Re: "Bad public key options" (Was: Dropbear 2020.79)

2020-06-15 Thread Guilhem Moulin 
Hi Matt,

On Mon, 15 Jun 2020 at 23:52:51 +0800, Matt Johnston wrote:
> Dropbear 2020.79 is now released.

\o/ congrats!

> - […] x11 forwarding are now disabled by default.

I have no opinion about disabling this at compile-time, however the
current implementation locks out (“Bad public key options”) users with
‘no-X11-forwarding’ in their authorized_keys(5) files.

Wouldn't it make sense to move the #ifdefs to make the option a no-op
instead?  (Same thing for ‘no-agent-forwarding’ actually.)  Attached is
the patch I applied to “fix” the regression in the Debian package.

Cheers
-- 
Guilhem.
From: Guilhem Moulin 
Date: Tue, 16 Jun 2020 00:32:28 +0200
Subject: Don't choke on disabled authorized_keys(5) options

As of 2020.79 X11 forwarding is disabled at build time, which could lock
out users with authorized_keys(5) files containing ‘no-X11-forwarding’
options.

---
 svr-authpubkeyoptions.c |8 
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/svr-authpubkeyoptions.c
+++ b/svr-authpubkeyoptions.c
@@ -147,20 +147,20 @@ int svr_add_pubkey_options(buffer *optio
 			ses.authstate.pubkey_options->no_port_forwarding_flag = 1;
 			goto next_option;
 		}
-#if DROPBEAR_SVR_AGENTFWD
 		if (match_option(options_buf, "no-agent-forwarding") == DROPBEAR_SUCCESS) {
+#if DROPBEAR_SVR_AGENTFWD
 			dropbear_log(LOG_WARNING, "Agent forwarding disabled.");
 			ses.authstate.pubkey_options->no_agent_forwarding_flag = 1;
+#endif
 			goto next_option;
 		}
-#endif
-#if DROPBEAR_X11FWD
 		if (match_option(options_buf, "no-X11-forwarding") == DROPBEAR_SUCCESS) {
+#if DROPBEAR_X11FWD
 			dropbear_log(LOG_WARNING, "X11 forwarding disabled.");
 			ses.authstate.pubkey_options->no_x11_forwarding_flag = 1;
+#endif
 			goto next_option;
 		}
-#endif
 		if (match_option(options_buf, "no-pty") == DROPBEAR_SUCCESS) {
 			dropbear_log(LOG_WARNING, "Pty allocation disabled.");
 			ses.authstate.pubkey_options->no_pty_flag = 1;


signature.asc
Description: PGP signature

Dropbear 2020.79

2020-06-15 Thread Matt Johnston 
Hi all,

Dropbear 2020.79 is now released. Particular thanks to Vladislav Grishenko
for adding ed25519 and chacha20-poly1305 support which have
been wanted for a while.

This release also supports rsa-sha2 signatures which will be
required by OpenSSH in the near future - rsa with sha1 will
be disabled. This doesn't require any change to
hostkey/authorized_keys files.

Required versions of libtomcrypt and libtommath have been
increased, if the system library is older Dropbear can use
its own bundled copy.

As usual downloads are at
https://matt.ucc.asn.au/dropbear/dropbear.html
https://mirror.dropbear.nl/mirror/dropbear.html

Cheers,
Matt

2020.79 - 15 June 2020

- Support ed25519 hostkeys and authorized_keys, many thanks to Vladislav 
Grishenko.
  This also replaces curve25519 with a TweetNaCl implementation that reduces 
code size.

- Add chacha20-poly1305 authenticated cipher. This will perform faster than AES
  on many platforms. Thanks to Vladislav Grishenko

- Support using rsa-sha2 signatures. No changes are needed to 
hostkeys/authorized_keys
  entries, existing RSA keys can be used with the new signature format 
(signatures
  are ephemeral within a session). Old ssh-rsa signatures will no longer
  be supported by OpenSSH in future so upgrading is recommended.

- Use getrandom() call on Linux to ensure sufficient entropy has been gathered 
at startup.
  Dropbear now avoids reading from the random source at startup, instead 
waiting until
  the first connection. It is possible that some platforms were running without 
enough 
  entropy previously, those could potentially block at first boot generating 
host keys.
  The dropbear "-R" option is one way to avoid that.

- Upgrade libtomcrypt to 1.18.2 and libtommath to 1.2.0, many thanks to Steffen 
Jaeckel for
  updating Dropbear to use the current API. Dropbear's configure script will 
check 
  for sufficient system library versions, otherwise using the bundled versions.

- CBC ciphers, 3DES, hmac-sha1-96, and x11 forwarding are now disabled by 
default.
  They can be set in localoptions.h if required.
  Blowfish has been removed.

- Support AES GCM, patch from Vladislav Grishenko. This is disabled by default,
  Dropbear doesn't currently use hardware accelerated AES.

- Added an API for specifying user public keys as an authorized_keys 
replacement.
  See pubkeyapi.h for details, thanks to Fabrizio Bertocci

- Fix idle detection clashing with keepalives, thanks to jcmathews

- Include IP addresses in more early exit messages making it easier for fail2ban
  processing. Patch from Kevin Darbyshire-Bryant

- scp fix for CVE-2018-20685 where a server could modify name of output files

- SSH_ORIGINAL_COMMAND is set for "dropbear -c" forced command too

- Fix writing key files on systems without hard links, from Matt Robinson

- Compatibility fixes for IRIX from Kazuo Kuroi

- Re-enable printing MOTD by default, was lost moving from options.h. Thanks to 
zciendor

- Call fsync() is called on parent directory when writing key files to ensure 
they are flushed

- Fix "make install" for manpages in out-of-tree builds, from Gabor Z. Papp

- Some notes are added in DEVELOPER.md