Dropbear SSH, a lightweight alternative to OpenSSH

dropbear

Dropbear a compact SSH server and client

If you are looking for a lightweight SSH server and client, since OpenSSH is not a solution for your requirement. Let me introduce you Dropbear SSH which is a lightweight implementation of the SSH protocol (Secure Shell) designed primarily for resource-constrained environments, such as embedded systems, mobile devices, or resource-constrained systems.

A difference from other implementations more complete SSH solutions such as OpenSSH, Dropbear is optimized to take up less disk space and use less RAM, as it does not offer support for SSH v1, which helps save space and resources, as well as avoiding security vulnerabilities associated with SSH v1.

Also, Dropbear also implements SCP and supports SFTP through a binary file that may be provided by OpenSSH or other similar programs. On the other hand, FISH is compatible in all cases and is supported by Konqueror.

Among theFeatures of Dropbear SSH are included:

  • Small size: Dropbear's binary size is significantly smaller than other SSH implementations.
  • Low resource consumption: Dropbear is designed as an alternative to OpenSSH, so it uses less memory and CPU, making it suitable for resource-constrained devices.
  • Basic SSH functionality: Despite being lightweight, Dropbear offers basic SSH functionality such as secure authentication, data encryption, and connection tunneling.
  • Compatibility: Dropbear is compatible with protocols and standards such as SSH 2.0 and can be easily integrated into different environments.
  • Simplified setup: Dropbear setup is simpler compared to other SSH implementations, making it easier to use on systems that require quick and straightforward setup.

Currently, Dropbear is in its version 2024.84, which was launched a few days ago and among the most important features of this launch the following stands out:

What's new in Dropbear 2024.84?

One of the notable improvements of this new version of Dropbear 2024.84 is the change in handling of /etc/shadow since Dropbear now uses /etc/shadow only when a user has "x" as crypt in /etc/passwd, thus following the practices documented in passwd(5) to maintain consistency with other programs on the system.

Another new feature that Dropbear 2024.84 presents are the improved support for OpenSSH-compatible options, including StrictHostKeyChecking that enables more rigorous verification of SSH host keys, BatchMode that makes it easier to use Dropbear in scripts and automations by disabling interactive interactions, and several OpenSSH-compatible options such as password authentication have been added, providing more flexibility in server and client configuration.

In addition, it is highlighted that the ability to use configuration files for dbclient, allowing users customize and adjust the behavior in the ~/.ssh/dropbear_config file, with multiple options similar to those available in ssh_config, such as Host, Hostname, Port, User, and Identity File. This functionality is disabled by default during compilation for the time being.

Regarding the server improvements, it stands out that it has been added support for Unix socket forwarding, a functionality that improves connectivity and connection management in complex environments, crash fixes were implemented when closing forwarded TCP sessions, improving server stability.

Of the other changes that stand out:

  • Fix for missing response to remote TCP requests when disabled, ensuring smooth communication.
  • Improvements in banner reading to avoid fatal failures, ensuring a secure and reliable login.
  • Optimizations in building with DROPBEAR_RSA disabled, improving efficiency in different configurations.
  • Reorganized source files in the src/ subdirectory and added more tests for disabled options.
  • Added support for strict key exchange (strict KEX).
  • Fixed several “2038 issues” (Y2038).

If you are interested in knowing more about it, you can check the details In the following link.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.