- Security: Avoid privilege escalation via unix stream forwarding in Dropbear
server. Other programs on a system may authenticate unix sockets via
SO_PEERCRED, which would be root user for Dropbear forwarded connections,
allowing root privilege escalation.
Reported by Turistu, and thanks for advice on the fix.
This is tracked as CVE-2025-14282, and affects 2024.84 to 2025.88.
It is fixed by dropping privileges of the dropbear process after
authentication. Unix stream sockets are now disallowed when a
forced command is used, either with authorized_key restrictions or
"dropbear -c command".
In previous affected releases running with "dropbear -j" (will also disable
TCP fowarding) or building with localoptions.h/distrooptions.h
"#define DROPBEAR_SVR_LOCALSTREAMFWD 0" is a mitigation.
- Security: Include scp fix for CVE-2019-6111. This allowed
a malicious server to overwrite arbitrary local files.
The missing fix was reported by Ashish Kunwar.
- Server dropping privileges post-auth is enabled by default. This requires
setresgid() support, so some platforms such as netbsd or macos will have to
disable DROPBEAR_SVR_DROP_PRIVS in localoptions.h. Unix stream forwarding is
not available if DROPBEAR_SVR_DROP_PRIVS is disabled.
Remote server TCP socket forwarding will now use OS privileged port
restrictions rather than having a fixed "allow >=1024 for non-root" rule.
A future release may implement privilege dropping for netbsd/macos.
- Fix a regression in 2025.87 when RSA and DSS are not built. This would lead
to a crash at startup with bad_bufptr().
Reported by Dani Schmitt and Sebastian Priebe.
- Don't limit channel window to 500MB. That is could cause stuck connections
if peers advise a large window and don't send an increment within 500MB.
Affects SSH.NET https://github.com/sshnet/SSH.NET/issues/1671
Reported by Rob Hague.
- Ignore -g -s when passwords arent enabled. Patch from Norbert Lange.
Ignore -m (disable MOTD), -j/-k (tcp forwarding) when not enabled.
- Report SIGBUS and SIGTRAP signals. Patch from Loïc Mangeonjean.
- Fix incorrect server auth delay. Was meant to be 250-350ms, it was actually
150-350ms or possibly negative (zero). Reported by pickaxprograms.
- Fix building without public key options. Thanks to Konstantin Demin
- Fix building with proxycmd but without netcat. Thanks to Konstantin Demin
- Fix incorrect path documentation for distrooptions, thanks to Todd Zullinger
- Fix SO_REUSEADDR for TCP tests, reported by vt-alt.
Dropped:
* 050-dropbear-multihop-fix.patch as its included in the release 5cc0127000db5f
* 051-fix-pubkey-options.patch as its included in the release 1d4c4a542cd5df
* 052-fix-missing-depends-for-sntrup761x25519-sha512.patch as its included
in the release 1a2c1e649a1824
* 053-Don-t-limit-channel-window-to-500MB.patch as its included in the release a8610f7b98ad
Manually rebased:
* 110-change_user.patch
Fixes: CVE-2025-14282, CVE-2019-6111
Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Konstantin Demin <rockdrilla@gmail.com>
Tested-by: Konstantin Demin <rockdrilla@gmail.com> [mediatek/filogic (GL.iNet GL-MT6000)]
Link: https://github.com/openwrt/openwrt/pull/21186
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Currently its only possible to disable port forwarding only for specific
keys, via the OpenSSH-style restriction in `authorized_keys` file.
In some use cases it might be feasible to disable such features globally
on service level, so lets add new LocalPortForward and RemotePortForward
config knobs.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Link: https://github.com/openwrt/openwrt/pull/21071
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
resolves FTBFS where internal option DROPBEAR_SHA512 wasn't enabled by any of options
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19715
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
While this is discouraged to disable this option, both upstream and OpenWrt allows one to do it.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19611
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
glibc 2.39 has removed libcrypt completely.
solution: link against libxcrypt built with glibc compatibility.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19293
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Upstream has disabled SHA-1 algorithms by default since version 2025.87.
SHA-1 has known weakness and most SSH implementations support alternatives.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
It's hard or even impossible to track affected sources
so it's safe to remove all built objects (if any).
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
This allows to fine-tune dropbear build options.
This change is heavily based on similar work done by Marius Dinu earlier
so I'd like to say many thanks to original author.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- update dropbear to latest stable 2025.88;
for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- rewrite 100-pubkey_path.patch
- refresh remaining patches
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Name the pidfile of each dropbear instance according to the
corresponding uci section name. This enables a 1:1 mapping between the
definition of the service instance and its process.
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
Link: https://github.com/openwrt/openwrt/pull/15177
Signed-off-by: John Crispin <john@phrozen.org>
The config_get_bool also works with on/off, yes/no, true/false.
Add 'main' section name. This will make it easier to change settings from uci.
Add a link to documentation.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15579
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Don't install /usr/lib/opkg/info in package install as it doesn't make
sense and conflicts with APK installations.
Fixes: a377aa9ab5 ("add dropkey ssh keys and config files to the conffiles section (#2014)")
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
don't mention SHA1 in order to not confuse users - SHA1 support is already disabled (except RSA-SHA1 signagures).
ref: https://github.com/openwrt/openwrt/issues/15281
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- update dropbear to latest stable 2024.85;
for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop cherry-picked patches (merged in release 2024.84)
- refresh remaining patches
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
The DropBear's dropbearkey supports limited set of arguments of
OpenSSH ssh-keygen: -t, -q -N -Y
After the change you can generate a key with the same command.
Still many features of the original OpenSSH ssh-keygen are absent in
the dropbearkey.
If it's needed then users should install openssh-keygen package that
will replace the /usr/bin/ssh-keygen with the full version.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14174
[ wrap commit description to 80 columns ]
Link: https://github.com/openwrt/openwrt/pull/14174
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
- introduce 'DirectInterface' option to bind exactly to specified interface;
fixes#9666 and late IPv4/IPv6 address assignment
- option 'DirectInterface' takes precedence over 'Interface'
- improve interface/address handling,
e.g. verify count of listening endpoints due to dropbear limit (10 for now)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- correct maximum receive window size
- adjust receive window size against maximum allowed value
- warn about too high receive window size in syslog
improves f95eecfb
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
end users should have done this since OpenWrt 19.07.
if they didn't do this yet - perform auto-transition.
schedule 'rsakeyfile' removal for next year release.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
these options allow one to configure U2F/FIDO support in more granular way
inspired by upstream commit aa6559db
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
reduces binary/package size and increases overall performance
also:
- adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
hmac-sha1 and diffie-hellman-group14-sha1 are weak algorithms.
A future deprecation notice of ssh-rsa (2048-bit) has been issued. [1]
It has no place in a potentially internet-facing daemon like dropbear.
Upstream has acknowledged this and offered this solution to disable
these two until this is made to be the default in the next release
of dropbear next year. [2]
1. https://www.openssh.com/txt/release-8.2
2. https://github.com/mkj/dropbear/issues/138
Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- "default n" is not needed: options are not selected by default
- wrap config on 80 characters width (assuming tab is 8 characters long)
- add feature cost size and security notes for DROPBEAR_AGENTFORWARD
and DROPBEAR_DBCLIENT_AGENTFORWARD:
describe why and where it should be disabled
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- switch DB_OPT_COMMON and DB_OPT_CONFIG to comma-separated lists:
this allows to have values with "|" in DB_OPT_COMMON and DB_OPT_CONFIG
which is more likely to be than values with commas;
use $(comma) variable for values with commas.
- sort DB_OPT_COMMON and DB_OPT_CONFIG to have "overrides" on top of list.
- allow DB_OPT_COMMON to have values with commas.
- allow to replace multiline definitions in sysoptions.h.
improves e1bd9645
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- update dropbear to latest stable 2022.83;
for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop patches:
- 001-fix-MAX_UNAUTH_CLIENTS-regression.patch
- rework patches:
- 901-bundled-libs-cflags.patch
- refresh remaining patches
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Increasing the receive window size improves throughout on higher-latency
links such as WAN connections. The current default of 24KB caps out at
around 500 KB/s.
Increasing the receive buffer to 256KB increases the throughput to at
least 11 MB/s.
Signed-off-by: David Bauer <mail@david-bauer.net>
At least Fedora and RHEL 9 set RSAMinSize=2048, so when trying to use
failsafe, we get 'Bad server host key: Invalid key length'
To workaround the issue, we can use: ssh -o RSAMinSize=1024 ...
Generating 2048 bits RSA is extremely slow, so add ed25519.
We keep RSA 1024 to be as compatible as possible.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
adds ForceCommand option. If the command is specified,
it forces users to execute the command when they log in.
Signed-off-by: Nozomi Miyamori <inspc43313@yahoo.co.jp>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Based on Paul Fertser <fercerpav@gmail.com>'s guidance:
Change AUTORELEASE in rules.mk to:
```
AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))
```
then update all affected packages by:
```
for i in $(git grep -l PKG_RELEASE:=.*AUTORELEASE | sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
make package/$i/clean
done
```
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This reduces open coding and allows to easily add a knob to enable
it treewide, where chosen packages can still opt-out via "no-lto".
Some packages used LTO, but not the linker plugin. This unifies 'em
all to attempt to produce better code.
Quoting man gcc(1):
"This improves the quality of optimization by exposing more code to the
link-time optimizer."
Also use -flto=auto instead of -flto=jobserver, as it's not guaranteed
that every buildsystem uses +$(MAKE) correctly.
Signed-off-by: Andre Heider <a.heider@gmail.com>
This reduces open coding and allows to easily add a knob to
enable it treewide, where chosen packages can still opt-out via
"no-gc-sections".
Note: libnl, mbedtls and opkg only used the CFLAGS part without the
LDFLAGS counterpart. That doesn't help at all if the goal is to produce
smaller binaries. I consider that an accident, and this fixes it.
Note: there are also packages using only the LDFLAGS part. I didn't
touch those, as gc might have been disabled via CFLAGS intentionally.
Signed-off-by: Andre Heider <a.heider@gmail.com>
* SSH agent forwarding might cause security issues, locally and on the jump
machine (https://defn.io/2019/04/12/ssh-forwarding/). So allow to
completely disabling it.
* separate options for client and server
* keep it enabled by default
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
with xinetd allowed+blocked (ipv6) hosts could be set
what is not possible with stock dropbear package
The file size increased 12 Bytes, so this "opimisation" did not really helped.
Within a compressed storage format it is 0..
ipk: 111.171 -> 111.361 = 190 bytes
bin: 215.128 -> 215.140 = 12 bytes
Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
