Dropbear cli-session

Matt Johnston matt at ucc.asn.au
Sun Sep 28 21:33:33 WST 2014

If you want to run it all within Dropbear itself I'd modify
sessioncommand()  which handles subsystem requests. Rather
than calling ptycommand() or noptycommand() make it call
connect_remote() - have a look at newtcpdirect() for an
example. Set channel->writefd and channel->readfd to the
returned socket, and make sure you set ses.maxfd
appropriately. It's an asynchronous connection, but I think
it should work OK.

Another option would be to make a little helper script that runs
'nc host port' and add another special case like that for
sftp in sessioncommand().


On Thu, Sep 25, 2014 at 10:27:12AM -0400, Paul Lemay wrote:
> Actually Matt,
> it is a NETCONF server that I am implementing but I was expecting to have a
> TCP communication from dropbear! I see that you already trigger a subsystem
> in such a context. Is it possible to setup a tcp communication link with
> the server at this point in the code?
> On Thu, Sep 25, 2014 at 6:37 AM, Paul Lemay <plemay at accedian.com> wrote:
> > Hello Matt,
> >
> > Thanks for your reply.
> >
> > Let me provide additional information on what I am trying to do with
> > Dropbear. There are several types of client applications (i.e., some
> > running their own client version of SSH others running through the Dropbear
> > SSH clients apps with prot forwarding). They are all looking for secure
> > services provided by a single server (i.e., MyTcpServer). In other words,
> > all SSH clients connects to a single Dropbear server for services provided
> > by MyTcpServer. The other connections to the Dropbear server will be
> > rejected by MyTcpServer because they won't support MyTcpServer XML
> > protocol. Threfore, in my simple view of things, the Dropbear server
> > instance provides the secure authentication and communication. All
> > decrypted communication channels are forwarded to MyTcpServer.
> >
> > Hope this could help in finding a good solution.
> >
> > Best Regards!
> >
> > On Wed, Sep 24, 2014 at 1:01 PM, Paul Lemay <plemay at accedian.com> wrote:
> >
> >> Hello there,
> >>
> >> I have a SSH client browser. It is connected to the Dropbear server. I
> >> would like to know if it is possible to tailor dropbear so that, once the
> >> dropbear authentication process is completed, a connection is establish to
> >> my local server ready to takeover TCP communication for this browser.
> >>
> >> I understand there is a cli-tcpfwd that seems to support this function
> >> but I do not know how to use it. Are there some examples available?
> >>
> >
> >
> -- 
> Avis de confidentialité
> Les informations contenues dans le présent message et dans toute pièce qui 
> lui est jointe sont confidentielles et peuvent être protégées par le secret 
> professionnel. Ces informations sont à l’usage exclusif de son ou de ses 
> destinataires. Si vous recevez ce message par erreur, veuillez s’il vous 
> plait communiquer immédiatement avec l’expéditeur et en détruire tout 
> exemplaire. De plus, il vous est strictement interdit de le divulguer, de 
> le distribuer ou de le reproduire sans l’autorisation de l’expéditeur. 
> Merci.
> Confidentiality notice
> This e-mail message and any attachment hereto contain confidential 
> information which may be privileged and which is intended for the exclusive 
> use of its addressee(s). If you receive this message in error, please 
> inform sender immediately and destroy any copy thereof. Furthermore, any 
> disclosure, distribution or copying of this message and/or any attachment 
> hereto without the consent of the sender is strictly prohibited. Thank you.

More information about the Dropbear mailing list