Re: autossh incompatibility with dropbear -y
You could always write a small wrapper script that adds whatever command-line arguments you need, and pass *that* to autossh. #!/bin/sh exec path/to/dropbear -y "$@" On Fri, Oct 4, 2013 at 12:31 PM, Steve Newcomb wrote: > I'm using OpenWRT. My router, whose IP address changes unpredictably, > makes its ssh-listening port available on another host running at a > stable IP address, using autossh/dropbear to create a reverse channel. > > Sometimes the host's key changes from time to time, which can stop the > autossh process at a prompt (to nobody) to decide what to do about the > change. > > Ordinary OpenSSH has a StrictHostKeyChecking option which can be used to > bypass the so-called "ask" prompt and just make the connection regardless. > > By reading the source, I learned that Dropbear's ssh client evidently > has a similar feature, the "-y" invocation option. But I can't pass the > -y to it via autossh because autossh doesn't approve of it. Dropbear's > ssh client also does not offer a config file utility, AFAIK. > Dropbear evidently ignores all -o options, too; they wind up in a bit > bucket called something like "dummy". > > Does anybody know the answer, short of editing/recompiling autossh so it > won't be so persnickety and just get out of the way? > > Steve Newcomb
autossh incompatibility with dropbear -y
I'm using OpenWRT. My router, whose IP address changes unpredictably, makes its ssh-listening port available on another host running at a stable IP address, using autossh/dropbear to create a reverse channel. Sometimes the host's key changes from time to time, which can stop the autossh process at a prompt (to nobody) to decide what to do about the change. Ordinary OpenSSH has a StrictHostKeyChecking option which can be used to bypass the so-called "ask" prompt and just make the connection regardless. By reading the source, I learned that Dropbear's ssh client evidently has a similar feature, the "-y" invocation option. But I can't pass the -y to it via autossh because autossh doesn't approve of it. Dropbear's ssh client also does not offer a config file utility, AFAIK. Dropbear evidently ignores all -o options, too; they wind up in a bit bucket called something like "dummy". Does anybody know the answer, short of editing/recompiling autossh so it won't be so persnickety and just get out of the way? Steve Newcomb
Re: Dropbear 2013.59
Hi, > - "make install" now installs manpages > dropbearkey.8 has been renamed to dropbearkey.1 > manpage added for dropbearconvert this does not work when building with MULTI=1, i.e. make -n install install -d /bin install dropbearmulti /bin install -d /usr/local/share/man/man1 install -m 644 dropbearmulti.1 /usr/local/share/man/man1/dropbearmulti.1 but there is no dropbearmulti.1, and install fails regards, p. -- Peter Meerwald +43-664-218 (mobile)
Dropbear 2013.59
Hi all, Dropbear 2013.59 has been released. It fixes a number of bugs, including two security issues affecting prior releases. - The Dropbear server could be made to consume large amounts of memory because decompressed packet sizes weren't checked. Depending on the OS and hardware this might be a denial of service. - Valid users could be identified due to timing variations. As usual you can download it from https://matt.ucc.asn.au/dropbear/dropbear.html Cheers, Matt 2013.59 - Friday 4 October 2013 - Fix crash from -J command Thanks to LluĂs Batlle i Rossell and Arnaud Mouiche for patches - Avoid reading too much from /proc/net/rt_cache since that causes system slowness. - Improve EOF handling for half-closed connections Thanks to Catalin Patulea - Send a banner message to report PAM error messages intended for the user Patch from Martin Donnelly - Limit the size of decompressed payloads, avoids memory exhaustion denial of service Thanks to Logan Lamb for reporting and investigating it - Avoid disclosing existence of valid users through inconsistent delays Thanks to Logan Lamb for reporting - Update config.guess and config.sub for newer architectures - Avoid segfault in server for locked accounts - "make install" now installs manpages dropbearkey.8 has been renamed to dropbearkey.1 manpage added for dropbearconvert - Get rid of one second delay when running non-interactive commands Releases are signed by PGP key m...@ucc.asn.au 4C647FBC D11E 5F8D 2C38 523F 57F1 2166 8CF9 F8B0 4C64 7FBC