From cat at vv.carleton.ca Fri Jan 2 14:07:26 2015 From: cat at vv.carleton.ca (Catalin Patulea) Date: Fri, 2 Jan 2015 01:07:26 -0500 Subject: [PATCH] Handle invalid agent keys by skipping rather than exiting. Message-ID: -------------- next part -------------- A non-text attachment was scrubbed... Name: dropbear-skip-bad-key.patch Type: application/octet-stream Size: 1247 bytes Desc: not available Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20150102/f5f91868/attachment.obj From peter at korsgaard.com Fri Jan 2 17:13:13 2015 From: peter at korsgaard.com (Peter Korsgaard) Date: Fri, 02 Jan 2015 10:13:13 +0100 Subject: [PATCH] gensignkey: ensure host keys are flushed to disk In-Reply-To: <87h9xawl4b.fsf@dell.be.48ers.dk> (Peter Korsgaard's message of "Fri, 05 Dec 2014 09:34:28 +0100") References: <1414501886-20843-1-git-send-email-jacmet@sunsite.dk> <20141108142602.GH10430@ucc.gu.uwa.edu.au> <1415609670.29319.3.camel@sfr.com> <87r3wjh9pt.fsf@dell.be.48ers.dk> <1417451112.13290.3.camel@sfr.com> <87h9xawl4b.fsf@dell.be.48ers.dk> Message-ID: <877fx5a6l2.fsf@dell.be.48ers.dk> >>>>> "Peter" == Peter Korsgaard writes: Hi, >> In any case, I have to apologize for all that fuzz - it seems I've been >> plain wrong on that case. I should have known better: test before you >> assert something. This way, I would have seen that opening a directory >> as writable was not possible. >> Sorry for that, > No problem. Matt, how will we fix it? Unconditionally use O_RDONLY or > some kind of fallback? Matt, what do you say? It would be good to get this fixed. Host key generation is basically completely broken by this. -- Bye, Peter Korsgaard From matt at ucc.asn.au Sun Jan 4 22:24:15 2015 From: matt at ucc.asn.au (Matt Johnston) Date: Sun, 4 Jan 2015 22:24:15 +0800 Subject: [PATCH] gensignkey: ensure host keys are flushed to disk In-Reply-To: <877fx5a6l2.fsf@dell.be.48ers.dk> References: <1414501886-20843-1-git-send-email-jacmet@sunsite.dk> <20141108142602.GH10430@ucc.gu.uwa.edu.au> <1415609670.29319.3.camel@sfr.com> <87r3wjh9pt.fsf@dell.be.48ers.dk> <1417451112.13290.3.camel@sfr.com> <87h9xawl4b.fsf@dell.be.48ers.dk> <877fx5a6l2.fsf@dell.be.48ers.dk> Message-ID: <20150104142415.GP10430@ucc.gu.uwa.edu.au> On Fri, Jan 02, 2015 at 10:13:13AM +0100, Peter Korsgaard wrote: > > No problem. Matt, how will we fix it? Unconditionally use O_RDONLY or > > some kind of fallback? > > Matt, what do you say? It would be good to get this fixed. Host key > generation is basically completely broken by this. I've committed that now with O_RDONLY. Sorry it took a while. Cheers, Matt From matt at ucc.asn.au Sun Jan 4 22:34:40 2015 From: matt at ucc.asn.au (Matt Johnston) Date: Sun, 4 Jan 2015 22:34:40 +0800 Subject: [PATCH] Handle invalid agent keys by skipping rather than exiting. In-Reply-To: References: Message-ID: <20150104143440.GQ10430@ucc.gu.uwa.edu.au> Thanks, I've applied this now. Matt From peter at korsgaard.com Mon Jan 5 00:59:12 2015 From: peter at korsgaard.com (Peter Korsgaard) Date: Sun, 04 Jan 2015 17:59:12 +0100 Subject: [PATCH] gensignkey: ensure host keys are flushed to disk In-Reply-To: <20150104142415.GP10430@ucc.gu.uwa.edu.au> (Matt Johnston's message of "Sun, 4 Jan 2015 22:24:15 +0800") References: <1414501886-20843-1-git-send-email-jacmet@sunsite.dk> <20141108142602.GH10430@ucc.gu.uwa.edu.au> <1415609670.29319.3.camel@sfr.com> <87r3wjh9pt.fsf@dell.be.48ers.dk> <1417451112.13290.3.camel@sfr.com> <87h9xawl4b.fsf@dell.be.48ers.dk> <877fx5a6l2.fsf@dell.be.48ers.dk> <20150104142415.GP10430@ucc.gu.uwa.edu.au> Message-ID: <87k3127a8v.fsf@dell.be.48ers.dk> >>>>> "Matt" == Matt Johnston writes: > On Fri, Jan 02, 2015 at 10:13:13AM +0100, Peter Korsgaard wrote: >> > No problem. Matt, how will we fix it? Unconditionally use O_RDONLY or >> > some kind of fallback? >> >> Matt, what do you say? It would be good to get this fixed. Host key >> generation is basically completely broken by this. > I've committed that now with O_RDONLY. Sorry it took a while. Great, thanks! -- Venlig hilsen, Peter Korsgaard From matt at ucc.asn.au Fri Jan 9 22:59:53 2015 From: matt at ucc.asn.au (Matt Johnston) Date: Fri, 9 Jan 2015 22:59:53 +0800 Subject: [dropbear] Prefer stronger algorithms in algorithm negotiation. (#9) In-Reply-To: References: Message-ID: <20150109145953.GR10430@ucc.gu.uwa.edu.au> (CCing the dropbear list - hopefully crossposting isn't too awkward) I'll merge this pull request, though if anyone has comments please let me know. Comments inline below. Matt On Thu, Jan 08, 2015 at 04:46:48AM -0800, fedor-brunner wrote: > https://github.com/mkj/dropbear/pull/9 > > -- Commit Summary -- > > * Prefer stronger algorithms in algorithm negotiation. > > -- File Changes -- > > M common-algo.c (16) > Prefer diffie-hellman-group14-sha1 (2048 bit) over > diffie-hellman-group1-sha1 (1024 bit). This is probably OK. group14 is quite a bit slower for slow machines (2x?). I don't think that's a big problem though - the algorithm preference order only applies to Dropbear as a client. In that case most servers seem to support ecdh methods which are fast - they're the first preference (curve25519 and the nist methods). > [prefer aes256 over 3des] > Due to meet-in-the-middle attacks the effective key length of > three key 3DES is 112 bits. AES is stronger and faster then 3DES. This makes sense. > Prefer to delay the start of compression until after authentication > has completed. This avoids exposing compression code to attacks > from unauthenticated users. I was thinking of doing this recently myself. At the time I added delayed compression some widespread clients (PuTTY I think?) didn't suppprt it, but I think that's OK now. From dropbear at procountsoftware.co.uk Tue Jan 13 21:24:27 2015 From: dropbear at procountsoftware.co.uk (dropbear at procountsoftware.co.uk) Date: Tue, 13 Jan 2015 08:24:27 -0500 Subject: Server refused to start a shell/command (Buildroot - RPi) Message-ID: <380-220151213132427199@M2W112.mail2web.com> I have a minimalistic buildroot system for the Raspberry Pi and would like to add a dropbear ssh server to it that is started and is available from boot, but for now I'm just trying to enable it manually and I'm having a few problems. I enabled dropbear within 'make menuconfig' and rebuilt buildroot. It downloaded dropbear 2013.58 which I know is a little old, but it should still work, right? After booting my new system I didn't use S50dropbear itself but tried to do things manually. I created /etc/dropbear and within there I created the keys necessary for dropbear using: dropbearkey -t rsa -f dropbear_rsa_host_key dropbearkey -t dss -f dropbear_dss_host_key Then I executed dropbear (no arguments) and I could see it in the process list. When I tried to connect to it from Putty, I got the following error: "Server refused to allocate pty" which I discovered was possibly due to not having a suitable mountpoint. So I added the following entry to FSTAB (as per a google post I found): none /dev/pts devpts gid=5,mode=620 0 0 Now the error has changed to "Server refused to start a shell/command" and I haven't been able to find a solution. I can connect to the Pi using WinSCP over SCP fine, but I really want a command shell using PuTTY. This may be more to do with my minimalistic buildroot configuration than anything else, but this is my first buildroot build so I'm a bit of a newbie. My starting point was the buildroot configuration used to create the RPi NOOBS recovery program. -------------------------------------------------------------------- mail2web.com Enhanced email for the mobile individual based on Microsoft Exchange - http://link.mail2web.com/Personal/EnhancedEmail From matt at ucc.asn.au Tue Jan 13 21:35:04 2015 From: matt at ucc.asn.au (Matt Johnston) Date: Tue, 13 Jan 2015 21:35:04 +0800 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: <380-220151213132427199@M2W112.mail2web.com> References: <380-220151213132427199@M2W112.mail2web.com> Message-ID: Hi, If you run ?dropbear -F -E? (kill the existing server process first) then it will run in the foreground and print logging. That should suggest what?s going wrong. Alternatively it might already be logging to somewhere in /var/log depending if syslog is running. Cheers, Matt > On Tue 13/1/2015, at 9:24 pm, dropbear at procountsoftware.co.uk wrote: > > I have a minimalistic buildroot system for the Raspberry Pi and would like > to add a dropbear ssh server to it that is started and is available from > boot, but for now I'm just trying to enable it manually and I'm having a > few problems. > > I enabled dropbear within 'make menuconfig' and rebuilt buildroot. It > downloaded dropbear 2013.58 which I know is a little old, but it should > still work, right? > After booting my new system I didn't use S50dropbear itself but tried to do > things manually. I created /etc/dropbear and within there I created the > keys necessary for dropbear using: > > dropbearkey -t rsa -f dropbear_rsa_host_key > dropbearkey -t dss -f dropbear_dss_host_key > > Then I executed dropbear (no arguments) and I could see it in the process > list. > > When I tried to connect to it from Putty, I got the following error: > "Server refused to allocate pty" which I discovered was possibly due to not > having a suitable mountpoint. > So I added the following entry to FSTAB (as per a google post I found): > > none /dev/pts devpts gid=5,mode=620 0 0 > > Now the error has changed to "Server refused to start a shell/command" and > I haven't been able to find a solution. I can connect to the Pi using > WinSCP over SCP fine, but I really want a command shell using PuTTY. > > This may be more to do with my minimalistic buildroot configuration than > anything else, but this is my first buildroot build so I'm a bit of a > newbie. My starting point was the buildroot configuration used to create > the RPi NOOBS recovery program. > > > -------------------------------------------------------------------- > mail2web.com Enhanced email for the mobile individual based on Microsoft > Exchange - http://link.mail2web.com/Personal/EnhancedEmail > > From peter at korsgaard.com Tue Jan 13 21:40:54 2015 From: peter at korsgaard.com (Peter Korsgaard) Date: Tue, 13 Jan 2015 14:40:54 +0100 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: <380-220151213132427199@M2W112.mail2web.com> (dropbear@procountsoftware.co.uk's message of "Tue, 13 Jan 2015 08:24:27 -0500") References: <380-220151213132427199@M2W112.mail2web.com> Message-ID: <877fwqol21.fsf@dell.be.48ers.dk> >>>>> "dropbear at procountsoftware" == dropbear at procountsoftware co uk writes: > I have a minimalistic buildroot system for the Raspberry Pi and would like > to add a dropbear ssh server to it that is started and is available from > boot, but for now I'm just trying to enable it manually and I'm having a > few problems. > I enabled dropbear within 'make menuconfig' and rebuilt buildroot. It > downloaded dropbear 2013.58 which I know is a little old, but it should > still work, right? What Buildroot version are you using? The latest Buildroot release (2014.11) uses dropbear 2014.66 and correctly sets up /dev and dropbear. E.G. make raspberrypi_defconfig make menuconfig (enable dropbear) make -- Bye, Peter Korsgaard From dropbear at procountsoftware.co.uk Tue Jan 13 22:29:00 2015 From: dropbear at procountsoftware.co.uk (Kevin Hill) Date: Tue, 13 Jan 2015 14:29:00 +0000 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: <877fwqol21.fsf@dell.be.48ers.dk> References: <380-220151213132427199@M2W112.mail2web.com> <877fwqol21.fsf@dell.be.48ers.dk> Message-ID: Peter, I think it is 2013.02 - the same one used for NOOBS. So I guess it is also quite old, but I didn't want to upgrade and break the rest of the system. I'm still taking baby steps... If I can't get this version working, I'll consider upgrading to buildroot 2014.11 Thanks for the info. Kevin. On 2015-01-13 13:40, Peter Korsgaard wrote: >>>>>> "dropbear at procountsoftware" == dropbear at procountsoftware co uk >>>>>> writes: > > > I have a minimalistic buildroot system for the Raspberry Pi and > would like > > to add a dropbear ssh server to it that is started and is > available from > > boot, but for now I'm just trying to enable it manually and I'm > having a > > few problems. > > > I enabled dropbear within 'make menuconfig' and rebuilt buildroot. > It > > downloaded dropbear 2013.58 which I know is a little old, but it > should > > still work, right? > > What Buildroot version are you using? The latest Buildroot release > (2014.11) uses dropbear 2014.66 and correctly sets up /dev and > dropbear. > > E.G. > make raspberrypi_defconfig > make menuconfig (enable dropbear) > make From dropbear at procountsoftware.co.uk Wed Jan 14 05:42:38 2015 From: dropbear at procountsoftware.co.uk (Kevin Hill) Date: Tue, 13 Jan 2015 21:42:38 +0000 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: References: <380-220151213132427199@M2W112.mail2web.com> Message-ID: After logging in successfully the following log messages are indicative of my problem: pty_allocate: openpty: No space left on device No pty was allocated, couldn't execute Exit (root): Exited normally. PuTTY gets the messages: Server refused to allocate pty Server refused to start a shell/command. So how do I fix this? Which device is it talking about? My buildroot system is running from initramfs. Thanks, Kevin On 2015-01-13 13:35, Matt Johnston wrote: > Hi, > > If you run ?dropbear -F -E? (kill the existing server process first) > then it will run in the foreground and print logging. That should > suggest what?s going wrong. Alternatively it might already be logging > to somewhere in /var/log depending if syslog is running. > > Cheers, > Matt > >> On Tue 13/1/2015, at 9:24 pm, dropbear at procountsoftware.co.uk wrote: >> >> I have a minimalistic buildroot system for the Raspberry Pi and >> would like >> to add a dropbear ssh server to it that is started and is available >> from >> boot, but for now I'm just trying to enable it manually and I'm >> having a >> few problems. >> >> I enabled dropbear within 'make menuconfig' and rebuilt buildroot. >> It >> downloaded dropbear 2013.58 which I know is a little old, but it >> should >> still work, right? >> After booting my new system I didn't use S50dropbear itself but >> tried to do >> things manually. I created /etc/dropbear and within there I created >> the >> keys necessary for dropbear using: >> >> dropbearkey -t rsa -f dropbear_rsa_host_key >> dropbearkey -t dss -f dropbear_dss_host_key >> >> Then I executed dropbear (no arguments) and I could see it in the >> process >> list. >> >> When I tried to connect to it from Putty, I got the following error: >> "Server refused to allocate pty" which I discovered was possibly due >> to not >> having a suitable mountpoint. >> So I added the following entry to FSTAB (as per a google post I >> found): >> >> none /dev/pts devpts gid=5,mode=620 >> 0 0 >> >> Now the error has changed to "Server refused to start a >> shell/command" and >> I haven't been able to find a solution. I can connect to the Pi >> using >> WinSCP over SCP fine, but I really want a command shell using PuTTY. >> >> This may be more to do with my minimalistic buildroot configuration >> than >> anything else, but this is my first buildroot build so I'm a bit of >> a >> newbie. My starting point was the buildroot configuration used to >> create >> the RPi NOOBS recovery program. >> >> >> -------------------------------------------------------------------- >> mail2web.com Enhanced email for the mobile individual based on >> Microsoft >> Exchange - http://link.mail2web.com/Personal/EnhancedEmail >> >> From matt at ucc.asn.au Wed Jan 14 21:14:43 2015 From: matt at ucc.asn.au (Matt Johnston) Date: Wed, 14 Jan 2015 21:14:43 +0800 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: References: <380-220151213132427199@M2W112.mail2web.com> Message-ID: <3E858FE8-B318-4766-8A6D-9ABF33F7287F@ucc.asn.au> My guess would be that /dev is full. Running ?df? should show amounts of free space. Cheers, Matt > On Wed 14/1/2015, at 5:42 am, Kevin Hill wrote: > > After logging in successfully the following log messages are indicative of my problem: > > pty_allocate: openpty: No space left on device > No pty was allocated, couldn't execute > Exit (root): Exited normally. > > PuTTY gets the messages: > Server refused to allocate pty > Server refused to start a shell/command. > > So how do I fix this? > Which device is it talking about? > My buildroot system is running from initramfs. > > Thanks, > Kevin > > On 2015-01-13 13:35, Matt Johnston wrote: >> Hi, >> >> If you run ?dropbear -F -E? (kill the existing server process first) >> then it will run in the foreground and print logging. That should >> suggest what?s going wrong. Alternatively it might already be logging >> to somewhere in /var/log depending if syslog is running. >> >> Cheers, >> Matt >> >>> On Tue 13/1/2015, at 9:24 pm, dropbear at procountsoftware.co.uk wrote: >>> >>> I have a minimalistic buildroot system for the Raspberry Pi and would like >>> to add a dropbear ssh server to it that is started and is available from >>> boot, but for now I'm just trying to enable it manually and I'm having a >>> few problems. >>> >>> I enabled dropbear within 'make menuconfig' and rebuilt buildroot. It >>> downloaded dropbear 2013.58 which I know is a little old, but it should >>> still work, right? >>> After booting my new system I didn't use S50dropbear itself but tried to do >>> things manually. I created /etc/dropbear and within there I created the >>> keys necessary for dropbear using: >>> >>> dropbearkey -t rsa -f dropbear_rsa_host_key >>> dropbearkey -t dss -f dropbear_dss_host_key >>> >>> Then I executed dropbear (no arguments) and I could see it in the process >>> list. >>> >>> When I tried to connect to it from Putty, I got the following error: >>> "Server refused to allocate pty" which I discovered was possibly due to not >>> having a suitable mountpoint. >>> So I added the following entry to FSTAB (as per a google post I found): >>> >>> none /dev/pts devpts gid=5,mode=620 0 0 >>> >>> Now the error has changed to "Server refused to start a shell/command" and >>> I haven't been able to find a solution. I can connect to the Pi using >>> WinSCP over SCP fine, but I really want a command shell using PuTTY. >>> >>> This may be more to do with my minimalistic buildroot configuration than >>> anything else, but this is my first buildroot build so I'm a bit of a >>> newbie. My starting point was the buildroot configuration used to create >>> the RPi NOOBS recovery program. >>> >>> >>> -------------------------------------------------------------------- >>> mail2web.com Enhanced email for the mobile individual based on Microsoft >>> Exchange - http://link.mail2web.com/Personal/EnhancedEmail >>> >>> > From dropbear at procountsoftware.co.uk Wed Jan 14 21:31:42 2015 From: dropbear at procountsoftware.co.uk (dropbear at procountsoftware.co.uk) Date: Wed, 14 Jan 2015 08:31:42 -0500 Subject: Server refused to start a shell/command (Buildroot - RPi) Message-ID: <380-220151314133142661@M2W114.mail2web.com> df shows /dev having about 90MB in size and 0% used. I think /dev type is set to tmpfs in buildroot(?). It appears to be r/w. Original email: ----------------- From: Matt Johnston matt at ucc.asn.au Date: Wed, 14 Jan 2015 21:14:43 +0800 To: dropbear at ucc.asn.au, dropbear at procountsoftware.co.uk Subject: Re: Server refused to start a shell/command (Buildroot - RPi) My guess would be that /dev is full. Running ???df??? should show amounts of free space. Cheers, Matt > On Wed 14/1/2015, at 5:42 am, Kevin Hill wrote: > > After logging in successfully the following log messages are indicative of my problem: > > pty_allocate: openpty: No space left on device > No pty was allocated, couldn't execute > Exit (root): Exited normally. > > PuTTY gets the messages: > Server refused to allocate pty > Server refused to start a shell/command. > > So how do I fix this? > Which device is it talking about? > My buildroot system is running from initramfs. > > Thanks, > Kevin > > On 2015-01-13 13:35, Matt Johnston wrote: >> Hi, >> >> If you run ???dropbear -F -E??? (kill the existing server process first) >> then it will run in the foreground and print logging. That should >> suggest what???s going wrong. Alternatively it might already be logging >> to somewhere in /var/log depending if syslog is running. >> >> Cheers, >> Matt >> >>> On Tue 13/1/2015, at 9:24 pm, dropbear at procountsoftware.co.uk wrote: >>> >>> I have a minimalistic buildroot system for the Raspberry Pi and would like >>> to add a dropbear ssh server to it that is started and is available from >>> boot, but for now I'm just trying to enable it manually and I'm having a >>> few problems. >>> >>> I enabled dropbear within 'make menuconfig' and rebuilt buildroot. It >>> downloaded dropbear 2013.58 which I know is a little old, but it should >>> still work, right? >>> After booting my new system I didn't use S50dropbear itself but tried to do >>> things manually. I created /etc/dropbear and within there I created the >>> keys necessary for dropbear using: >>> >>> dropbearkey -t rsa -f dropbear_rsa_host_key >>> dropbearkey -t dss -f dropbear_dss_host_key >>> >>> Then I executed dropbear (no arguments) and I could see it in the process >>> list. >>> >>> When I tried to connect to it from Putty, I got the following error: >>> "Server refused to allocate pty" which I discovered was possibly due to not >>> having a suitable mountpoint. >>> So I added the following entry to FSTAB (as per a google post I found): >>> >>> none /dev/pts devpts gid=5,mode=620 0 0 >>> >>> Now the error has changed to "Server refused to start a shell/command" and >>> I haven't been able to find a solution. I can connect to the Pi using >>> WinSCP over SCP fine, but I really want a command shell using PuTTY. >>> >>> This may be more to do with my minimalistic buildroot configuration than >>> anything else, but this is my first buildroot build so I'm a bit of a >>> newbie. My starting point was the buildroot configuration used to create >>> the RPi NOOBS recovery program. >>> >>> >>> -------------------------------------------------------------------- >>> mail2web.com Enhanced email for the mobile individual based on Microsoft >>> Exchange - http://link.mail2web.com/Personal/EnhancedEmail >>> >>> > -------------------------------------------------------------------- mail2web LIVE Free email based on Microsoft Exchange technology - http://link.mail2web.com/LIVE From dropbear at procountsoftware.co.uk Wed Jan 14 21:54:21 2015 From: dropbear at procountsoftware.co.uk (Kevin Hill) Date: Wed, 14 Jan 2015 13:54:21 +0000 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: <380-220151314133142661@M2W114.mail2web.com> References: <380-220151314133142661@M2W114.mail2web.com> Message-ID: <2ca65aa847a2b785b194b96a37b60ef3@imap.free-online.net> I found this post from 2006 !!!! http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2006q1/000366.html It suggests: "So.. configure with --disable-openpty helped and it works perfectly now." What does this do? Is it still relevant? Thanks, Kevin On 2015-01-14 13:31, dropbear at procountsoftware.co.uk wrote: > df shows /dev having about 90MB in size and 0% used. I think /dev > type is > set to tmpfs in buildroot(?). It appears to be r/w. > > Original email: > ----------------- > From: Matt Johnston matt at ucc.asn.au > Date: Wed, 14 Jan 2015 21:14:43 +0800 > To: dropbear at ucc.asn.au, dropbear at procountsoftware.co.uk > Subject: Re: Server refused to start a shell/command (Buildroot - > RPi) > > > My guess would be that /dev is full. Running ???df??? should show > amounts > of free space. > > Cheers, > Matt > >> On Wed 14/1/2015, at 5:42 am, Kevin Hill > wrote: >> >> After logging in successfully the following log messages are >> indicative > of my problem: >> >> pty_allocate: openpty: No space left on device >> No pty was allocated, couldn't execute >> Exit (root): Exited normally. >> >> PuTTY gets the messages: >> Server refused to allocate pty >> Server refused to start a shell/command. >> >> So how do I fix this? >> Which device is it talking about? >> My buildroot system is running from initramfs. >> >> Thanks, >> Kevin >> >> On 2015-01-13 13:35, Matt Johnston wrote: >>> Hi, >>> >>> If you run ???dropbear -F -E??? (kill the existing server process >>> first) >>> then it will run in the foreground and print logging. That should >>> suggest what???s going wrong. Alternatively it might already be >>> logging >>> to somewhere in /var/log depending if syslog is running. >>> >>> Cheers, >>> Matt >>> >>>> On Tue 13/1/2015, at 9:24 pm, dropbear at procountsoftware.co.uk >>>> wrote: >>>> >>>> I have a minimalistic buildroot system for the Raspberry Pi and >>>> would > like >>>> to add a dropbear ssh server to it that is started and is >>>> available from >>>> boot, but for now I'm just trying to enable it manually and I'm >>>> having a >>>> few problems. >>>> >>>> I enabled dropbear within 'make menuconfig' and rebuilt buildroot. >>>> It >>>> downloaded dropbear 2013.58 which I know is a little old, but it >>>> should >>>> still work, right? >>>> After booting my new system I didn't use S50dropbear itself but >>>> tried > to do >>>> things manually. I created /etc/dropbear and within there I >>>> created the >>>> keys necessary for dropbear using: >>>> >>>> dropbearkey -t rsa -f dropbear_rsa_host_key >>>> dropbearkey -t dss -f dropbear_dss_host_key >>>> >>>> Then I executed dropbear (no arguments) and I could see it in the > process >>>> list. >>>> >>>> When I tried to connect to it from Putty, I got the following >>>> error: >>>> "Server refused to allocate pty" which I discovered was possibly >>>> due to > not >>>> having a suitable mountpoint. >>>> So I added the following entry to FSTAB (as per a google post I >>>> found): >>>> >>>> none /dev/pts devpts gid=5,mode=620 >>>> 0 0 >>>> >>>> Now the error has changed to "Server refused to start a >>>> shell/command" > and >>>> I haven't been able to find a solution. I can connect to the Pi >>>> using >>>> WinSCP over SCP fine, but I really want a command shell using >>>> PuTTY. >>>> >>>> This may be more to do with my minimalistic buildroot >>>> configuration than >>>> anything else, but this is my first buildroot build so I'm a bit >>>> of a >>>> newbie. My starting point was the buildroot configuration used to >>>> create >>>> the RPi NOOBS recovery program. >>>> >>>> >>>> >>>> -------------------------------------------------------------------- >>>> mail2web.com Enhanced email for the mobile individual based on > Microsoft >>>> Exchange - http://link.mail2web.com/Personal/EnhancedEmail >>>> >>>> >> > > > -------------------------------------------------------------------- > mail2web LIVE Free email based on Microsoft Exchange technology - > http://link.mail2web.com/LIVE From matt at ucc.asn.au Wed Jan 14 23:48:30 2015 From: matt at ucc.asn.au (Matt Johnston) Date: Wed, 14 Jan 2015 23:48:30 +0800 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: <2ca65aa847a2b785b194b96a37b60ef3@imap.free-online.net> References: <380-220151314133142661@M2W114.mail2web.com> <2ca65aa847a2b785b194b96a37b60ef3@imap.free-online.net> Message-ID: openpty is the more recent method of opening a terminal. There are other fallback methods Dropbear can use for older platforms, -?disable-openpty uses them instead. It might work. I wonder if you might be hitting the Linux bug discussed in https://lkml.org/lkml/2013/1/10/367 Which kernel version are you running, and are you using uclibc? Cheers, Matt > On Wed 14/1/2015, at 9:54 pm, Kevin Hill wrote: > > I found this post from 2006 !!!! > > http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2006q1/000366.html > > It suggests: "So.. configure with --disable-openpty helped and it works perfectly now." > > What does this do? Is it still relevant? > > Thanks, > Kevin > > > On 2015-01-14 13:31, dropbear at procountsoftware.co.uk wrote: >> df shows /dev having about 90MB in size and 0% used. I think /dev type is >> set to tmpfs in buildroot(?). It appears to be r/w. >> >> Original email: >> ----------------- >> From: Matt Johnston matt at ucc.asn.au >> Date: Wed, 14 Jan 2015 21:14:43 +0800 >> To: dropbear at ucc.asn.au, dropbear at procountsoftware.co.uk >> Subject: Re: Server refused to start a shell/command (Buildroot - RPi) >> >> >> My guess would be that /dev is full. Running ???df??? should show amounts >> of free space. >> >> Cheers, >> Matt >> >>> On Wed 14/1/2015, at 5:42 am, Kevin Hill >> wrote: >>> >>> After logging in successfully the following log messages are indicative >> of my problem: >>> >>> pty_allocate: openpty: No space left on device >>> No pty was allocated, couldn't execute >>> Exit (root): Exited normally. >>> >>> PuTTY gets the messages: >>> Server refused to allocate pty >>> Server refused to start a shell/command. >>> >>> So how do I fix this? >>> Which device is it talking about? >>> My buildroot system is running from initramfs. >>> >>> Thanks, >>> Kevin >>> >>> On 2015-01-13 13:35, Matt Johnston wrote: >>>> Hi, >>>> >>>> If you run ???dropbear -F -E??? (kill the existing server process first) >>>> then it will run in the foreground and print logging. That should >>>> suggest what???s going wrong. Alternatively it might already be logging >>>> to somewhere in /var/log depending if syslog is running. >>>> >>>> Cheers, >>>> Matt >>>> >>>>> On Tue 13/1/2015, at 9:24 pm, dropbear at procountsoftware.co.uk wrote: >>>>> >>>>> I have a minimalistic buildroot system for the Raspberry Pi and would >> like >>>>> to add a dropbear ssh server to it that is started and is available from >>>>> boot, but for now I'm just trying to enable it manually and I'm having a >>>>> few problems. >>>>> >>>>> I enabled dropbear within 'make menuconfig' and rebuilt buildroot. It >>>>> downloaded dropbear 2013.58 which I know is a little old, but it should >>>>> still work, right? >>>>> After booting my new system I didn't use S50dropbear itself but tried >> to do >>>>> things manually. I created /etc/dropbear and within there I created the >>>>> keys necessary for dropbear using: >>>>> >>>>> dropbearkey -t rsa -f dropbear_rsa_host_key >>>>> dropbearkey -t dss -f dropbear_dss_host_key >>>>> >>>>> Then I executed dropbear (no arguments) and I could see it in the >> process >>>>> list. >>>>> >>>>> When I tried to connect to it from Putty, I got the following error: >>>>> "Server refused to allocate pty" which I discovered was possibly due to >> not >>>>> having a suitable mountpoint. >>>>> So I added the following entry to FSTAB (as per a google post I found): >>>>> >>>>> none /dev/pts devpts gid=5,mode=620 0 0 >>>>> >>>>> Now the error has changed to "Server refused to start a shell/command" >> and >>>>> I haven't been able to find a solution. I can connect to the Pi using >>>>> WinSCP over SCP fine, but I really want a command shell using PuTTY. >>>>> >>>>> This may be more to do with my minimalistic buildroot configuration than >>>>> anything else, but this is my first buildroot build so I'm a bit of a >>>>> newbie. My starting point was the buildroot configuration used to create >>>>> the RPi NOOBS recovery program. >>>>> >>>>> >>>>> -------------------------------------------------------------------- >>>>> mail2web.com Enhanced email for the mobile individual based on >> Microsoft >>>>> Exchange - http://link.mail2web.com/Personal/EnhancedEmail >>>>> >>>>> >>> >> >> >> -------------------------------------------------------------------- >> mail2web LIVE Free email based on Microsoft Exchange technology - >> http://link.mail2web.com/LIVE > From matt at ucc.asn.au Wed Jan 14 23:50:34 2015 From: matt at ucc.asn.au (Matt Johnston) Date: Wed, 14 Jan 2015 23:50:34 +0800 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: <2ca65aa847a2b785b194b96a37b60ef3@imap.free-online.net> References: <380-220151314133142661@M2W114.mail2web.com> <2ca65aa847a2b785b194b96a37b60ef3@imap.free-online.net> Message-ID: <98E187F8-3E6B-42F1-9633-05DE7FAD9B03@ucc.asn.au> Thinking a bit further, try doing: mount -t devpts devpts /dev/pts That special filesystem probably needs to be mounted for openpty to work. I?m not sure how that works with buildroot by default. Cheers, Matt > On Wed 14/1/2015, at 9:54 pm, Kevin Hill wrote: > > I found this post from 2006 !!!! > > http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2006q1/000366.html > > It suggests: "So.. configure with --disable-openpty helped and it works perfectly now." > > What does this do? Is it still relevant? > > Thanks, > Kevin > > > On 2015-01-14 13:31, dropbear at procountsoftware.co.uk wrote: >> df shows /dev having about 90MB in size and 0% used. I think /dev type is >> set to tmpfs in buildroot(?). It appears to be r/w. >> >> Original email: >> ----------------- >> From: Matt Johnston matt at ucc.asn.au >> Date: Wed, 14 Jan 2015 21:14:43 +0800 >> To: dropbear at ucc.asn.au, dropbear at procountsoftware.co.uk >> Subject: Re: Server refused to start a shell/command (Buildroot - RPi) >> >> >> My guess would be that /dev is full. Running ???df??? should show amounts >> of free space. >> >> Cheers, >> Matt >> >>> On Wed 14/1/2015, at 5:42 am, Kevin Hill >> wrote: >>> >>> After logging in successfully the following log messages are indicative >> of my problem: >>> >>> pty_allocate: openpty: No space left on device >>> No pty was allocated, couldn't execute >>> Exit (root): Exited normally. >>> >>> PuTTY gets the messages: >>> Server refused to allocate pty >>> Server refused to start a shell/command. >>> >>> So how do I fix this? >>> Which device is it talking about? >>> My buildroot system is running from initramfs. >>> >>> Thanks, >>> Kevin >>> >>> On 2015-01-13 13:35, Matt Johnston wrote: >>>> Hi, >>>> >>>> If you run ???dropbear -F -E??? (kill the existing server process first) >>>> then it will run in the foreground and print logging. That should >>>> suggest what???s going wrong. Alternatively it might already be logging >>>> to somewhere in /var/log depending if syslog is running. >>>> >>>> Cheers, >>>> Matt >>>> >>>>> On Tue 13/1/2015, at 9:24 pm, dropbear at procountsoftware.co.uk wrote: >>>>> >>>>> I have a minimalistic buildroot system for the Raspberry Pi and would >> like >>>>> to add a dropbear ssh server to it that is started and is available from >>>>> boot, but for now I'm just trying to enable it manually and I'm having a >>>>> few problems. >>>>> >>>>> I enabled dropbear within 'make menuconfig' and rebuilt buildroot. It >>>>> downloaded dropbear 2013.58 which I know is a little old, but it should >>>>> still work, right? >>>>> After booting my new system I didn't use S50dropbear itself but tried >> to do >>>>> things manually. I created /etc/dropbear and within there I created the >>>>> keys necessary for dropbear using: >>>>> >>>>> dropbearkey -t rsa -f dropbear_rsa_host_key >>>>> dropbearkey -t dss -f dropbear_dss_host_key >>>>> >>>>> Then I executed dropbear (no arguments) and I could see it in the >> process >>>>> list. >>>>> >>>>> When I tried to connect to it from Putty, I got the following error: >>>>> "Server refused to allocate pty" which I discovered was possibly due to >> not >>>>> having a suitable mountpoint. >>>>> So I added the following entry to FSTAB (as per a google post I found): >>>>> >>>>> none /dev/pts devpts gid=5,mode=620 0 0 >>>>> >>>>> Now the error has changed to "Server refused to start a shell/command" >> and >>>>> I haven't been able to find a solution. I can connect to the Pi using >>>>> WinSCP over SCP fine, but I really want a command shell using PuTTY. >>>>> >>>>> This may be more to do with my minimalistic buildroot configuration than >>>>> anything else, but this is my first buildroot build so I'm a bit of a >>>>> newbie. My starting point was the buildroot configuration used to create >>>>> the RPi NOOBS recovery program. >>>>> >>>>> >>>>> -------------------------------------------------------------------- >>>>> mail2web.com Enhanced email for the mobile individual based on >> Microsoft >>>>> Exchange - http://link.mail2web.com/Personal/EnhancedEmail >>>>> >>>>> >>> >> >> >> -------------------------------------------------------------------- >> mail2web LIVE Free email based on Microsoft Exchange technology - >> http://link.mail2web.com/LIVE > From peter at korsgaard.com Thu Jan 15 00:00:12 2015 From: peter at korsgaard.com (Peter Korsgaard) Date: Wed, 14 Jan 2015 17:00:12 +0100 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: <98E187F8-3E6B-42F1-9633-05DE7FAD9B03@ucc.asn.au> (Matt Johnston's message of "Wed, 14 Jan 2015 23:50:34 +0800") References: <380-220151314133142661@M2W114.mail2web.com> <2ca65aa847a2b785b194b96a37b60ef3@imap.free-online.net> <98E187F8-3E6B-42F1-9633-05DE7FAD9B03@ucc.asn.au> Message-ID: <87mw5lmjxv.fsf@dell.be.48ers.dk> >>>>> "Matt" == Matt Johnston writes: > Thinking a bit further, try doing: > mount -t devpts devpts /dev/pts > That special filesystem probably needs to be mounted for openpty to > work. I?m not sure how that works with buildroot by default. /dev/pts gets mkdir'ed and mounted by default in Buildroot since atleast 2010, so unless Kevin has tweaked anything it should be fine. -- Bye, Peter Korsgaard From dropbear at procountsoftware.co.uk Thu Jan 15 00:05:17 2015 From: dropbear at procountsoftware.co.uk (Kevin Hill) Date: Wed, 14 Jan 2015 16:05:17 +0000 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: <98E187F8-3E6B-42F1-9633-05DE7FAD9B03@ucc.asn.au> References: <380-220151314133142661@M2W114.mail2web.com> <2ca65aa847a2b785b194b96a37b60ef3@imap.free-online.net> <98E187F8-3E6B-42F1-9633-05DE7FAD9B03@ucc.asn.au> Message-ID: <87873617deab995fde5ba5f95b571ba2@imap.free-online.net> I'm sure the issue is that the kernel is not setup to create PTYs, and I'm not sure how to create them. I will try your suggestion tonight. In my googling, I read that it needs a /dev/ptmx which it uses as a template to create ptys...? I haven't got one of those either. Kernel is 3.6.11. Using uCLib 0.9.33.x Where should I add --disable-openpty (if I need to add that compile option)? Thanks, Kevin. On 2015-01-14 15:50, Matt Johnston wrote: > Thinking a bit further, try doing: > > mount -t devpts devpts /dev/pts > > That special filesystem probably needs to be mounted for openpty to > work. I?m not sure how that works with buildroot by default. > > Cheers, > Matt > >> On Wed 14/1/2015, at 9:54 pm, Kevin Hill >> wrote: >> >> I found this post from 2006 !!!! >> >> http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2006q1/000366.html >> >> It suggests: "So.. configure with --disable-openpty helped and it >> works perfectly now." >> >> What does this do? Is it still relevant? >> >> Thanks, >> Kevin >> >> >> On 2015-01-14 13:31, dropbear at procountsoftware.co.uk wrote: >>> df shows /dev having about 90MB in size and 0% used. I think /dev >>> type is >>> set to tmpfs in buildroot(?). It appears to be r/w. >>> >>> Original email: >>> ----------------- >>> From: Matt Johnston matt at ucc.asn.au >>> Date: Wed, 14 Jan 2015 21:14:43 +0800 >>> To: dropbear at ucc.asn.au, dropbear at procountsoftware.co.uk >>> Subject: Re: Server refused to start a shell/command (Buildroot - >>> RPi) >>> >>> >>> My guess would be that /dev is full. Running ???df??? should show >>> amounts >>> of free space. >>> >>> Cheers, >>> Matt >>> >>>> On Wed 14/1/2015, at 5:42 am, Kevin Hill >>> wrote: >>>> >>>> After logging in successfully the following log messages are >>>> indicative >>> of my problem: >>>> >>>> pty_allocate: openpty: No space left on device >>>> No pty was allocated, couldn't execute >>>> Exit (root): Exited normally. >>>> >>>> PuTTY gets the messages: >>>> Server refused to allocate pty >>>> Server refused to start a shell/command. >>>> >>>> So how do I fix this? >>>> Which device is it talking about? >>>> My buildroot system is running from initramfs. >>>> >>>> Thanks, >>>> Kevin >>>> >>>> On 2015-01-13 13:35, Matt Johnston wrote: >>>>> Hi, >>>>> >>>>> If you run ???dropbear -F -E??? (kill the existing server process >>>>> first) >>>>> then it will run in the foreground and print logging. That should >>>>> suggest what???s going wrong. Alternatively it might already be >>>>> logging >>>>> to somewhere in /var/log depending if syslog is running. >>>>> >>>>> Cheers, >>>>> Matt >>>>> >>>>>> On Tue 13/1/2015, at 9:24 pm, dropbear at procountsoftware.co.uk >>>>>> wrote: >>>>>> >>>>>> I have a minimalistic buildroot system for the Raspberry Pi and >>>>>> would >>> like >>>>>> to add a dropbear ssh server to it that is started and is >>>>>> available from >>>>>> boot, but for now I'm just trying to enable it manually and I'm >>>>>> having a >>>>>> few problems. >>>>>> >>>>>> I enabled dropbear within 'make menuconfig' and rebuilt >>>>>> buildroot. It >>>>>> downloaded dropbear 2013.58 which I know is a little old, but it >>>>>> should >>>>>> still work, right? >>>>>> After booting my new system I didn't use S50dropbear itself but >>>>>> tried >>> to do >>>>>> things manually. I created /etc/dropbear and within there I >>>>>> created the >>>>>> keys necessary for dropbear using: >>>>>> >>>>>> dropbearkey -t rsa -f dropbear_rsa_host_key >>>>>> dropbearkey -t dss -f dropbear_dss_host_key >>>>>> >>>>>> Then I executed dropbear (no arguments) and I could see it in >>>>>> the >>> process >>>>>> list. >>>>>> >>>>>> When I tried to connect to it from Putty, I got the following >>>>>> error: >>>>>> "Server refused to allocate pty" which I discovered was possibly >>>>>> due to >>> not >>>>>> having a suitable mountpoint. >>>>>> So I added the following entry to FSTAB (as per a google post I >>>>>> found): >>>>>> >>>>>> none /dev/pts devpts gid=5,mode=620 >>>>>> 0 0 >>>>>> >>>>>> Now the error has changed to "Server refused to start a >>>>>> shell/command" >>> and >>>>>> I haven't been able to find a solution. I can connect to the Pi >>>>>> using >>>>>> WinSCP over SCP fine, but I really want a command shell using >>>>>> PuTTY. >>>>>> >>>>>> This may be more to do with my minimalistic buildroot >>>>>> configuration than >>>>>> anything else, but this is my first buildroot build so I'm a bit >>>>>> of a >>>>>> newbie. My starting point was the buildroot configuration used >>>>>> to create >>>>>> the RPi NOOBS recovery program. >>>>>> >>>>>> >>>>>> >>>>>> -------------------------------------------------------------------- >>>>>> mail2web.com Enhanced email for the mobile individual based on >>> Microsoft >>>>>> Exchange - http://link.mail2web.com/Personal/EnhancedEmail >>>>>> >>>>>> >>>> >>> >>> >>> >>> -------------------------------------------------------------------- >>> mail2web LIVE Free email based on Microsoft Exchange technology - >>> http://link.mail2web.com/LIVE >> From dropbear at procountsoftware.co.uk Thu Jan 15 00:11:46 2015 From: dropbear at procountsoftware.co.uk (Kevin Hill) Date: Wed, 14 Jan 2015 16:11:46 +0000 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: <87mw5lmjxv.fsf@dell.be.48ers.dk> References: <380-220151314133142661@M2W114.mail2web.com> <2ca65aa847a2b785b194b96a37b60ef3@imap.free-online.net> <98E187F8-3E6B-42F1-9633-05DE7FAD9B03@ucc.asn.au> <87mw5lmjxv.fsf@dell.be.48ers.dk> Message-ID: <0bdd7e10a67f47549146e3a5cc1c40b2@imap.free-online.net> Well, I think that is my problem. /dev/pts did not exist. I didn't start from a default buildroot system, but one that was already cutdown for NOOBS, and probably one that did not need any PTYs. So I guess my next question is which options in buildroot do I need to enable in order to support PTYs? Is it sufficient to do 'mknod -m 0666 /dev/ptmx c 5 2' ? I have also discovered there may be some information to be gleaned from /proc/sys/kernal/pty/max and /proc/sys.kernel/pty/nr, so I will look at those too. Cheers, Kevin On 2015-01-14 16:00, Peter Korsgaard wrote: >>>>>> "Matt" == Matt Johnston writes: > > > Thinking a bit further, try doing: > > mount -t devpts devpts /dev/pts > > > That special filesystem probably needs to be mounted for openpty > to > > work. I?m not sure how that works with buildroot by default. > > /dev/pts gets mkdir'ed and mounted by default in Buildroot since > atleast > 2010, so unless Kevin has tweaked anything it should be fine. From dropbear at procountsoftware.co.uk Thu Jan 15 00:18:45 2015 From: dropbear at procountsoftware.co.uk (Kevin Hill) Date: Wed, 14 Jan 2015 16:18:45 +0000 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: <0bdd7e10a67f47549146e3a5cc1c40b2@imap.free-online.net> References: <380-220151314133142661@M2W114.mail2web.com> <2ca65aa847a2b785b194b96a37b60ef3@imap.free-online.net> <98E187F8-3E6B-42F1-9633-05DE7FAD9B03@ucc.asn.au> <87mw5lmjxv.fsf@dell.be.48ers.dk> <0bdd7e10a67f47549146e3a5cc1c40b2@imap.free-online.net> Message-ID: I think we're getting closer to a solution.... http://gumstix-users.narkive.com/0r65Sz7n/server-refused-to-allocate-pty-2-6-15-putty-connection-over-bt I don't think I have udev enabled, so I'll have to put it somewhere else, but I'll experiment tonight. Thanks, Kevin. On 2015-01-14 16:11, Kevin Hill wrote: > Well, I think that is my problem. /dev/pts did not exist. > I didn't start from a default buildroot system, but one that was > already cutdown for NOOBS, and probably one that did not need any > PTYs. > So I guess my next question is which options in buildroot do I need > to enable in order to support PTYs? > > Is it sufficient to do 'mknod -m 0666 /dev/ptmx c 5 2' ? > > I have also discovered there may be some information to be gleaned > from /proc/sys/kernal/pty/max and /proc/sys.kernel/pty/nr, so I will > look at those too. > > Cheers, > Kevin > > > On 2015-01-14 16:00, Peter Korsgaard wrote: >>>>>>> "Matt" == Matt Johnston writes: >> >> > Thinking a bit further, try doing: >> > mount -t devpts devpts /dev/pts >> >> > That special filesystem probably needs to be mounted for openpty >> to >> > work. I?m not sure how that works with buildroot by default. >> >> /dev/pts gets mkdir'ed and mounted by default in Buildroot since >> atleast >> 2010, so unless Kevin has tweaked anything it should be fine. From peter at korsgaard.com Thu Jan 15 00:21:01 2015 From: peter at korsgaard.com (Peter Korsgaard) Date: Wed, 14 Jan 2015 17:21:01 +0100 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: <0bdd7e10a67f47549146e3a5cc1c40b2@imap.free-online.net> (Kevin Hill's message of "Wed, 14 Jan 2015 16:11:46 +0000") References: <380-220151314133142661@M2W114.mail2web.com> <2ca65aa847a2b785b194b96a37b60ef3@imap.free-online.net> <98E187F8-3E6B-42F1-9633-05DE7FAD9B03@ucc.asn.au> <87mw5lmjxv.fsf@dell.be.48ers.dk> <0bdd7e10a67f47549146e3a5cc1c40b2@imap.free-online.net> Message-ID: <87iog9miz6.fsf@dell.be.48ers.dk> >>>>> "Kevin" == Kevin Hill writes: > Well, I think that is my problem. /dev/pts did not exist. Doesn't your /etc/inittab contain a line like this? git grep /dev/pts system/skeleton/etc/inittab system/skeleton/etc/inittab:null::sysinit:/bin/mkdir -p /dev/pts Are you using mainline 2013.02 or have you made any modifications to Buildroot? Can you put your Buildroot .config online somewhere? > I didn't start from a default buildroot system, but one that was > already cutdown for NOOBS, and probably one that did not need any > PTYs. > So I guess my next question is which options in buildroot do I need to > enable in order to support PTYs? PTYs are a kernel feature, so it doesn't directly have anything to do with Buildroot. I believe the kernel config option you need is CONFIG_UNIX98_PTYS. > Is it sufficient to do 'mknod -m 0666 /dev/ptmx c 5 2' ? No, not if the kernel doesn't have pty support. By default, Buildroot uses devtmpfs to manage /dev, so the needed device nodes are automatically created (if the kernel is built with support for them). -- Peter Korsgaard From dropbear at procountsoftware.co.uk Thu Jan 15 05:24:14 2015 From: dropbear at procountsoftware.co.uk (Kevin Hill) Date: Wed, 14 Jan 2015 21:24:14 +0000 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: <87iog9miz6.fsf@dell.be.48ers.dk> References: <380-220151314133142661@M2W114.mail2web.com> <2ca65aa847a2b785b194b96a37b60ef3@imap.free-online.net> <98E187F8-3E6B-42F1-9633-05DE7FAD9B03@ucc.asn.au> <87mw5lmjxv.fsf@dell.be.48ers.dk> <0bdd7e10a67f47549146e3a5cc1c40b2@imap.free-online.net> <87iog9miz6.fsf@dell.be.48ers.dk> Message-ID: Dear Matt & Peter, Mounting the missing /dev/pts got it working at last. Many thanks for your help & support. Kevin. On 2015-01-14 16:21, Peter Korsgaard wrote: >>>>>> "Kevin" == Kevin Hill writes: > > > Well, I think that is my problem. /dev/pts did not exist. > > Doesn't your /etc/inittab contain a line like this? > > git grep /dev/pts system/skeleton/etc/inittab > system/skeleton/etc/inittab:null::sysinit:/bin/mkdir -p /dev/pts > > Are you using mainline 2013.02 or have you made any modifications to > Buildroot? Can you put your Buildroot .config online somewhere? > > > > I didn't start from a default buildroot system, but one that was > > already cutdown for NOOBS, and probably one that did not need any > > PTYs. > > > So I guess my next question is which options in buildroot do I > need to > > enable in order to support PTYs? > > PTYs are a kernel feature, so it doesn't directly have anything to do > with Buildroot. I believe the kernel config option you need is > CONFIG_UNIX98_PTYS. > > > > Is it sufficient to do 'mknod -m 0666 /dev/ptmx c 5 2' ? > > No, not if the kernel doesn't have pty support. By default, Buildroot > uses devtmpfs to manage /dev, so the needed device nodes are > automatically created (if the kernel is built with support for them). From peter at korsgaard.com Thu Jan 15 06:01:02 2015 From: peter at korsgaard.com (Peter Korsgaard) Date: Wed, 14 Jan 2015 23:01:02 +0100 Subject: Server refused to start a shell/command (Buildroot - RPi) In-Reply-To: (Kevin Hill's message of "Wed, 14 Jan 2015 21:24:14 +0000") References: <380-220151314133142661@M2W114.mail2web.com> <2ca65aa847a2b785b194b96a37b60ef3@imap.free-online.net> <98E187F8-3E6B-42F1-9633-05DE7FAD9B03@ucc.asn.au> <87mw5lmjxv.fsf@dell.be.48ers.dk> <0bdd7e10a67f47549146e3a5cc1c40b2@imap.free-online.net> <87iog9miz6.fsf@dell.be.48ers.dk> Message-ID: <87egqxm38h.fsf@dell.be.48ers.dk> >>>>> "Kevin" == Kevin Hill writes: > Dear Matt & Peter, > Mounting the missing /dev/pts got it working at last. Ok, great - Why didn't it get mounted automatically? Do you have the mkdir line in /etc/inittab? Have you made any modifications to Buildroot? -- Bye, Peter Korsgaard From matt at ucc.asn.au Wed Jan 28 23:28:17 2015 From: matt at ucc.asn.au (Matt Johnston) Date: Wed, 28 Jan 2015 23:28:17 +0800 Subject: Dropbear 2015.67 Message-ID: <20150128152817.GV10430@ucc.gu.uwa.edu.au> Hi all, Dropbear 2015.67 is released, changes listed below - mostly small improvements. https://matt.ucc.asn.au/dropbear/dropbear.html https://dropbear.nl/mirror/ Cheers, Matt 2015.67 - Wednesday 28 January 2015 - Call fsync() after generating private keys to ensure they aren't lost if a reboot occurs. Thanks to Peter Korsgaard - Disable non-delayed zlib compression by default on the server. Can be enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB - Default client key path ~/.ssh/id_dropbear - Prefer stronger algorithms by default, from Fedor Brunner. AES256 over 3DES Diffie-hellman group14 over group1 - Add option to disable CBC ciphers. - Disable twofish in default options.h - Enable sha2 HMAC algorithms by default, the code was already required for ECC key exchange. sha1 is the first preference still for performance. - Fix installing dropbear.8 in a separate build directory, from Like Ma - Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusam?e - Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea - Minor bug fixes, a few issues found by Coverity scan From smkent at smkent.net Mon Feb 9 13:08:17 2015 From: smkent at smkent.net (Stephen Kent) Date: Sun, 8 Feb 2015 21:08:17 -0800 Subject: dropbearconvert crashes converting 8192-bit RSA OpenSSH host key to dropbear format Message-ID: dropbearconvert seems to crash on large RSA key sizes (the host key I'm trying to convert is 8192 bits): $ openssl rsa -text -noout -in /etc/ssh/ssh_host_rsa_key 2>/dev/null | head -n 1 Private-Key: (8196 bit) $ dropbearconvert openssh dropbear "/etc/ssh/ssh_host_rsa_key" "./dropbear_rsa_host_key" Exited: Bad buf_getwriteptr dropbearconvert works fine on OpenSSH's default 2048-bit RSA host key. Is this a bug? If so, is this the proper place to report it or is there another procedure I should follow? (Please CC me on replies as I am not on this list.) Thanks, Stephen From matt at ucc.asn.au Mon Feb 9 22:55:17 2015 From: matt at ucc.asn.au (Matt Johnston) Date: Mon, 9 Feb 2015 22:55:17 +0800 Subject: dropbearconvert crashes converting 8192-bit RSA OpenSSH host key to dropbear format In-Reply-To: References: Message-ID: <20150209145517.GZ10430@ucc.gu.uwa.edu.au> Hi Stephen, Looks like a bug, I've only tested with 4096 bit keys. Probably just MAX_PRIVKEY_SIZE etc needs increasing in options.h, and some buffer sizes in keyimport.c Where did a 8192 bit key come from, out of interest? CHeers, Matt On Sun, Feb 08, 2015 at 09:08:17PM -0800, Stephen Kent wrote: > dropbearconvert seems to crash on large RSA key sizes (the host key > I'm trying to convert is 8192 bits): > > $ openssl rsa -text -noout -in /etc/ssh/ssh_host_rsa_key 2>/dev/null | head -n 1 > Private-Key: (8196 bit) > $ dropbearconvert openssh dropbear "/etc/ssh/ssh_host_rsa_key" > "./dropbear_rsa_host_key" > Exited: Bad buf_getwriteptr > > dropbearconvert works fine on OpenSSH's default 2048-bit RSA host key. > > Is this a bug? If so, is this the proper place to report it or is > there another procedure I should follow? > > (Please CC me on replies as I am not on this list.) > > Thanks, > > Stephen From smkent at smkent.net Tue Feb 10 01:39:40 2015 From: smkent at smkent.net (Stephen Kent) Date: Mon, 9 Feb 2015 09:39:40 -0800 Subject: dropbearconvert crashes converting 8192-bit RSA OpenSSH host key to dropbear format In-Reply-To: <20150209145517.GZ10430@ucc.gu.uwa.edu.au> References: <20150209145517.GZ10430@ucc.gu.uwa.edu.au> Message-ID: I generated 8192-bit RSA host keys after I read this article: https://stribika.github.io/2015/01/04/secure-secure-shell.html I believe OpenSSH's default is to generate a 2048-bit RSA host key, and that article recommends a 4096-bit key. This is just on my personal box, so I decided to go for broke with an 8192-bit key. Thanks, Stephen On Mon, Feb 9, 2015 at 6:55 AM, Matt Johnston wrote: > Hi Stephen, > > Looks like a bug, I've only tested with 4096 bit keys. > Probably just MAX_PRIVKEY_SIZE etc needs increasing in > options.h, and some buffer sizes in keyimport.c > > Where did a 8192 bit key come from, out of interest? > > CHeers, > Matt > > On Sun, Feb 08, 2015 at 09:08:17PM -0800, Stephen Kent wrote: > > dropbearconvert seems to crash on large RSA key sizes (the host key > > I'm trying to convert is 8192 bits): > > > > $ openssl rsa -text -noout -in /etc/ssh/ssh_host_rsa_key 2>/dev/null | > head -n 1 > > Private-Key: (8196 bit) > > $ dropbearconvert openssh dropbear "/etc/ssh/ssh_host_rsa_key" > > "./dropbear_rsa_host_key" > > Exited: Bad buf_getwriteptr > > > > dropbearconvert works fine on OpenSSH's default 2048-bit RSA host key. > > > > Is this a bug? If so, is this the proper place to report it or is > > there another procedure I should follow? > > > > (Please CC me on replies as I am not on this list.) > > > > Thanks, > > > > Stephen > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20150209/6ff77874/attachment-0001.htm From alexkaskasoli at hotmail.com Mon Feb 16 22:24:43 2015 From: alexkaskasoli at hotmail.com (Alexandre Kaskasoli) Date: Mon, 16 Feb 2015 14:24:43 +0000 (UTC) Subject: Smallest footprint in 2015 Message-ID: Hello Matt, There is a link on the homepage on compiling dropbear to about 110kb but the post is from 2004. I've been playing around with options.h and managed to get the dropbear server to about 195kb. I realise a lot of things have been added and changed in the last decade and I'm happy with the size but was wondering if we could reach any smaller now? From matt at ucc.asn.au Mon Feb 16 22:43:25 2015 From: matt at ucc.asn.au (Matt Johnston) Date: Mon, 16 Feb 2015 22:43:25 +0800 Subject: Smallest footprint in 2015 In-Reply-To: References: Message-ID: <52BF50F3-1882-4845-9232-1CE8060BE21D@ucc.asn.au> Hi Alexandre, What platform are you building on? Some platforms seem to end up with larger code than x86 - not entirely sure if it?s the architecture or compiler issues. Compiler flags can also make a big difference, were you using the suggested ones? I know -flto makes a difference with avr-gcc microcontroller code, it might help for Dropbear too. You could grab the Dropbear 0.44 souce tree and see how it compares - I suspect it has got a bit larger, though not that much. ECDSA and the newer sha2 modes are the big things that come to mind and can be disabled in options.h Cheers, Matt > On Mon 16/2/2015, at 10:24 pm, Alexandre Kaskasoli wrote: > > Hello Matt, > > There is a link on the homepage on compiling dropbear to about 110kb but the > post is from 2004. > > I've been playing around with options.h and managed to get the dropbear > server to about 195kb. > > I realise a lot of things have been added and changed in the last decade and > I'm happy with the size but was wondering if we could reach any smaller now? > From jbe at pengutronix.de Fri Mar 13 21:53:40 2015 From: jbe at pengutronix.de (Juergen Borleis) Date: Fri, 13 Mar 2015 14:53:40 +0100 Subject: dropbear-2015.67: Build fails when "ENABLE_CLI_PUBKEY_AUTH" is undefined Message-ID: <201503131453.40141.jbe@pengutronix.de> Hi everyone, I tried to build the current dropbear-2015.67 without the "ENABLE_CLI_PUBKEY_AUTH" (e.g. undefined) and the build fails due to missing "privkeys" member in the "cli_runopts" structure. I don't know if this is a valid usecase but due to the fact disabling this feature is offered in the "option.h" file I tried it... :) Maybe this patch is valid to honor this usecase, at least it makes dropbear build again: From: Juergen Borleis Date: Fri, 13 Mar 2015 10:53:46 +0100 Subject: [PATCH] dropbear: disabling ENABLE_CLI_PUBKEY_AUTH let the build fail Function multihop_passthrough_args() fails due to missing 'privkeys' member in structure 'cli_runopts'. So lets also disable ENABLE_CLI_MULTIHOP for this case. And even cli_getopts() fails due to missing loadidentityfile() function in this case. --- options.h | 4 +++- sysoptions.h | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/options.h b/options.h index 6339b0a4738e..1360b5c6758f 100644 --- a/options.h +++ b/options.h @@ -218,7 +218,9 @@ much traffic. */ /* A default argument for dbclient -i . leading "~" is expanded */ -#define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear" +#ifdef ENABLE_CLI_PUBKEY_AUTH +# define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear" +#endif /* This variable can be used to set a password for client * authentication on the commandline. Beware of platforms diff --git a/sysoptions.h b/sysoptions.h index bec72461d8e4..eeb78cb129a5 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -202,7 +202,7 @@ #define USING_LISTENERS #endif -#if defined(ENABLE_CLI_NETCAT) && defined(ENABLE_CLI_PROXYCMD) +#if defined(ENABLE_CLI_NETCAT) && defined(ENABLE_CLI_PROXYCMD) && defined(ENABLE_CLI_PUBKEY_AUTH) #define ENABLE_CLI_MULTIHOP #endif Regards, Juergen -- Pengutronix e.K. ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?| Juergen Borleis ? ? ? ? ? ? | Industrial Linux Solutions ? ? ?| http://www.pengutronix.de/ | From spx94.c4 at gmail.com Wed Mar 25 19:04:30 2015 From: spx94.c4 at gmail.com (Xavier GRIMAUD) Date: Wed, 25 Mar 2015 12:04:30 +0100 Subject: Use crypt(3) Message-ID: I'm currently trying to get a Dropbear server working on Android but I'm facing a problem: I've to use crypt(3). I've generated necessary files (/etc/passwd, /etc/shadow, ...) but I'm unable to include the function since it's not implemented on Android. Any workarounds, patches? I don't want to use key authentification. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20150325/41050ca7/attachment.htm From stevenhoneyman at gmail.com Thu Mar 26 01:39:55 2015 From: stevenhoneyman at gmail.com (Steven Honeyman) Date: Wed, 25 Mar 2015 17:39:55 +0000 Subject: Use crypt(3) In-Reply-To: References: Message-ID: On 25 March 2015 at 11:04, Xavier GRIMAUD wrote: > I'm currently trying to get a Dropbear server working on Android but I'm > facing a problem: I've to use crypt(3). I've generated necessary files > (/etc/passwd, /etc/shadow, ...) but I'm unable to include the function since > it's not implemented on Android. Any workarounds, patches? I don't want to > use key authentification. Link it statically against an alternative libc like musl. My last static compile for arm was around 285kb (no real effort made to make it small), and runs fine on android with a passwd file. Steven.