keys generated on one architecture for another?

Yan Seiner yan at seiner.com
Wed Aug 16 18:41:49 WST 2006 

>Date: Sat, 12 Aug 2006 14:56:50 +0800
>From: Matt Johnston <matt at ucc.asn.au>
>Subject: Re: keys generated on one architecture for another?
>To: Yan Seiner <yan at seiner.com>
>Cc: dropbear at ucc.asn.au
>Message-ID: <20060812065650.GX30226 at ucc.gu.uwa.edu.au>
>Content-Type: text/plain; charset=us-ascii
>
>On Fri, Aug 11, 2006 at 10:27:15AM -0700, Yan Seiner wrote:
>  
>
>>/ # /bin/dropbear -F -v
>>TRACE: enter loadhostkeys
>>[1154] Jan 01 00:30:22 premature exit: bad buf_incrwritepos: BUF_MAX_INCR
>>TRACE: enter session_cleanup
>>TRACE: leave session_cleanup: !sessinitdone
>>
>>I've modified the source to tell me which if condition is failing.... 
>>And it is the max increment, which is defined to be a very large number....
>>
>>So are the keys architecture specific?  Am I running into some integer 
>>length or *-endian issues here?
>>
>>Can you pre-build keys on an x86 for arm?
>>    
>>
>
>They keys should work fine between platforms. Could you send
>a sample key generated on each platform?
>  
>

Matt:

I finally got around to figuring out what was going on, and I have an 
issue that may be a bug/security issue/lack of understanding on my part...

First of all, by way of background, my target file system is generated 
by an ordinary user, UID 1000, GID 1000.  This is OK for most apps; I 
change the perms on busybox to make it happy.

The dropbear keys are generated with UID 1000, GID 1000, and perms of 0600.

craywb:/home/local/panel/arm/ts7200/etc/dropbear# ls -l
total 8
-rw-------  1 yan yan 457 2006-04-06 16:14 dropbear_dss_host_key
-rw-------  1 yan yan 427 2006-04-06 16:13 dropbear_rsa_host_key

And dropbear fails with:

open("/etc/dropbear/dropbear_rsa_host_key", O_RDONLY) = 3
read(3, 0x2edf8, 1700)                  = -1 EIO (Input/output error)
time(NULL)                              = 18
open("/etc/localtime", O_RDONLY)        = -1 ENOENT (No such file or 
directory)
getpid()                                = 68
write(2, "[68] Jan 01 00:00:18 premature e"..., 72[68] Jan 01 00:00:18 
premature exit: bad buf_incrwritepos: BUF_R) = 72
_exit(1)                                = ?

Now we change keys to be owned by root:

craywb:/home/local/panel/arm/ts7200/etc/dropbear# ls -l
total 8
-rw-------  1 root root 457 2006-04-06 16:14 dropbear_dss_host_key
-rw-------  1 root root 427 2006-04-06 16:13 dropbear_rsa_host_key

and dropbear fails with:

open("/etc/dropbear/dropbear_rsa_host_key", O_RDONLY) = 3
read(3, 0x2edf8, 1700)                  = -1 EACCES (Permission denied)
time(NULL)                              = 117
open("/etc/localtime", O_RDONLY)        = -1 ENOENT (No such file or 
directory)
getpid()                                = 71
write(2, "[71] Jan 01 00:01:57 premature e"..., 72[71] Jan 01 00:01:57 
premature exit: bad buf_incrwritepos: BUF_R) = 72
_exit(1) 

So we change the perms to 644 and dropbear finally succeeds....

craywb:/home/local/panel/arm/ts7200/etc/dropbear# ls -l
total 8
-rw-r--r--  1 root root 457 2006-04-06 16:14 dropbear_dss_host_key
-rw-r--r--  1 root root 427 2006-04-06 16:13 dropbear_rsa_host_key

open("/etc/dropbear/dropbear_rsa_host_key", O_RDONLY) = 3
read(3, "\0\0\0\7ssh-rsa\0\0\0\3\1\0\1\0\0\0\203\0\300\234C\260"..., 
1700) = 427
read(3, "", 1273)                       = 0
close(3)                                = 0
open("/etc/dropbear/dropbear_dss_host_key", O_RDONLY) = 3
read(3, "\0\0\0\7ssh-dss\0\0\0\201\0\2004\252 X\260g\330_1\352\253"..., 
1700) = 457
read(3, "", 1243)                       = 0
close(3)                                = 0
brk(0)                                  = 0x30000
brk(0x31000)                            = 0x31000
time(NULL)                              = 166
open("/etc/localtime", O_RDONLY)        = -1 ENOENT (No such file or 
directory)
getpid()                                = 73
write(2, "[73] Jan 01 00:02:46 Not forking"..., 33[73] Jan 01 00:02:46 
Not forking
) = 33
open("/var/run/dropbear.pid", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 
ENOENT (No such file or directory)
socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = -1 EAFNOSUPPORT (Address 
family not supported by protocol)
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(3, SOL_SOCKET, SO_LINGER, {onoff=1, linger=5}, 8) = 0
setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
setsockopt(3, SOL_IP, IP_TOS, [16], 4)  = 0
setsockopt(3, SOL_SOCKET, SO_PRIORITY, [6], 4) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(22), 
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
listen(3, 20)

Now I am really confused.....

Shouldn't the keys be only readable by root?  Shouldn't dropbear throw 
an error at world readable keys?

And why would dropbear fail to read a file only readable by root when it 
is running with root perms?

I didn't see anywhere in the strace logs that dropbear relinquished su 
priveledges, and it is run as root:

/ # ps
  PID  Uid     VmSize Stat Command
    1 root        600 S   init
    2 root            SW  [keventd]
    3 root            SWN [ksoftirqd_CPU0]
    4 root            SW  [kswapd]
    5 root            SW  [bdflush]
    6 root            SW  [kupdated]
    7 root            SW  [mtdblockd]
    8 root            SW  [rpciod]
   24 root        676 S   /bin/sh /etc/init.d/rcS
   26 root        688 S   /bin/sh /etc/init.d/rcS
   48 root            SW  [khubd]
   66 root        764 S   /bin/hush
   77 root        552 S   dropbear
   78 root        812 R   /bin/hush

/ # dropbear --version
Unknown argument --version
Dropbear sshd v0.47

Thoughts?

--Yan

More information about the Dropbear mailing list