keys generated on one architecture for another?
Yan Seiner
yan at seiner.com
Wed Aug 16 18:41:49 WST 2006
>Date: Sat, 12 Aug 2006 14:56:50 +0800
>From: Matt Johnston <matt at ucc.asn.au>
>Subject: Re: keys generated on one architecture for another?
>To: Yan Seiner <yan at seiner.com>
>Cc: dropbear at ucc.asn.au
>Message-ID: <20060812065650.GX30226 at ucc.gu.uwa.edu.au>
>Content-Type: text/plain; charset=us-ascii
>
>On Fri, Aug 11, 2006 at 10:27:15AM -0700, Yan Seiner wrote:
>
>
>>/ # /bin/dropbear -F -v
>>TRACE: enter loadhostkeys
>>[1154] Jan 01 00:30:22 premature exit: bad buf_incrwritepos: BUF_MAX_INCR
>>TRACE: enter session_cleanup
>>TRACE: leave session_cleanup: !sessinitdone
>>
>>I've modified the source to tell me which if condition is failing....
>>And it is the max increment, which is defined to be a very large number....
>>
>>So are the keys architecture specific? Am I running into some integer
>>length or *-endian issues here?
>>
>>Can you pre-build keys on an x86 for arm?
>>
>>
>
>They keys should work fine between platforms. Could you send
>a sample key generated on each platform?
>
>
Matt:
I finally got around to figuring out what was going on, and I have an
issue that may be a bug/security issue/lack of understanding on my part...
First of all, by way of background, my target file system is generated
by an ordinary user, UID 1000, GID 1000. This is OK for most apps; I
change the perms on busybox to make it happy.
The dropbear keys are generated with UID 1000, GID 1000, and perms of 0600.
craywb:/home/local/panel/arm/ts7200/etc/dropbear# ls -l
total 8
-rw------- 1 yan yan 457 2006-04-06 16:14 dropbear_dss_host_key
-rw------- 1 yan yan 427 2006-04-06 16:13 dropbear_rsa_host_key
And dropbear fails with:
open("/etc/dropbear/dropbear_rsa_host_key", O_RDONLY) = 3
read(3, 0x2edf8, 1700) = -1 EIO (Input/output error)
time(NULL) = 18
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
getpid() = 68
write(2, "[68] Jan 01 00:00:18 premature e"..., 72[68] Jan 01 00:00:18
premature exit: bad buf_incrwritepos: BUF_R) = 72
_exit(1) = ?
Now we change keys to be owned by root:
craywb:/home/local/panel/arm/ts7200/etc/dropbear# ls -l
total 8
-rw------- 1 root root 457 2006-04-06 16:14 dropbear_dss_host_key
-rw------- 1 root root 427 2006-04-06 16:13 dropbear_rsa_host_key
and dropbear fails with:
open("/etc/dropbear/dropbear_rsa_host_key", O_RDONLY) = 3
read(3, 0x2edf8, 1700) = -1 EACCES (Permission denied)
time(NULL) = 117
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
getpid() = 71
write(2, "[71] Jan 01 00:01:57 premature e"..., 72[71] Jan 01 00:01:57
premature exit: bad buf_incrwritepos: BUF_R) = 72
_exit(1)
So we change the perms to 644 and dropbear finally succeeds....
craywb:/home/local/panel/arm/ts7200/etc/dropbear# ls -l
total 8
-rw-r--r-- 1 root root 457 2006-04-06 16:14 dropbear_dss_host_key
-rw-r--r-- 1 root root 427 2006-04-06 16:13 dropbear_rsa_host_key
open("/etc/dropbear/dropbear_rsa_host_key", O_RDONLY) = 3
read(3, "\0\0\0\7ssh-rsa\0\0\0\3\1\0\1\0\0\0\203\0\300\234C\260"...,
1700) = 427
read(3, "", 1273) = 0
close(3) = 0
open("/etc/dropbear/dropbear_dss_host_key", O_RDONLY) = 3
read(3, "\0\0\0\7ssh-dss\0\0\0\201\0\2004\252 X\260g\330_1\352\253"...,
1700) = 457
read(3, "", 1243) = 0
close(3) = 0
brk(0) = 0x30000
brk(0x31000) = 0x31000
time(NULL) = 166
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or
directory)
getpid() = 73
write(2, "[73] Jan 01 00:02:46 Not forking"..., 33[73] Jan 01 00:02:46
Not forking
) = 33
open("/var/run/dropbear.pid", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1
ENOENT (No such file or directory)
socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = -1 EAFNOSUPPORT (Address
family not supported by protocol)
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(3, SOL_SOCKET, SO_LINGER, {onoff=1, linger=5}, 8) = 0
setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
setsockopt(3, SOL_IP, IP_TOS, [16], 4) = 0
setsockopt(3, SOL_SOCKET, SO_PRIORITY, [6], 4) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(22),
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
listen(3, 20)
Now I am really confused.....
Shouldn't the keys be only readable by root? Shouldn't dropbear throw
an error at world readable keys?
And why would dropbear fail to read a file only readable by root when it
is running with root perms?
I didn't see anywhere in the strace logs that dropbear relinquished su
priveledges, and it is run as root:
/ # ps
PID Uid VmSize Stat Command
1 root 600 S init
2 root SW [keventd]
3 root SWN [ksoftirqd_CPU0]
4 root SW [kswapd]
5 root SW [bdflush]
6 root SW [kupdated]
7 root SW [mtdblockd]
8 root SW [rpciod]
24 root 676 S /bin/sh /etc/init.d/rcS
26 root 688 S /bin/sh /etc/init.d/rcS
48 root SW [khubd]
66 root 764 S /bin/hush
77 root 552 S dropbear
78 root 812 R /bin/hush
/ # dropbear --version
Unknown argument --version
Dropbear sshd v0.47
Thoughts?
--Yan
More information about the Dropbear
mailing list