Dropbear

Version: 0.49-0

Status: 80% complete

Description

A small SSH server, with no external dependencies (ie. it does not depend on OpenSSL, using a built-in copy of LibTomCrypt instead). Includes SCP (Secure CoPy) which can be used as a FTP replacement. The MG-35 version requires a local/network /usr mount (for host private key, client public key authentication).

Official page

Official site

Usage

Usage should be similar to the NSLU port.

dropbear [options]

Options:

-b bannerfile   Display the contents of bannerfile before user login (default: none)

-r rsakeyfile   Use rsakeyfile for the rsa host key (default: /etc/dropbear/dropbear_rsa_host_key)

-F              Don't vfork into background

-E              Log to stderr rather than syslog

-w              Disallow root logins

-j              Disable local port forwarding

-k              Disable remote port forwarding

-a              Allow connections to forwarded ports from any host

-p [address:]port

Listen on specified tcp port (and optionally address), up to 1 can be specified

(default port is 22 if none specified)

-P PidFile      Create pid file PidFile (default /var/run/dropbear.pid)

-i              Start for inetd

-v              verbose

Installation

Note: /etc is a union (unionfs.o) of the original /etc and my own /usr/etc

1. Configure /etc/inetd.conf, adding:

ssh     stream  tcp     nowait  root    /usr/bin/dropbear       dropbear -i -E

2. Configure /etc/services, adding:

ssh             22/tcp             # SSH Remote Login Protocol

ssh             22/udp

3. Create a host key:

mkdir -p /etc/dropbear

dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key

4. Start /usr/bin/inetd

/usr/bin/inetd &

5. Configure your SSH client and connect to your MG35. You should get the login prompt.

Todo

• to test

• SCP support

• password authentication

• Create .ipk module

Download

Put the .bin format dropbear and dropbearkey (above) into your /usr/bin directory .

History

Version 0.49-0 - [John, 2008-04]

• Built

• Public-Key authentication working

• Correctly sets environment variables, terminal size

Comments

• VasileB: I couldn't login. Trying to use "ftp" user results in [188] Jan 01 09:20:18 exit before auth: Disconnect received, probably because it has a void password. I may need to add a new user in /etc/passwd. Can you port adduser?

• John: after playing around with dropbear some more, the best I got was:

Mem: 5208K used, 8072K free, 0K shrd, 32K buff, 8K cached

CPU:   0% usr   1% sys   0% nice  98% idle   0% io   0% irq   0% softirq

Load average: 0.66 0.52 0.23

PID  PPID USER     STAT   VSZ %MEM %CPU COMMAND

108   103 root     R     1256   9%   1% top 

102    83 root     S      300   2%   1% /usr/bin/dropbear -i -j -b /etc/issue -F -E 

4     0 root     RW       0   0%   1% [kswapd]

68     1 root     S     1608  12%   0% /bin/menu & 

72     1 root     S      424   3%   0% pure-ftpd (IDLE)        

1     0 root     S      216   2%   0% init 

103   102 root     S      196   1%   0% -sh 

83     1 root     S       80   1%   0% /usr/bin/inetd & 

25     1 root     S       60   0%   0% /bin/telnetd -l /bin/sh & 

2     1 root     SW       0   0%   0% [keventd]

3     0 root     SWN      0   0%   0% [ksoftirqd_CPU0]

6     0 root     SW       0   0%   0% [kupdated]

    5     0 root     SW       0   0%   0% [bdflush]

• John: scp doesn't work (malloc errors). Password authentication support will require a drop-in of the user functions from busybox 1.10.