dropbear: README annotate

annotate README @ 447:278805938dcf

Patch from Nicolai Ehemann to try binding before going to the background, so that if it exits early (because something's already listening etc) then it will return an exitcode of 1.

author	Matt Johnston <matt@ucc.asn.au>
date	Thu, 19 Jul 2007 15:54:18 +0000
parents	0cbe8f6dbf9e
children	20dafc77322e

rev	line source
72 9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1 This is Dropbear, a smallish SSH 2 server and client.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 INSTALL has compilation instructions.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 MULTI has instructions on making a multi-purpose binary (ie a single binary
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 which performs multiple tasks, to save disk space)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 SMALL has some tips on creating small binaries.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 See TODO for a few of the things I know need looking at, and please contact
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 me if you have any questions/bugs found/features/ideas/comments etc :)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 [email protected]
380 d5faf4814ddb Update to LibTomCrypt 1.16 Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15
d5faf4814ddb Update to LibTomCrypt 1.16 Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16
75 a54d20c96178 Some documentation touchups Matt Johnston <matt@ucc.asn.au> parents: 72 diff changeset	17 In the absence of detailed documentation, some notes follow:
72 9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	18 ============================================================================
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	19
90 c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	20 Server public key auth:
72 9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	21
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	22 You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	23 the key entries in that file. They should be of the form:
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	24
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	25 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	26
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	27 You must make sure that ~/.ssh, and the key file, are only writable by the
290 94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 161 diff changeset	28 user. Beware of editors that split the key into multiple lines.
72 9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	29
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	30 NOTE: Dropbear ignores authorized_keys options such as those described in the
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	31 OpenSSH sshd manpage, and will not allow a login for these keys.
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	32
75 a54d20c96178 Some documentation touchups Matt Johnston <matt@ucc.asn.au> parents: 72 diff changeset	33 ============================================================================
a54d20c96178 Some documentation touchups Matt Johnston <matt@ucc.asn.au> parents: 72 diff changeset	34
90 c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	35 Client public key auth:
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	36
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	37 Dropbear can do public key auth as a client, but you will have to convert
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	38 OpenSSH style keys to Dropbear format, or use dropbearkey to create them.
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	39
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	40 If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to do:
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	41
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	42 dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_rsa.db
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	43 dbclient -i ~/.ssh/id_rsa.db <hostname>
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	44
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	45 Currently encrypted keys aren't supported, neither is agent forwarding. At some
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	46 stage both hopefully will be.
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	47
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	48 ============================================================================
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 75 diff changeset	49
75 a54d20c96178 Some documentation touchups Matt Johnston <matt@ucc.asn.au> parents: 72 diff changeset	50 If you want to get the public-key portion of a Dropbear private key, look at
a54d20c96178 Some documentation touchups Matt Johnston <matt@ucc.asn.au> parents: 72 diff changeset	51 dropbearkey's '-y' option.
a54d20c96178 Some documentation touchups Matt Johnston <matt@ucc.asn.au> parents: 72 diff changeset	52
a54d20c96178 Some documentation touchups Matt Johnston <matt@ucc.asn.au> parents: 72 diff changeset	53 ============================================================================
a54d20c96178 Some documentation touchups Matt Johnston <matt@ucc.asn.au> parents: 72 diff changeset	54
72 9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	55 To run the server, you need to generate server keys, this is one-off:
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	56 ./dropbearkey -t rsa -f dropbear_rsa_host_key
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	57 ./dropbearkey -t dss -f dropbear_dss_host_key
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	58
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	59 or alternatively convert OpenSSH keys to Dropbear:
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	60 ./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	61
75 a54d20c96178 Some documentation touchups Matt Johnston <matt@ucc.asn.au> parents: 72 diff changeset	62 ============================================================================
72 9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	63
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	64 If the server is run as non-root, you most likely won't be able to allocate a
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	65 pty, and you cannot login as any user other than that running the daemon
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	66 (obviously). Shadow passwords will also be unusable as non-root.
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	67
75 a54d20c96178 Some documentation touchups Matt Johnston <matt@ucc.asn.au> parents: 72 diff changeset	68 ============================================================================
a54d20c96178 Some documentation touchups Matt Johnston <matt@ucc.asn.au> parents: 72 diff changeset	69
72 9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	70 The Dropbear distribution includes a standalone version of OpenSSH's scp
9597c2e3b9d4 Some doc changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	71 program. You can compile it with "make scp", you may want to change the path
161 b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	72 of the ssh binary, specified by _PATH_SSH_PROGRAM in options.h . By default
75 a54d20c96178 Some documentation touchups Matt Johnston <matt@ucc.asn.au> parents: 72 diff changeset	73 the progress meter isn't compiled in to save space, you can enable it by
a54d20c96178 Some documentation touchups Matt Johnston <matt@ucc.asn.au> parents: 72 diff changeset	74 adding 'SCPPROGRESS=1' to the make commandline.

Mercurial > dropbear

annotate README @ 447:278805938dcf