PackageDropbear

Overview of additional packages: AdditionalPackages

Dropbear

From the SSH workinggroup: http://www.ietf.org/html.charters/secsh-charter.html
SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwardings. It can automatically encrypt, authenticate, and compress transmitted data.

Features

• A small memory footprint suitable for memory-constrained environments - Dropbear can compile to a 110kB statically linked binary with uClibc (and only minimal options selected).
• Implements X11 forwarding, and authentication-agent forwarding for OpenSSH clients
• Can run from inetd (as of 0.42)
• Compatible with OpenSSH /.ssh/authorized_keys public key authentication
• Features can easily be disabled when compiling to save space
• TCP forwarding support

Download

The dropbear daemon is included standard in firmwares v1.6.5.3 CR3 (Oleg) and up.
Note: Because of a security issue, anyone using Dropbear should upgrade to firmware v.1.7.5.9 CR3 (Oleg) or newer

Source

The source code can be downloaded here: http://matt.ucc.asn.au/dropbear/

Compiling

Some info on compiling the source should come here...

Installation

Installing dropbear is really easy, as it's part of the custom firmwares provided by Oleg. All that needs to be done is follow the next steps:
Note: Anyone who's still using BootCmd's should migrate first to the Flashfs-boot method before continuing. Flashfs-boot is explained here: FlashfsBoot

For the old bootCmd's:

1. Connect to router using telnet;
2. Execute /init/rc.sshd, this will generate the dss key
3. If generation was successfull you will need to add /init/rc.sshd to bootCmds using something like nvram set bootCmdX==/init/rc.sshd
4. Commit the changes using nvram commit
5. Reboot the rooter using reboot or run /init/rc.sshd manually

For the Flashfs-boot scripts:

1. Connect to router using telnet;
2. Create dropbear's config directory mkdir -p /usr/local/etc/dropbear
3. Execute the following commands to generate your host's dss and rsa public keys : /usr/sbin/dropbearkey -t dss -f /usr/local/etc/dropbear/dropbear_dss_host_key and /usr/sbin/dropbearkey -t rsa -f /usr/local/etc/dropbear/dropbear_rsa_host_key
4. Test your ssh server by launching /usr/sbin/dropbear -E and logon
5. If the test is successfull you will need to add /usr/sbin/dropbear to /usr/local/sbin/post-boot
6. If you want SSH WAN access add: iptables -A INPUT -p tcp --dport 22 --syn -j ACCEPT to your /usr/local/sbin/post-firewall script
7. Commit the changes using flashfs save and flashfs commit
8. Reboot the rooter using reboot or run /usr/sbin/dropbear manually

• Adding the option -C to the commandline should enable compression.
• Note: When you open SSH WAN access, it's recommended you change the admin password using the webinterface if you haven't already done so.
  

Related links

Topics on Chupa.nl Forum:

• Dropbear, do we really need this? http://wl500g.info/showthread.php?t=76
• New firmware - Dropbear SSH http://wl500g.info/showthread.php?t=148
• Using WL-500g as a proxy http://wl500g.info/showthread.php?t=186

Elsewhere:

• (description) (url)
  

Known problems

• Security issue in pre-v1.7.5.9 CR3 (Oleg) firmware versions