Recientemente the release of the new version of the thin server and SSH client "Dropbear 2020.79" was presented, which highlights some implementations of new digital signature algorithms, as well as some new protocols.
For those who are unfamiliar with Dropbear, they should know that this is a software package that provides a Secure Shell compliant server and client. It is designed as a replacement for OpenSSH standard for environments with low memory and processor resources, such as embedded systems. It is a core component of OpenWrt and other router layouts.
About Dropbear
This package is distributed under the MIT license. dropbear characterized by low memory consumption (with a static link to uClibc that only requires 110kB), the ability to disable unnecessary functionality at the compilation stage, and support for compiling the client and server into an executable file, similar to busybox.
dropbear supports X11 redirection, supports OpenSSH key file (~ / .ssh / Authorizedkeys) and can create multiple connections with forwarding through a passthrough host.
dropbear implements the full SSH version 2 protocol on both the client and the server. It is not compatible with version 1 of SSH backwards compatibility in order to save space and resources, and to avoid security vulnerabilities inherent in the version of SSH is also implemented.
SFTP support is based on a binary file that can be provided by OpenSSH or similar programs. FISH works in any case and is compatible with Konqueror.
Main news of Dropbear 2020.79
In this new version, it stands out the solution to the vulnerability CVE-2018-20685, which was fixed in SCP, which allowed to change access rights to destination directory when the server returned a directory with an empty name or period. Upon receiving the command "D0777 0 \ n" or "D0777 0. \ N" from the server, the client applied a change of access rights to the current directory.
As for the changes presented, we can find that added support for Ed25519 digital signature algorithm on host keys and authorized keys.
Added support for authentication protocol based on ChaCha20 stream encryption algorithms and Poly1305 message authentication developed by Daniel Bernstein.
As well as support for the rsa-sha2 digital signature format, which, due to the discontinuation of ssh-1 support, will soon be mandatory for OpenSSH (existing RSA keys can work with the new formats without changing the host keys / keys_key).
Of the other changes that are presented in this new version:
- The implementation of curve25519 has been replaced by a more compact version of the TweetNaCl project.
- Added support for AES GCM (disabled by default).
- CBC, 3DES, hmac-sha1-96, and x11 redirect ciphers are disabled by default.
- Fixed compatibility issues with the IRIX operating system.
- Added API to specify public keys directly instead of using authorized_keys.
Finally, if you are interested in knowing more about it, you can check the details of this launch by heading To the next link.
How to install Dropbear on Linux?
For those who are interested in being able to install this package on their system, they should know that the current version is only available in source code for download and compilation.
If you want to compile yourself, you can get the source code from the following link.
Although, it is also important to mention that the package is inside some of the Linux distributions, which will not take long to be updated (a matter of days).
In the case of those who are Arch Linux users, as well as derivatives of it (such as Manjaro, Arco Linux, ArchBang, Netrunner, etc).
They can install the package directly from Arch Linux repositories, you can do this by typing the following command:
sudo pacman -S dropbear
In the case of Debian, Ubuntu and derivatives of these:
sudo apt install dropbear
In the case of those that are Fedora users:
sudo dnf install dropbear
Hello,
the title is wrong. Dropbear is a thin server, not a client.
Greetings.