Mercurial > dropbear
view dropbearconvert.1 @ 1930:299f4f19ba19
Add /usr/sbin and /sbin to default root PATH
When dropbear is used in a very restricted environment (such as in a
initrd), the default user shell is often also very restricted
and doesn't take care of setting the PATH so the user ends up
with the PATH set by dropbear. Unfortunately, dropbear always
sets "/usr/bin:/bin" as default PATH even for the root user
which should have /usr/sbin and /sbin too.
For a concrete instance of this problem, see the "Remote Unlocking"
section in this tutorial: https://paxswill.com/blog/2013/11/04/encrypted-raspberry-pi/
It speaks of a bug in the initramfs script because it's written "blkid"
instead of "/sbin/blkid"... this is just because the scripts from the
initramfs do not expect to have a PATH without the sbin directories and
because dropbear is not setting the PATH appropriately for the root user.
I'm thus suggesting to use the attached patch to fix this misbehaviour (I
did not test it, but it's easy enough). It might seem anecdotic but
multiple Kali users have been bitten by this.
From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403
author | Raphael Hertzog <hertzog@debian.org> |
---|---|
date | Mon, 09 Jul 2018 16:27:53 +0200 |
parents | 863f31b4cf3c |
children |
line wrap: on
line source
.TH dropbearconvert 1 .SH NAME dropbearconvert \- convert between Dropbear and OpenSSH private key formats .SH SYNOPSIS .B dropbearconvert .I input_type .I output_type .I input_file .I output_file .SH DESCRIPTION .B Dropbear and .B OpenSSH SSH implementations have different private key formats. .B dropbearconvert can convert between the two. .P Dropbear uses the same SSH public key format as OpenSSH, it can be extracted from a private key by using .B dropbearkey \-y .P Encrypted private keys are not supported, use ssh-keygen(1) to decrypt them first. .SH ARGUMENTS .TP .I input_type Either .I dropbear or .I openssh .TP .I output_type Either .I dropbear or .I openssh .TP .I input_file An existing Dropbear or OpenSSH private key file .TP .I output_file The path to write the converted private key file. For client authentication ~/.ssh/id_dropbear is loaded by default .SH SUPPORTED FORMATS .B dropbearconvert can read OpenSSH format files, and older PEM format files ( .B ssh-keygen .I -m PEM ). .B dropbearconvert will write OpenSSH format files, usable with OpenSSH 6.5 and later. Reading OpenSSH format DSS files or PKCS8 files is not currently supported. .SH EXAMPLE # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_dropbear .SH AUTHOR Matt Johnston ([email protected]). .SH SEE ALSO dropbearkey(1), ssh-keygen(1) .P https://matt.ucc.asn.au/dropbear/dropbear.html