Elliptic Curve host key and -R argument bug
Matt Johnston
matt at ucc.asn.au
Tue Jan 28 22:47:53 WST 2014
Hi,
Could you see if the patch below fixes it? I think the ecdsa hostkeys are
coincidental.
Cheers,
Matt
https://secure.ucc.asn.au/hg/dropbear/rev/6e6ae84d3dba
--- a/gensignkey.c Thu Jan 23 22:29:04 2014 +0800
+++ b/gensignkey.c Tue Jan 28 22:44:24 2014 +0800
@@ -26,7 +26,7 @@
while (buf->pos != buf->len) {
int len = write(fd, buf_getptr(buf, buf->len - buf->pos),
buf->len - buf->pos);
- if (errno == EINTR) {
+ if (len == -1 && errno == EINTR) {
continue;
}
if (len <= 0) {
On Tue, Jan 28, 2014 at 02:18:44PM +0000, Bruno Thomsen wrote:
> Hi,
>
> I have observed some strange dropbear behavior with the -R argument (Create hostkeys as required) and Elliptic Curve host keys.
> The result is an extremely large temporary host key file (multiple megabytes).
>
> SSH client: Google Chrome extension: Secure Shell 0.8.25
>
> 1) Connect to dropbear running without arguments and a single host key (ecdsa-sha2-nistp521) in /etc/dropbear/dropbear_ecdsa_host_key
> 2) Stop dropbear
> 3) Remove old host key and generate a single new host key (ecdsa-sha2-nistp256) in /etc/dropbear/dropbear_ecdsa_host_key
> 4) Start dropbear with -R argument
> 5) Reconnect to dropbear and it generate an extremely large host key (process never ends).
>
>
>
> Result:
> root at target:~ ll /etc/dropbear/
> total 54508
> dr-------- 2 root root 1024 Jan 28 13:38 .
> drwxrwxr-x 19 root root 1024 Jan 28 12:09 ..
> -r-------- 1 root root 140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw------- 1 root root 55593054 Jan 28 13:39 dropbear_ecdsa_host_key.tmp377
> root at target:~ ll /etc/dropbear/
> total 66001
> dr-------- 2 root root 1024 Jan 28 13:38 .
> drwxrwxr-x 19 root root 1024 Jan 28 12:09 ..
> -r-------- 1 root root 140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw------- 1 root root 67316589 Jan 28 13:40 dropbear_ecdsa_host_key.tmp377
> root at target:~ ll /etc/dropbear/
> total 70657
> dr-------- 2 root root 1024 Jan 28 13:38 .
> drwxrwxr-x 19 root root 1024 Jan 28 12:09 ..
> -r-------- 1 root root 140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw------- 1 root root 72064080 Jan 28 13:40 dropbear_ecdsa_host_key.tmp377
> root at target:~ ll /etc/dropbear/
> total 84631
> dr-------- 2 root root 1024 Jan 28 13:38 .
> drwxrwxr-x 19 root root 1024 Jan 28 12:09 ..
> -r-------- 1 root root 140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw------- 1 root root 86317002 Jan 28 13:40 dropbear_ecdsa_host_key.tmp377
> root at target:~ ll /etc/dropbear/
> total 129200
> dr-------- 2 root root 1024 Jan 28 13:38 .
> drwxrwxr-x 19 root root 1024 Jan 28 12:09 ..
> -r-------- 1 root root 140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw------- 1 root root 131778657 Jan 28 13:41 dropbear_ecdsa_host_key.tmp377
> root at target:~ ll /etc/dropbear/
> total 130372
> dr-------- 2 root root 1024 Jan 28 13:38 .
> drwxrwxr-x 19 root root 1024 Jan 28 12:09 ..
> -r-------- 1 root root 140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw------- 1 root root 132973731 Jan 28 13:41 dropbear_ecdsa_host_key.tmp377
> root at target:~ ll /etc/dropbear/
> total 131219
> dr-------- 2 root root 1024 Jan 28 13:38 .
> drwxrwxr-x 19 root root 1024 Jan 28 12:09 ..
> -r-------- 1 root root 140 Jan 28 13:35 dropbear_ecdsa_host_key
> -rw------- 1 root root 133837839 Jan 28 13:41 dropbear_ecdsa_host_key.tmp377
> root at target:~ top
> Mem: 121580K used, 3376K free, 0K shrd, 10172K buff, 91900K cached
> CPU: 20.0% usr 80.0% sys 0.0% nic 0.0% idle 0.0% io 0.0% irq 0.0% sirq
> Load average: 2.30 1.04 0.52 2/55 1416
> PID PPID USER STAT VSZ %MEM CPU %CPU COMMAND
> 377 31162 root R 2292 1.8 0 66.5 dropbear -R
>
>
>
> Maybe it's a collision in /etc/dropbear/dropbear_ecdsa_host_key that holds an ecdsa-sha2-nistp256 and when dropbear tries to generate a new ecdsa-sha2-nistp521.
>
>
> Venlig hilsen / Best regards
>
> Kamstrup A/S <http://www.kamstrup.dk>
> Bruno Thomsen
> Development engineer
> Technology
>
> Kamstrup A/S
> Industrivej 28
> DK-8660 Skanderborg
> Tel: +45 89 93 10 00
> Fax: +45 89 93 10 01
> Dir: +45 89 93 13 94
> E-mail: bth at kamstrup.dk
> Web: www.kamstrup.dk
>
More information about the Dropbear
mailing list