How-to: Install and Configure Dropbear on the PCH

[ciao]

Hi Racanu,

I was able to log in successfully in the egreat with your password! Thank you! The problem was the user and it's path.

I noticed that all the working passwords are in the format $1$xxxxxx$xxxxxxxxxxxxxx, but the passwords given by the perl script are always in the format xxxxxxxxxxxxxx:

Code:

debian:~/egreat/passwd_gen# ./makepwd.pl create user password
enc_passwd='LBCT7Ou3w//TQ'
Passwd OK
debian:~/egreat/passwd_gen#

So I suspect the perl script is not working....

So, if someone else if having the same issue, I'll share how I sorted it out:

- Imagine you want to define a login/password for your NMT (eg: my_user/testpassword).
- In a linux system, (I used the virtual machine described in the 1st Racanu post) create that user.
- Define the password
- Go to /etc/shadow and copy the password
- Paste it into the /etc/shadow file in the NMT

Code:

debian:~/egreat/passwd_gen# useradd my_user
debian:~/egreat/passwd_gen# passwd my_user
Enter new UNIX password:  *****
Retype new UNIX password:  *****
passwd: password updated successfully
debian:~/egreat/passwd_gen# cat /etc/shadow | grep my_user
my_user:$1$EPIMQMtY$ZrxGhKnxYidv.PKrdRr6n/:14319:0:99999:7:::
debian:~/egreat/passwd_gen#

Good luck!

[racanu]

Hi Ciao ( )

The $1$xxx form has something to do with the encoding of the password.
I have this form of encoding since I've compiled the busybox with passwd.

Before this, I've used the perl script and it worked ok for me (but then again, I've also had another firmware version ... hmm)

Anyway, you may consider compiling the busybox too. Or I can share my binary which has everything except two or three commands that did not compile (missing libraries and so... I didn't need them anyway so I left out those commands). I took the sources from the OpenWrt project.

Greets!

(03-16-2009 09:48 PM)ciao Wrote:  Hi Racanu,

I was able to log in successfully in the egreat with your password! Thank you! The problem was the user and it's path.

I noticed that all the working passwords are in the format $1$xxxxxx$xxxxxxxxxxxxxx, but the passwords given by the perl script are always in the format xxxxxxxxxxxxxx:

Code:

debian:~/egreat/passwd_gen# ./makepwd.pl create user password
enc_passwd='LBCT7Ou3w//TQ'
Passwd OK
debian:~/egreat/passwd_gen#

So I suspect the perl script is not working....

So, if someone else if having the same issue, I'll share how I sorted it out:

- Imagine you want to define a login/password for your NMT (eg: my_user/testpassword).
- In a linux system, (I used the virtual machine described in the 1st Racanu post) create that user.
- Define the password
- Go to /etc/shadow and copy the password
- Paste it into the /etc/shadow file in the NMT

Code:

debian:~/egreat/passwd_gen# useradd my_user
debian:~/egreat/passwd_gen# passwd my_user
Enter new UNIX password:  *****
Retype new UNIX password:  *****
passwd: password updated successfully
debian:~/egreat/passwd_gen# cat /etc/shadow | grep my_user
my_user:$1$EPIMQMtY$ZrxGhKnxYidv.PKrdRr6n/:14319:0:99999:7:::
debian:~/egreat/passwd_gen#

Good luck!

[Ger Teunis]

Great topic, I am trying to get this going (robust for new users) for in the CSI.
I get the following error message

Code:

./dbclient 127.0.0.1
./dbclient: connection to root@127.0.0.1:22 exited: No auth methods could be used.

I've installed it and did a passwd on root, the hash is from /etc/shadow is:

/etc/passwd

Code:

root:x:0:0:root:/root:/bin/sh

/etc/shadow

Code:

root:$1$pjWXfmuc$83KhhfCqms2dtltGinC7j/:10933:0:99999:7:::

Anyone able to help me to help other to isntall dropbear?

[SomeIdiot]

When I try to make the toolchain i get the following output/error(s):

Code:

~/Desktop/PCH/smp86xx_toolchain.20080505$ make
Makefile:306: Your gcc compiler has version is 4.x, which is not supported by this
Makefile:307: package. Please downgrade your compiler to 3.x before attempting to  
Makefile:308: build the toolchain.                                                
Makefile:309:
Makefile:310: XXXXXX IF YOU KNOW WHAT YOU ARE DOING, YOU MAY CONTINUE WITH   XXXXXX
Makefile:311: XXXXXX GCC 4.x. NOTE HOWEVER, THAT WE WILL PROVIDE NO SUPPORT  XXXXXX
Makefile:312: XXXXXX FOR ISSUES ARISING BECAUSE OF THE USE OF GCC 4.x        XXXXXX
make -j1 -C /home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build all
make[1]: Entering directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build'
make[2]: Entering directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build'
make[3]: Entering directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/libiberty'
make[4]: Entering directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/libiberty/testsuite'
make[4]: Nothing to be done for `all'.
make[4]: Leaving directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/libiberty/testsuite'
make[3]: Leaving directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/libiberty'
make[3]: Entering directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/intl'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/intl'
make[3]: Entering directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/bfd'
Making info in doc
make[4]: Entering directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/bfd/doc'
restore=: && backupdir=".am$$" && \
    am__cwd=`pwd` && cd /home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/bfd/doc && \
    rm -rf $backupdir && mkdir $backupdir && \
    for f in /home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/bfd/doc/bfd.info /home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/bfd/doc/bfd.info-[0-9] /home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/bfd/doc/bfd.info-[0-9][0-9] /home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/bfd/doc/bfd.i[0-9] /home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/bfd/doc/bfd.i[0-9][0-9]; do \
      if test -f $f; then mv $f $backupdir; restore=mv; else :; fi; \
    done; \
    cd "$am__cwd"; \
    if /home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/missing makeinfo --split-size=5000000 --split-size=5000000   -I /home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/bfd/doc \
     -o /home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/bfd/doc/bfd.info /home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/bfd/doc/bfd.texinfo; \
    then \
      rc=0; \
      cd /home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/bfd/doc; \
    else \
      rc=$?; \
      cd /home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/bfd/doc && \
      $restore $backupdir/* `echo ".//home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/bfd/doc/bfd.info" | sed 's|[^/]*$||'`; \
    fi; \
    rm -rf $backupdir; exit $rc
WARNING: `makeinfo' is missing on your system.  You should only need it if
         you modified a `.texi' or `.texinfo' file, or any other file
         indirectly affecting the aspect of the manual.  The spurious
         call might also be the consequence of using a buggy `make' (AIX,
         DU, IRIX).  You might want to install the `Texinfo' package or
         the `GNU make' package.  Grab either from any GNU archive site.
make[4]: *** [/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/bfd/doc/bfd.info] Error 1
make[4]: Leaving directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/bfd/doc'
Making info in po
make[4]: Entering directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/bfd/po'
make[4]: Nothing to be done for `info'.
make[4]: Leaving directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/bfd/po'
make[4]: Entering directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/bfd'
make[4]: Nothing to be done for `info-am'.
make[4]: Leaving directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/bfd'
make[3]: *** [info-recursive] Error 1
make[3]: Leaving directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/bfd'
make[2]: *** [all-bfd] Error 2
make[2]: Leaving directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build'
make: *** [/home/casper/Desktop/PCH/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17-build/binutils/objdump] Error 2

It claims that makeinfo is not installed, which it is. I am not sure if that what causes the error. Any tips for what goes wrong?

[renemulder]

i will be trying to get this working tonight. i'll let you know which issues i will bump into.

on a more general note: i think there is potentially a large user group that would like to use ssh. especially as people learn the security riscs that regular ftp & telnet have.

[t0nik]

(03-26-2009 08:40 PM)Ger Teunis Wrote:  Great topic, I am trying to get this going (robust for new users) for in the CSI.
I get the following error message

Code:

./dbclient 127.0.0.1
./dbclient: connection to root@127.0.0.1:22 exited: No auth methods could be used.

I've installed it and did a passwd on root, the hash is from /etc/shadow is:

/etc/passwd

Code:

root:x:0:0:root:/root:/bin/sh

/etc/shadow

Code:

root:$1$pjWXfmuc$83KhhfCqms2dtltGinC7j/:10933:0:99999:7:::

Anyone able to help me to help other to isntall dropbear?

Which build? My build has been compiled without password authentication, only with public key authentication. And it will return "exited: No auth methods" if not found private key on your client and appropriate public key on server. I do this especial for not needing to modify /etc/passwd or /etc/shadow, case it's not writeable.

[meskaya]

Is it possible that one of you build the latest version of dropbear and give it to the community ?

I didn't managed to do it myself on Ubuntu 8.10

I am having a lot of problems.
I had to patch :
configure (problem of makeinfo version solution on page1)
ecoff.c (rehash have have to be initialised unsigned int hash, rehash = 0)

I had to modify:
stdio.h (vscanf remove __wur, snprintf remove __wur)
stdlib.h (mktemp remove __wur)

I am now having this error :

Code:

~/popcorn/smp/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/binutils/cxxfilt.c: In function ‘demangle_it’:
~/popcorn/smp/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/binutils/cxxfilt.c:66: erreur: le format n'est pas une chaîne littérale et pas d'argument de format
~/popcorn/smp/smp86xx_toolchain.20080505/toolchain_build_mipsel_nofpu/binutils-2.17/binutils/cxxfilt.c:71: erreur: le format n'est pas une chaîne littérale et pas d'argument de format
make[5]: *** [cxxfilt.o] Erreur 1

It seems that configure have to be patched again to add a different CFLAGS and CXXFLAGS see here but I didn't managed to do it.

Please build the latest version

Thanks

[projectmayhem]

Hello!

I've installed dropbear on my PCH-A100... but when I try to login with PUTTY, I got the following error:

Quote:Disconnected: No supported authentication mathods available

I come out after the user name was typed (like root, or nmt).
I really dont know why.

May be it is for the authorized_keys file? I created the key with PUTTYGEN, copied and pasted in the file on nmt, located "/mnt/syb8634/etc/dropbear/.ssh".

What I do wrong?


Thank you very much!


PS: I'm trying to connect from Windows Vista...

[meskaya]

(04-05-2009 06:44 PM)projectmayhem Wrote:  Hello!

I've installed dropbear on my PCH-A100... but when I try to login with PUTTY, I got the following error:

I come out after the user name was typed (like root, or nmt).
I really dont know why.

May be it is for the authorized_keys file? I created the key with PUTTYGEN, copied and pasted in the file on nmt, located "/mnt/syb8634/etc/dropbear/.ssh".

What I do wrong?


Thank you very much!


PS: I'm trying to connect from Windows Vista...

I think it's because dropbear version you have installed only support authentication with a pair of keys.

See the last part of the tutorial on page 1.

[projectmayhem]

(04-06-2009 07:45 AM)meskaya Wrote:  I think it's because dropbear version you have installed only support authentication with a pair of keys.

See the last part of the tutorial on page 1.

First of all, thank you for the reply.

I used the build made by t0nik user...

I tryed also the method of pair of key:

I generated a public key with puttygen, copied and pasted in the file "authorized_key" placed in "/mnt/syb8634/etc/dropbear/.ssh".

I have also copied this file under "/mnt/syb8634/home/root.ssh". I created the dirs "home" and "root" and ".ssh". Because in the tutorial explain to copy the public key in the home of the user you'll connect also. I dont know if this what it means.

Connecting with PUTTY i loaded the PRIVATE key, saved with or without passphrase with puttygen.

But I still got the same message, more:

Quote:Server refused our key

[meskaya]

You should check your public key.

It must be written on one line.

EDIT: You should check permissions I think it must be 600 on authorized_keys
EDIT2: You also need to modify /etc/passwd to give user a shell (change /bin/true to /bin/sh)

[projectmayhem]

(04-06-2009 10:23 AM)meskaya Wrote:  You should check your public key.

It must be written on one line.

EDIT: You should check permissions I think it must be 600 on authorized_keys
EDIT2: You also need to modify /etc/passwd to give user a shell (change /bin/true to /bin/sh)

I cant understand why, but still doesnt work....

I generated a public key with puttygen, SSH2-RSA:

Code:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEA8hpISnh9d7P6SUoxuYcUgmnaNd1M9HBGXGnjvujp2aat5R0dixso​P9pg5HNcaekjyXZB9VRndfGT+1nklsmQFQIAx4W3LJTYE2O/h5ZldgDTQmNHbfpBrPLyWKc8XvBccOrsg8mS9wEcMrF/dPKf1X4OGPxPaGYEgNq00Rm040E= rsa-key-20090408

I saved this string (copy and paste) on my PCH HDD, so in /share dir, in the file named "autorized_keys". The string is on one line...

Code:

-rwxr-xr-x    1 nmt      nmt           225 Apr  8 08:21 /share/authorized_keys

Then, I've done this:

Code:

cat /share/authorized_keys > /mnt/syb8634/etc/dropbear/.ssh/authorized_keys

to copy the public key to correct path (I think...).

The file in "/mnt/syb8634/etc/dropbear/.ssh/authorized_keys" is root:root, chmod 600:

Code:

-rw-------    1 root     root          225 Apr  8 08:21 /mnt/syb8634/etc/dropbear/.ssh/authorized_keys

The etc passwd line for, root, is:

Code:

root:x:0:0:root:/root:/bin/sh

Thank you very very much for your help...

[meskaya]

Quote:The etc passwd line for, root, is:

Code:
root:x:0:0:root:/root:/bin/sh

Thank you very very much for your help... Blush

root's home is /root so you have to :
- create a .ssh folder in /root
- put your authorized_keys inside /root/.ssh
- chown -R root:root on /root
- chmod 700 /root
- chmod 700 /root/.ssh
- chmod 600 /root/.ssh/authorized_keys

You also have to create dropbear keys :

Quote:dropbearkey -t rsa -s 1024 -f dropbear_rsa_host_key
dropbearkey -t dss -f dropbear_dss_host_key

Then :
- create a dropbear folder in /etc
- copy dropbear_rsa_host_key and dropbear_dss_host_key in /etc/dropbear
- chown -R root /etc/dropbear
- chmod 700 /etc/dropbear
- chmod 600 /etc/dropbear/*

Finally launch dropbear (I use the -s and -p options : -s to disable password logins and -p to specify a listen port)

Of course you can put that on a script which will be executed after each reboot.

Quote:Dropbear sshd v0.52
Usage: dropbear [options]
Options are:
-b bannerfile Display the contents of bannerfile before user login
(default: none)
-d dsskeyfile Use dsskeyfile for the dss host key
(default: /etc/dropbear/dropbear_dss_host_key)
-r rsakeyfile Use rsakeyfile for the rsa host key
(default: /etc/dropbear/dropbear_rsa_host_key)
-F Don't fork into background
-E Log to stderr rather than syslog
-m Don't display the motd on login
-w Disallow root logins
-s Disable password logins
-g Disable password logins for root
-j Disable local port forwarding
-k Disable remote port forwarding
-a Allow connections to forwarded ports from any host
-p [address:]port
Listen on specified tcp port (and optionally address),
up to 10 can be specified
(default port is 22 if none specified)
-P PidFile Create pid file PidFile
(default /var/run/dropbear.pid)
-i Start for inetd
-W (default 24576, larger may be faster, max 1MB)
-K (0 is never, default 0)
-I (0 is never, default 0)

After that you should be able to connect to your dropbear server

[projectmayhem]

meskaya.......


I LOVE YOU!!

Code:

BusyBox v1.5.0 (2008-07-10 18:07:27 MYT) Built-in shell (ash)

Thank you very very much for your help...

[t0nik]

(04-08-2009 09:44 AM)projectmayhem Wrote:  

Code:

cat /share/authorized_keys > /mnt/syb8634/etc/dropbear/.ssh/authorized_keys

to copy the public key to correct path (I think...).

Sorry for later answer
I think, you had a problem becase DOS/Windows-lineends.
In my install script they converted by:

Code:

echo "`/bin/cat /share/authorized_keys`" | /bin/sed '' > /mnt/syb8634/etc/dropbear/.ssh/authorized_keys

---

(04-08-2009 02:54 PM)meskaya Wrote:  

Quote:Dropbear sshd v0.52

Are you have compiled it for pch? Share it?
I can't compile this right now case i need it from scratch: install linux, install sdk, find right option, compile.
I try it soon.

Best regards