Preventing shells from being spawned

Korey Calmettes jessnkorey at gmail.com
Sat May 17 02:21:39 WST 2008


Hello,

Back in 2005, there was a post from John Daz who would like to tunnel into
an embedded system without providing a shell.  It was responded by Matt who
advised him to comment out line 70 of svr-session.c which read
"&svrchansess,".

I also would like to allow one embedded system to tunnel into another
embedded system without providing a shell.  I am running Dropbear 0.50.  I
commented out the same line (still on line 70) and now I am unable to log in
using dbclient.

On the server side I am running:

dropbear -r /etc/dropbearkey -s -a -p 12345

On the client side, I am running:

dbclient -p 12345 -i /etc/clientkey -y -L 80:localhost:80 -g -T 192.168.2.45

I get the following:

Host '192.168.2.45' key accepted unconditionally.
(fingerprint md5 50:69:d1:be:84:f3:6d:1d:c7:86:de:2f:bf:b9:38:25)
Connection to root at 192.168.2.45:12345 closed.
Now if I uncomment line 70 of svr-session.c, it works flawlessly.

I don't know if it matters, however I am running this on BusyBox v1.1.3 on
an ARM9 Processor.

Any assistance would be appreciated,

Thanks,

Korey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20080516/7c89cbe8/attachment.htm 


More information about the Dropbear mailing list