dropbear: dropbearkey.1 annotate

annotate dropbearkey.1 @ 1715:3974f087d9c0

Disallow leading lines before the ident for server (#102) Per RFC4253 4.2 clients must be able to process other lines of data before the version string, server behavior is not defined neither with MUST/SHOULD nor with MAY. If server process up to 50 lines too - it may cause too long hanging session with invalid/evil client that consume host resources and potentially may lead to DDoS on poor embedded boxes. Let's require first line from client to be version string and fail early if it's not - matches both RFC and real OpenSSH behavior.

author	Vladislav Grishenko <themiron@users.noreply.github.com>
date	Mon, 15 Jun 2020 18:22:18 +0500
parents	5c8913b7464c
children

rev	line source
820 830fae485d40 Add manpage for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 690 diff changeset	1 .TH dropbearkey 1
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 .SH NAME
820 830fae485d40 Add manpage for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 690 diff changeset	3 dropbearkey \- create private keys for the use with dropbear(8) or dbclient(1)
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 .SH SYNOPSIS
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 .B dropbearkey
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 \-t
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 .I type
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 \-f
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 .I file
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 [\-s
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 .IR bits ]
1162 cdea5dbb1755 Mention -y flag Guilhem Moulin <guilhem@fripost.org> parents: 999 diff changeset	12 [\-y]
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 .SH DESCRIPTION
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 .B dropbearkey
514 e30a962c09b9 Mention DSS and DSA being the same thing Matt Johnston <matt@ucc.asn.au> parents: 181 diff changeset	15 generates a
1671 5c8913b7464c Mention Ed25519 in dropbearkey man (#94) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1174 diff changeset	16 \fIRSA\fR, \fIDSS\fR, \fIECDSA\fR, or \fIEd25519\fR
514 e30a962c09b9 Mention DSS and DSA being the same thing Matt Johnston <matt@ucc.asn.au> parents: 181 diff changeset	17 format SSH private key, and saves it to a file for the use with the
820 830fae485d40 Add manpage for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 690 diff changeset	18 Dropbear client or server.
514 e30a962c09b9 Mention DSS and DSA being the same thing Matt Johnston <matt@ucc.asn.au> parents: 181 diff changeset	19 Note that
e30a962c09b9 Mention DSS and DSA being the same thing Matt Johnston <matt@ucc.asn.au> parents: 181 diff changeset	20 some SSH implementations
e30a962c09b9 Mention DSS and DSA being the same thing Matt Johnston <matt@ucc.asn.au> parents: 181 diff changeset	21 use the term "DSA" rather than "DSS", they mean the same thing.
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 .SH OPTIONS
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 .B \-t \fItype
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 Type of key to generate.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 Must be one of
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 .I rsa
860 057204b3dd61 docs for ecdsa Matt Johnston <matt@ucc.asn.au> parents: 820 diff changeset	28 .I ecdsa
1671 5c8913b7464c Mention Ed25519 in dropbearkey man (#94) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1174 diff changeset	29 .I ed25519
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 or
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 .IR dss .
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 .B \-f \fIfile
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34 Write the secret key to the file
1174 80cacacfec23 Fix minor manpage formatting issues Guilhem Moulin <guilhem@fripost.org> parents: 1162 diff changeset	35 \fIfile\fR. For client authentication ~/.ssh/id_dropbear is loaded by default
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 .TP
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	37 .B \-s \fIbits
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	38 Set the key size to
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	39 .I bits
860 057204b3dd61 docs for ecdsa Matt Johnston <matt@ucc.asn.au> parents: 820 diff changeset	40 bits, should be multiple of 8 (optional).
1162 cdea5dbb1755 Mention -y flag Guilhem Moulin <guilhem@fripost.org> parents: 999 diff changeset	41 .TP
cdea5dbb1755 Mention -y flag Guilhem Moulin <guilhem@fripost.org> parents: 999 diff changeset	42 .B \-y
cdea5dbb1755 Mention -y flag Guilhem Moulin <guilhem@fripost.org> parents: 999 diff changeset	43 Just print the publickey and fingerprint for the private key in \fIfile\fR.
820 830fae485d40 Add manpage for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 690 diff changeset	44 .SH NOTES
830fae485d40 Add manpage for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 690 diff changeset	45 The program dropbearconvert(1) can be used to convert between Dropbear and OpenSSH key formats.
830fae485d40 Add manpage for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 690 diff changeset	46 .P
830fae485d40 Add manpage for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 690 diff changeset	47 Dropbear does not support encrypted keys.
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	48 .SH EXAMPLE
1162 cdea5dbb1755 Mention -y flag Guilhem Moulin <guilhem@fripost.org> parents: 999 diff changeset	49 generate a host-key:
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	50 # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
1162 cdea5dbb1755 Mention -y flag Guilhem Moulin <guilhem@fripost.org> parents: 999 diff changeset	51
cdea5dbb1755 Mention -y flag Guilhem Moulin <guilhem@fripost.org> parents: 999 diff changeset	52 extract a public key suitable for authorized_keys from private key:
cdea5dbb1755 Mention -y flag Guilhem Moulin <guilhem@fripost.org> parents: 999 diff changeset	53 # dropbearkey -y -f id_rsa \| grep "^ssh-rsa " >> authorized_keys
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 .SH AUTHOR
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55 Matt Johnston ([email protected]).
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56 .br
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 Gerrit Pape ([email protected]) wrote this manual page.
a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 .SH SEE ALSO
820 830fae485d40 Add manpage for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 690 diff changeset	59 dropbear(8), dbclient(1), dropbearconvert(1)
128 a9dddd13c4ba Added dropbear.8 and dropbearkey.8 back in Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60 .P
690 4b47ff154ff6 Document "-m" and "-c" Matt Johnston <matt@ucc.asn.au> parents: 514 diff changeset	61 https://matt.ucc.asn.au/dropbear/dropbear.html

Mercurial > dropbear

annotate dropbearkey.1 @ 1715:3974f087d9c0