-03-191-2/+5
| |
* | mergeMatt Johnston2022-03-2210-30/+143
|\ \ | |/
| * Don't set pubkey_info directly in checkpubkey_lineMatt Johnston2022-03-161-8/+15
| | | | | | | | | | This makes it safe to use from fuzzer-pubkey without leaking the value since the cleanup isn't called
View Lorry Controller Status