Re: Bug: ssh-copy-id mishandles dropbear

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



OpenWRT, which uses Dropbear, stores authorized login public keys in
/etc/dropbear/authorized_keys
It may be related to that.

M

On Sun, 29 Sept 2024 at 04:58, Norbert Lange <nolange79@xxxxxxxxx> wrote:
>
> Am So., 29. Sept. 2024 um 00:20 Uhr schrieb <piticu.pulii@xxxxxxxxx>:
> >
> > On Fri, Sep 27, 2024 at 04:35:22PM +0200, Norbert Lange wrote:
> > > ssh-copy-id has special handling for dropbear, but this seems to be
> > > quite out of date (or forever wrong).
> > > I dont see dropbear ever accessing `/etc/dropbear/authorized_keys`,
> > > and I don't see any hints this ever was the case.
> > >
> > > dropbear uses ~/.ssh/authorized_keys just like OpenSSH, so the special
> > > handling needs to go.
> >
> > the dropbear in openwrt and its knockoffs (i.e. 99.9999% of actual dropbear
> > installations) does use /etc/dropbear/authorized_keys for the root user.
> >
> > https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/services/dropbear/patches/100-pubkey_path.patch;h=0ecca900b44ca944cb9ecd5d6c62735a27cfb2a9;hb=HEAD
>
> K, that explains it. Its already fixed in 9.4, forgot I use an older
> version at work:
> https://github.com/openssh/openssh-portable/commit/bdcaf7939029433635d63aade8f9ac762aca2bbe
>
> > and btw, just looking at the dropbear source code (and at that patch, too LOL)
> > should turn someone off from using it anywhere, ever.
> >
> > just saying
>
> really helpful, especially the specifics of the critism. Sounds a bit insecure.
>
> Norbert
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux