I'm using dropbear on an embedded device that has to connect to a
server at an IP address that isn't known in advance, but is verifiable
with a host key.
So I added the ability to use * in the known_hosts file to match any
hostname/IP. This is better than disabling host key checking
altogether,
Farrell Aultman wrote:
Between dropbear-047 and dropbear-051 changes were made that
accounted for the fact that uClinux needs to use vfork instead of
fork. However, fork was not replaced with vfork in all places. I
moved the conditional preproccessor check for uClinux into the
includes.h
Mike Frysinger wrote:
if it's all private / development, why dont you just use telnet w/out login ?
Maybe because ssh command file file2 works while it doesn't work
with telnet? ssh is a much more convenient and reliable interface.
-- Jamie
Matt Johnston wrote:
> It mightn't be necessary to pass pointers around everywhere if
> ses/svr_ses/cli_ses could be thread-local pointer variables - how widely
> supported is thread-local storage?
If you can get a "current thread id" or set one "thread-local value", you can
make thread-local
Hi Matt,
Matt Johnston wrote:
> Not really sure of a good workaround.
You can fchmod() or fchown() the pipe descriptor, with fchown() being more
secure.
# echo hello | (ls -lL /proc/self/fd/0; sudo -u nobody cat /proc/self/fd/0)
prw--- 1 root root 0 May 1 17:06 /proc/self/fd/0
Walter Harms wrote:
> This is caused by changes in ssh_config. You can try:
> ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 USER@TARGET
>
> or persistent in ssh_config
> KexAlgorithms=+diffie-hellman-group1-sha1
>
> your mileage may vary etc.
>
> re,
> wh
Thanks!
This advice has shown