Dropbear 2013.56 released

Matt Johnston matt at ucc.asn.au
Thu Mar 21 23:40:46 WST 2013

Hi all,

Dropbear 2013.56 is now released, with a mix of features and
bug fixes. Download as usual at

I've also set up a github mirror of the Dropbear mercurial
repository at https://github.com/mkj/dropbear . It'll be
read-only but might be of use to the various forks.


2013.56 - Thursday 21 March 2013

- Allow specifying cipher (-c) and MAC (-m) lists for dbclient

- Allow using 'none' cipher or MAC (off by default, use options.h). Encryption
  is used during authentication then disabled, similar to OpenSSH HPN mode

- Allow a user in immediately if the account has a blank password and blank
  passwords are enabled

- Include a few extra sources of entropy from /proc on Linux, hash private keys
  as well. Dropbear will also write gathered entropy back into /dev/urandom

- Added hmac-sha2-256 and hmac-sha2-512 support (off by default, use options.h)

- Don't sent bad address "localhost" for -R forward connections, 
  reported by Denis Bider

- Add "-B" runtime option to allow blank passwords

- Allow using IPv6 bracket notation for addresses in server "-p" option, from Ben Jencks

- A few improvements for Android from Reimar Döffinger

- Fix memory leak for TCP forwarded connections to hosts that timed out,
  reported by Norbert Benczúr. Appears to be a very long-standing bug.

- Fix "make clean" for out of tree builds

- Fix compilation when ENABLE_{SVR,CLI}_AGENTFWD are unset

More information about the Dropbear mailing list