Re: Dropbear 2018.76

Mon, 05 Mar 2018 00:04:19 -0800 

Matt Johnston:


Yes it should. I can't immediately reproduce it here, what
flags are you giving to Dropbear? Is
/mnt/nv/dropbear_ecdsa_host_key specified with -r or as a
default config path, and are there other keyfiles?



The daemon is started with "dropbear -R", and the keyfiles are 
specified at compile-time, using localoptions.h. The full file is 
included below.



ssh -vvv will print the full set of negotiated algorithms,
you could send that to me (off-list if you want).


I have included the output below


The relevant revision for that changelog note is
https://secure.ucc.asn.au/hg/dropbear/rev/016b86f03e21
you could try reverting that to confirm.



That does not seem to fix the issue, it aborts in the same location, 
so it seems something else is going on here.



===[ localoptions.h ]===
/* Put host keys in non-volatile storage */
#define DSS_PRIV_FILENAME "/mnt/nv/dropbear_dss_host_key"
#define RSA_PRIV_FILENAME "/mnt/nv/dropbear_rsa_host_key"
#define ECDSA_PRIV_FILENAME "/mnt/nv/dropbear_ecdsa_host_key"

/* Disable inetd mode */
#define INETD_MODE 0

/* Disable X11 forwarding as we do not have any X11. */
#define DROPBEAR_X11FWD 0

/* Disable port forwarding and proxying and agent forwarding. */
#define DROPBEAR_CLI_LOCALTCPFWD 0
#define DROPBEAR_CLI_REMOTETCPFWD 0
#define DROPBEAR_SVR_LOCALTCPFWD 0
#define DROPBEAR_SVR_REMOTETCPFWD 0
#define DROPBEAR_SVR_AGENTFWD 0
#define DROPBEAR_CLI_AGENTFWD 0
#define DROPBEAR_CLI_PROXYCMD 0
#define DROPBEAR_CLI_NETCAT 0

/* Disable Twofish to save about 10 kilobytes. */
#define DROPBEAR_TWOFISH256 0
#define DROPBEAR_TWOFISH128 0

/* Disable /etc/motd support since nothing else on the target uses it. */
#define DO_MOTD 0

/* Put client keys in non-volatile storage */
#define DROPBEAR_DEFAULT_CLI_AUTHKEY "/mnt/nv/id_dropbear"


/* Disable sftp support (as we do not have a binary for sftp 
installed). */

#define DROPBEAR_SFTPSERVER 0

/* Patch it to use the same default PATH as the telnet daemon. This will
 * fix scripts that assume certain tools are in the path. */

 #define DEFAULT_PATH 
"/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"

===[ end localoptions.h ]===

===[ output from ssh -vvvv ]===
$ ssh -vvvv root@10.0.30.175
OpenSSH_7.4p1 Debian-10+deb9u2, OpenSSL 1.0.2l  25 May 2017
debug1: Reading configuration data /home/peter/.ssh/config

debug1: /home/peter/.ssh/config line 54: Applying options for 
10.0.30.175

debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "10.0.30.175" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.0.30.175 [10.0.30.175] port 22.
debug1: Connection established.
debug1: identity file /home/peter/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u2

debug1: Remote protocol version 2.0, remote software version 
dropbear_2018.76

debug1: no match: dropbear_2018.76
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.0.30.175:22 as 'root'
debug3: hostkeys_foreach: reading file "/home/peter/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file 
/home/peter/.ssh/known_hosts:126

debug3: load_hostkeys: loaded 1 keys from 10.0.30.175

debug3: order_hostkeyalgs: prefer hostkeyalgs: 
ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521

debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal

debug2: KEX algorithms: 
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: 
ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none,z...@openssh.com,zlib
debug2: compression stoc: none,z...@openssh.com,zlib

debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: 
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,kexgue...@matt.ucc.asn.au
debug2: host key algorithms: 
ecdsa-sha2-nistp256,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
debug2: ciphers ctos: 
aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,3des-ctr,3des-cbc
debug2: ciphers stoc: 
aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,3des-ctr,3des-cbc

debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-sha2-256
debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-sha2-256
debug2: compression ctos: z...@openssh.com,none
debug2: compression stoc: z...@openssh.com,none

debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256

debug1: kex: host key algorithm: ecdsa-sha2-nistp256

debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 
compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 
compression: none

debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 10.0.30.175 port 22
===[ end output from ssh -vvvv ]===

--
\\// Peter - http://www.softwolves.pp.se/























					Reply via email to