dropbear & rssh chroot

Discussion:

e***@gmail.com

2006-07-19 08:20:12 UTC

I've recently been setting up a rssh chroot for securely 'sharing' some
files via sftp - it's working fine with openssh, but I haven't yet got
it going with dropbear.

I've not found any references on the web to anyone using rssh with
dropbear. I wondered if anyone here knows if it is possible to make it
work or not. If it's likely to work, I'll try harder to make it go - I
hate running daemons that are bigger than I need.

thanks,
Karl.

Derek Martin

2006-07-19 08:52:43 UTC

Permalink

Post by e***@gmail.com
I've recently been setting up a rssh chroot for securely 'sharing' some
files via sftp - it's working fine with openssh, but I haven't yet got
it going with dropbear.

FWIW, I've never even heard of dropbear... It isn't officially
supported, nor will it ever be, unless someone wants to take over
maintenance of (fork) rssh (which, being free code, anyone is welcome
to do at any time). Barring future security problems being uncovered,
there will be no further changes to this distribution.

I know that doesn't answer your question, but you may at least find it
useful information.

--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D

Karl.

2006-07-24 06:05:38 UTC

Permalink

Hi Derek,

Thanks for the information. It looks like no-one else on this list
is using dropbear, so I'll ask about rssh on the dropbear list (where I
probably should have asked first, if it weren't for a brainfade).

Just for the interest of anyone curious, this is the brief description
of dropbear, from its homepage:
http://matt.ucc.asn.au/dropbear/dropbear.html

Dropbear is a relatively small SSH 2 server and client. It runs on a
variety of POSIX-based platforms. Dropbear is open source software,
distributed under a MIT-style license. Dropbear is particularly useful
for "embedded"-type Linux (or other Unix) systems, such as wireless
routers.

Thanks for writing rssh :-)

Karl.

James Shewey

2006-07-24 17:54:42 UTC

Permalink

Is it a client or a server? You made it out to be a server, or alternative
for the ssh daemon.

Post by Karl.
Hi Derek,
Thanks for the information. It looks like no-one else on this list
is using dropbear, so I'll ask about rssh on the dropbear list (where I
probably should have asked first, if it weren't for a brainfade).
Just for the interest of anyone curious, this is the brief description
http://matt.ucc.asn.au/dropbear/dropbear.html
Dropbear is a relatively small SSH 2 server and client. It runs on a
variety of POSIX-based platforms. Dropbear is open source software,
distributed under a MIT-style license. Dropbear is particularly useful
for "embedded"-type Linux (or other Unix) systems, such as wireless
routers.
Thanks for writing rssh :-)
Karl.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
rssh-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/rssh-discuss

--
On 5/17/6, a spammer known as PharmaMaster (PM) attacked Blue Security (BS).

Using a program called Blue Frog, BS created a distributed network of over œ
mil users who would automatically send opt out requests to spammers'
clients. This was so effective that PM declared that BS "found the right
solution to stop spam, and I can't let this continue." PM then DDoSd BS,
endangered the net by hacking a major router on the net's backbone to block
BS' webpage and finally attacked typepad, where BS had just surrendered 30
min earlier. This attack caused about 2000 servers to go down including
typepad and livejournal.While BS gave up because they felt this would
"prevent a full-scale cyber-war that we just don't have the authority to
start" The community disagreed and started a Blue Frog clone called okopipi
which will prevents DDOS attacks by using decentralization.

With your help we can fight back against PM and his spam mafia. Please join
at okopipi.org and help take back our internet.

Karl.

2006-07-29 11:05:03 UTC

Permalink

I have dropbear server working successfully with rssh now. The problem
lay in where dropbear was expecting the sftp-server binary.

(Note: the following paths are as per installed on Debian Sarge - things
are probably different on other systems)

The openssh package has sftp-server at /usr/lib/openssh/sftp-server and
a symlink from /usr/lib/sftp-server to there. The openssh daemon and
rssh expect and call the /usr/lib/openssh version, whilst dropbear is
calling it at /usr/lib - dropbear works fine with this normally, but as
soon as rssh is brought into the picture, rssh (appropriately) refuses
to accept the unexpected binary location.

Specifying the sftp-server location on the sftp client commandline makes

Post by James Shewey
Is it a client or a server?

It has client and server parts. I am using only the server portion at
present. In terms of comparing memory usage of dropbear server and
openssh server, this is what top reports:

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1725 root 8 0 1796 1796 1472 S 0.0 0.3 0:00.00 sshd
1645 root 8 0 592 592 504 S 0.0 0.1 0:00.01 dropbear

Karl.