From mingching.tiew at redtone.com Tue Oct 12 15:31:29 2010 From: mingching.tiew at redtone.com (Ming-Ching Tiew) Date: Tue, 12 Oct 2010 15:31:29 +0800 Subject: dropbear scp lacks a batchmode/quiet or -y option Message-ID: <4CB40ED1.2060702@redtone.com> I used dbclient -y to get pass the prompting of answering 'y' to unknown hosts, in batchmode execution. However, I could not do the same with scp. Tried these :- scp -q .... scp -o "BatchMode yes" .... scp -y .... None of them works. I am using dropbear 0.51. Any quick solution this ? From roberto.foglietta at gmail.com Tue Oct 12 16:54:20 2010 From: roberto.foglietta at gmail.com (Roberto A. Foglietta) Date: Tue, 12 Oct 2010 10:54:20 +0200 Subject: dropbear scp lacks a batchmode/quiet or -y option In-Reply-To: <4CB40ED1.2060702@redtone.com> References: <4CB40ED1.2060702@redtone.com> Message-ID: Try this patch http://www.roberto.foglietta.name/work//sections/02_Linux/03_Embedded/06_Marconi-Ericsson/dropbear_always_accept_and_store_hostkey.patch it referes to an previous version of dropbox but it could still work, tell me back if it still works or not. it was not accepted into main stream because usage of this option seriously degrade security. 2010/10/12 Ming-Ching Tiew : > > I ?used dbclient -y to get pass the prompting of answering 'y' > to unknown hosts, in batchmode execution. > > However, I could not do the same with scp. Tried these :- > > ?scp -q ?.... > ?scp -o "BatchMode yes" .... > ?scp -y .... > > None of them works. I am using dropbear 0.51. Any quick solution > this ? > -- Roberto A. Foglietta, Soluzioni informatiche B2B mobile: (+39) 349.33.30.697 http://www.linuxteam.org skype: robang74 From rransom.8774 at gmail.com Tue Oct 12 17:28:48 2010 From: rransom.8774 at gmail.com (Robert Ransom) Date: Tue, 12 Oct 2010 02:28:48 -0700 Subject: Dropbear source repository Message-ID: <20101012022848.6fa3a908@gmail.com> Where is the current Dropbear development source repository? Robert Ransom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20101012/91cda0c7/attachment.pgp From mingching.tiew at redtone.com Tue Oct 12 17:44:13 2010 From: mingching.tiew at redtone.com (Ming-Ching Tiew) Date: Tue, 12 Oct 2010 17:44:13 +0800 Subject: dropbear scp lacks a batchmode/quiet or -y option In-Reply-To: References: <4CB40ED1.2060702@redtone.com> Message-ID: <4CB42DED.6000001@redtone.com> I don't understand the patch. It seems to patch all the common files. But I have already happy with dbclient -y, it is able to allow me to get passed the prompting of unknown hosts/keys. Won't it be better just create that additional -y option into scp, which I supposed when set, it will get me passed the prompting, right ? Thanks for the patch I will study it closer. On 10/12/10 16:54, Roberto A. Foglietta wrote: > Try this patch > > http://www.roberto.foglietta.name/work//sections/02_Linux/03_Embedded/06_Marconi-Ericsson/dropbear_always_accept_and_store_hostkey.patch > > it referes to an previous version of dropbox but it could still work, > tell me back if it still works or not. > > it was not accepted into main stream because usage of this option > seriously degrade security. > > 2010/10/12 Ming-Ching Tiew: > >> I used dbclient -y to get pass the prompting of answering 'y' >> to unknown hosts, in batchmode execution. >> >> However, I could not do the same with scp. Tried these :- >> >> scp -q .... >> scp -o "BatchMode yes" .... >> scp -y .... >> >> None of them works. I am using dropbear 0.51. Any quick solution >> this ? >> >> > > > From roberto.foglietta at gmail.com Tue Oct 12 19:35:33 2010 From: roberto.foglietta at gmail.com (Roberto A. Foglietta) Date: Tue, 12 Oct 2010 13:35:33 +0200 Subject: dropbear scp lacks a batchmode/quiet or -y option In-Reply-To: <4CB42DED.6000001@redtone.com> References: <4CB40ED1.2060702@redtone.com> <4CB42DED.6000001@redtone.com> Message-ID: You asked for a quick solution and I think the patch submitted could it be if it would work for the current version and for scp too. ;-) This patch is more than accepting a unknown host/key but it force to accept and to store any changed keys which is much more harmful than -y because it left unprotected on man-in-the-middle attack. However for some circumstances like machine-to-machine point-to-point connection for debug or installation purposes this could be an accepting way to go - otherwise not. 2010/10/12 Ming-Ching Tiew : > > I don't understand the patch. > > It seems to patch all the common files. But I have already happy with > dbclient -y, it is able to allow me to get passed the prompting of > unknown hosts/keys. ?Won't it be better just create that additional > -y option into scp, which I supposed when set, it will get me passed > the prompting, right ? > > Thanks for the patch I will study it closer. > > On 10/12/10 16:54, Roberto A. Foglietta wrote: >> >> Try this patch >> >> >> http://www.roberto.foglietta.name/work//sections/02_Linux/03_Embedded/06_Marconi-Ericsson/dropbear_always_accept_and_store_hostkey.patch >> >> it referes to an previous version of dropbox but it could still work, >> tell me back if it still works or not. >> >> it was not accepted into main stream because usage of this option >> seriously degrade security. >> >> 2010/10/12 Ming-Ching Tiew: >> >>> >>> I ?used dbclient -y to get pass the prompting of answering 'y' >>> to unknown hosts, in batchmode execution. >>> >>> However, I could not do the same with scp. Tried these :- >>> >>> ?scp -q ?.... >>> ?scp -o "BatchMode yes" .... >>> ?scp -y .... >>> >>> None of them works. I am using dropbear 0.51. Any quick solution >>> this ? >>> >>> >> >> >> > > -- Roberto A. Foglietta, Soluzioni informatiche B2B mobile: (+39) 349.33.30.697 http://www.linuxteam.org skype: robang74 From matt at ucc.asn.au Tue Oct 12 20:34:33 2010 From: matt at ucc.asn.au (Matt Johnston) Date: Tue, 12 Oct 2010 20:34:33 +0800 Subject: dropbear scp lacks a batchmode/quiet or -y option In-Reply-To: <4CB40ED1.2060702@redtone.com> References: <4CB40ED1.2060702@redtone.com> Message-ID: <20101012123433.GN8703@ucc.gu.uwa.edu.au> On Tue, Oct 12, 2010 at 03:31:29PM +0800, Ming-Ching Tiew wrote: > > I used dbclient -y to get pass the prompting of answering 'y' > to unknown hosts, in batchmode execution. > > However, I could not do the same with scp. Tried these :- > > scp -q .... > scp -o "BatchMode yes" .... > scp -y .... > > None of them works. I am using dropbear 0.51. Any quick solution > this ? scp is mostly unmodified from OpenSSH, and Dropbear doesn't pass -o options. A workaround would be to make a script dbclient-noask: #!/bin/sh exec dbclient -y "$@" Then run scp -S dbclient-noask ... A bit ugly, but it should work. Matt From matt at ucc.asn.au Tue Oct 12 20:45:02 2010 From: matt at ucc.asn.au (Matt Johnston) Date: Tue, 12 Oct 2010 20:45:02 +0800 Subject: Dropbear source repository In-Reply-To: <20101012022848.6fa3a908@gmail.com> References: <20101012022848.6fa3a908@gmail.com> Message-ID: <20101012124502.GO8703@ucc.gu.uwa.edu.au> On Tue, Oct 12, 2010 at 02:28:48AM -0700, Robert Ransom wrote: > Where is the current Dropbear development source repository? Ah, the web interface had stopped updating, I've fixed that now. http://viewmtn.angrygoats.net/all/branch/changes/au.asn.ucc.matt.dropbear is the URL or you can pull branches with monotone from monotone.ucc.asn.au Cheers, Matt From xaos at darksmile.net Thu Oct 14 04:57:55 2010 From: xaos at darksmile.net (xaos) Date: Wed, 13 Oct 2010 16:57:55 -0400 Subject: Dropbear for iPhone is working In-Reply-To: <20101012124502.GO8703@ucc.gu.uwa.edu.au> References: <20101012022848.6fa3a908@gmail.com> <20101012124502.GO8703@ucc.gu.uwa.edu.au> Message-ID: <4CB61D53.70103@darksmile.net> Hello Everyone, I have successfully compiled and tested Dropbear for the iPhone. There is one catch. A minor one perhaps. I am only using Dropbear to create a tunnel (to a remote site) so I can make a secure socket connection. In other words, the equivalent command: ./dbclient -T -N -K 5 -p 22044 -L 5999:127.0.0.1:5999 dropbear at remotesite.com Now, my question to the list and specifically to Matt: I want to share all my code. What is the best way? Shall I call this a Dropbear branch and continue a separate build tree (I don't really want to go that way), or shall we merge all the changes somehow. Keep in mind that in addition to the Dropbear changes, there are also code fragments for the iPhone which would need to be incorporated. I have #ifdef ALL of my changes so the mainline code should not be affected in any way by my stuff. I have no problem putting up a subversion area in my website just for Dropbear. BTW, my code is (naturally) GPL. Regards, George H. From daniela at civil.uwa.edu.au Thu Oct 21 13:47:27 2010 From: daniela at civil.uwa.edu.au (Daniela Ciancio) Date: Thu, 21 Oct 2010 13:47:27 +0800 Subject: garage sale on saturday Message-ID: <001801cb70e3$71a29a80$598c5f82@civileng.civil.uwa.edu.au> Garage sale of pre-loved Italian fashion clothes and other stuff! Where: 63 Stirling highway, Nedlands When: Saturday 23 October from 10.00 am onwards (late start, pure Italian style!) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20101021/596cf649/attachment.htm From johan at dicam.org.uk Tue Nov 9 22:53:20 2010 From: johan at dicam.org.uk (Johan Ribenfors) Date: Tue, 09 Nov 2010 14:53:20 +0000 Subject: dbclient blocking ports? In-Reply-To: <20100824111147.GA4478@ucc.gu.uwa.edu.au> References: <20100824111147.GA4478@ucc.gu.uwa.edu.au> Message-ID: <4CD96060.3060904@dicam.org.uk> Hi, I have three tunnels from a server running openssh to an embeded pc running dbclient. dbclient -R :localhost: -A 60 -g -T -N -f -i /etc/dropbear/ngw_rsa_private_key ngw@ One of the ports the tunnels were connecting to became blocked. The other ports were unaffected, but we couldn't connect to the blocked port through the tunnel or otherwise. Could dbclient cause this in any way? - Johan From johan at dicam.org.uk Wed Nov 10 01:11:28 2010 From: johan at dicam.org.uk (Johan Ribenfors) Date: Tue, 9 Nov 2010 17:11:28 +0000 (UTC) Subject: dbclient blocking ports? References: <20100824111147.GA4478@ucc.gu.uwa.edu.au> <4CD96060.3060904@dicam.org.uk> Message-ID: Johan Ribenfors dicam.org.uk> writes: > > Hi, > > I have three tunnels from a server running openssh to an embeded pc > running dbclient. > > dbclient -R :localhost: -A 60 -g -T -N -f -i > /etc/dropbear/ngw_rsa_private_key ngw@ > > One of the ports the tunnels were connecting to became blocked. The > other ports were unaffected, but we couldn't connect to the blocked port > through the tunnel or otherwise. > > Could dbclient cause this in any way? > > - Johan > > It looks like it wasn't dbclient. The embedded machine is inside a vpn, and it appears the vpn had problems. We didn't think of this at first as other embeded pcs inside the vpn were still working corectly. - Johan