| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |\ \ \
| |/ /
|/| | |
Fix misleading error message
|
| |/ /
| |
| |
| | |
As per the message, even if I deleted the write permission(chmod -007), but an error occurred.
It's a source of confusion, so fix the message.
|
| | |
| |
| |
| |
| |
| |
| | |
Since re-exec change in 2022.82 Dropbear count
treat authenticated sessions towards the unauthenticated
session limit. This is fixed by passing the childpipe FD
through to the re-execed process.
|
| |\ \
| | |
| | | |
Fix compilation when disabling pubkey authentication (DROPBEAR_SVR_PUBKEY_AUTH)
|
| | | | |
|
| |/ /
| |
| | |
Following issue "Compilation error when disabling pubkey authentication (DROPBEAR_SVR_PUBKEY_AUTH)" from davidbernard04, code is modified to take in account that requesting information from method "ses.authstate.pubkey_info" isn't possible since the method is disabled when DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT value is 0.
|
| | | |
|
| | |
| |
| |
| | |
It's too noisy, lacks context
|
| | | |
|
| |/
|
| |
Experiment whether codeql works
|
| | |
|
| |
|
|
| |
Some options depend on correct library support.
|
| |
|
|
| |
Seeing if this fixes test failures
|
| |
|
|
| |
This would have caught broken x11 (gh #156)
|
| |
|
|
| |
TRACE() code only gets used above DROPBEAR_VERBOSE_LEVEL
|
| | |
|
| | |
|
| |
|
|
| |
Got lost merging the DEBUG/TRACE level patch
|
| |
|
|
|
|
|
| |
Now can correctly handle '-b [ipv6address]:port'
Code is shared with dropbear -p, though they handle colon-less arguments
differently
|
| |
|
|
|
|
| |
Based on a patch from Hans Harder.
This also tidies formatting and un-needed parts
|
| | |
|
| |
|
|
|
|
|
| |
When multihop executes dbclient it should only add -i arguments
from the original commandline, not the default id_dropbear key.
Otherwise multiple -i arguments keep getting added which
results in servers disconnecting with too many auth attempts
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When dropbear is used in a very restricted environment (such as in a
initrd), the default user shell is often also very restricted
and doesn't take care of setting the PATH so the user ends up
with the PATH set by dropbear. Unfortunately, dropbear always
sets "/usr/bin:/bin" as default PATH even for the root user
which should have /usr/sbin and /sbin too.
For a concrete instance of this problem, see the "Remote Unlocking"
section in this tutorial: https://paxswill.com/blog/2013/11/04/encrypted-raspberry-pi/
It speaks of a bug in the initramfs script because it's written "blkid"
instead of "/sbin/blkid"... this is just because the scripts from the
initramfs do not expect to have a PATH without the sbin directories and
because dropbear is not setting the PATH appropriately for the root user.
I'm thus suggesting to use the attached patch to fix this misbehaviour (I
did not test it, but it's easy enough). It might seem anecdotic but
multiple Kali users have been bitten by this.
From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403
|
| | |
|
| |
|
|
|
|
|
|
|
| |
For the time being Dropbear will only allow SK auth with default
parameters, user-presence needs to be set.
In future handling of authorized_keys option "no-touch-required" can be
added.
This code would also be refactored to share between ecdsa and ed25519
once I get hardware/emulation to test ed25519.
|
| |
|
|
| |
Caught by just-added c89 build
|
| | |
|
| | |
|
| |
|
|
| |
(Part was missed from previous series of commits)
|
| |
|
|
|
|
| |
Patch modified by Matt Johnston
Signed-off-by: Begley Brothers Inc <begleybrothers@gmail.com>
|
| |
|
|
|
|
| |
Also trim whitespaces.
Signed-off-by: Begley Brothers Inc <begleybrothers@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Why:
Running dropbear as a user (rootless) is aided if
files and programs can be saved/removed without
needing sudo.
What:
Use the same convention as DROPBEAR_DEFAULT_CLI_AUTHKEY;
if not starting with '/', then is relative to hedge's /home/hedge:
*_PRIV_FILENAME
DROPBEAR_PIDFILE
SFTPSERVER_PATH
default_options.h commentary added.
Changes kept to a minimum, so log entry in svr_kex.c#163
is refactored.
From:
Generated hostkey is <path> ... <finger-print>
to:
Generated hostkey path is <path>
Generated hostkey fingerprint is <fp>
Otherwise the unexpanded path was reported.
Patch modified by Matt Johnston
Signed-off-by: Begley Brothers Inc <begleybrothers@gmail.com>
|
| |
|
|
|
|
|
|
| |
This is necessary on NFS with squash root.
Based on work from Chris Dragan
This commit also tidies some trailing whitespace.
Fixes github pull #107
|
| |
|
|
| |
Add comments for SK keys
|
| | |
|
| | |
|
| |
|
|
|
|
| |
SHA256 is always compiled and only enable SHA1 when needed. Fingerprints
are always SHA256: base64 format, md5 and sha1 are removed. dbrandom now
uses sha256 its hash function.
|
| |
|
|
|
| |
Twofish CTR was never enabled by default and CBC modes are
deprecated
|
| | |
|
| |
|
|
| |
Simplify handling for different key types
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Added support for reading and writing. PEM writing support
has been removed.
OpenSSH file format routines have been moved to signkey_ossh.c
|
| |
|
|
|
|
| |
This introduces buf_put_ed25519_priv_ossh and buf_get_ed25519_priv_ossh
to handle OpenSSH internal private key format. Previously writing
OpenSSH format keys didn't write the private part correctly.
|
| | |
|
| | |
|
