proof-of-concept ed25519 crypto and other additions implemented

Péter Szabó ptspts at
Mon Oct 2 00:26:36 AWST 2017

Dear Dropbear Authors,

Thank you for your work on Dropbear! It's a great SSH server and toolset
for resource-constrained systems, I use it every day.

This weekend I've implemented a couple of features I've always wanted to

* Added ssh-ed25519 crypto for server host keys and user keys. The
implementation is based on TweetNaCl v20140427.
* Added environment variable propagation (similar to OpenSSH AcceptEnv,
command-line flag -A) to Dropbear sshd.
* Added autodetection and loading of OpenSSH hostkeys to Dropbear sshd
* Added flag to dropbearkey to generate private keys in OpenSSH format
directly (dropbearkey -Z openssh, with `make WRITEOPENSSHKEYS=1').
* Improved some command-line flags (e.g. dropbear -E is always available).
* Compilation instructions for pts-xstatic (statically linked i386 Linux
binary). Binary size is 350456 bytes.
* Added option to compile without loading any system hostkeys (e.g. from
/etc/dropbear) (with `make NOSYSHOSTKEYLOAD=1').
* Made dropbearkey behavior is more compatible with ssh-keygen in OpenSSH:
** dropbearkey now creates a .pub file.
** -b bits flag.
** -C comment flag. (The comment will be added to the public key file, and
not to the private key file.)
** -P passphrase flag. Only the empty passhprase is allowed.
** -N passphrase flag. Only the empty passhprase is allowed.
* Added autodection of the input private key file format, as
`dropbearconvert any'.

The code is in, which is a fork of

It would be great if these improvements could be merged to upstream
Dropbear, so all Dropbear users would benefit. Please let me know what the
best course of action would be to make this happen, and how I can help.

Best regards,

Péter Szabó
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Dropbear mailing list