Dropbear (software)

Last updated
Dropbear
Developer(s) Matt Johnston
Initial releaseApril 2003, 06;21 years ago (06-04-2003)
Stable release
2024.84 [1]   OOjs UI icon edit-ltr-progressive.svg / 4 April 2024
Repository
Written in C
Operating system Unix-like
Type Remote access
License MIT license
Website matt.ucc.asn.au/dropbear/dropbear.html

Dropbear is a software package written by Matt Johnston that provides a Secure Shell-compatible server and client. [2] It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems. It is a core component of OpenWrt and other router distributions.

Contents

Dropbear was originally released in April 2003.

Technology

Dropbear implements version 2 of the Secure Shell (SSH) protocol. [3]

The cryptographic algorithms are implemented using third-party cryptographic libraries like LibTomCrypt included internally in the Dropbear distribution. It derives some parts from OpenSSH to handle BSD-style pseudo terminals. [4]

Features

Dropbear implements the complete SSH version 2 protocol in both the client and the server. [5] [6] It does not support SSH version 1 backwards-compatibility in order to save space and resources, and to avoid the inherent security vulnerabilities in SSH version 1. SCP is also implemented. [7] SFTP support relies on a binary file which can be provided by OpenSSH or similar programs. FISH works in any case and is supported by Konqueror.

Dropbear supports elliptic curve cryptography for key exchange, as of version 2013.61test and beyond. [8]

See also

Related Research Articles

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

<span class="mw-page-title-main">Daniel J. Bernstein</span> American mathematician, cryptologist and computer scientist (born 1971)

Daniel Julius Bernstein is an American mathematician, cryptologist, and computer scientist. He is a visiting professor at CASA at Ruhr University Bochum, as well as a research professor of Computer Science at the University of Illinois at Chicago. Before this, he was a visiting professor in the department of mathematics and computer science at the Eindhoven University of Technology.

lsh is a copyleft implementation of the Secure Shell (SSH) protocol version 2, by the GNU Project including both server and client programs. Featuring Secure Remote Password protocol (SRP) as specified in secsh-srp besides, public-key authentication. Kerberos is somewhat supported as well. Currently however for password verification only, not as a single sign-on (SSO) method.

In computing, the SSH File Transfer Protocol is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capabilities, and is seen as a replacement of File Transfer Protocol (FTP) due to superior security. The IETF Internet Draft states that, even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications.

Secure copy protocol (SCP) is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol. "SCP" commonly refers to both the Secure Copy Protocol and the program itself.

FTPS is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer cryptographic protocols.

NX technology, commonly known as NX or NoMachine, is a remote access and remote control computer software allowing remote desktop access and maintenance of computers. It is developed by the Luxembourg-based company NoMachine S.à r.l.. NoMachine is proprietary software and is free-of-charge for non-commercial use.

<span class="mw-page-title-main">WinSCP</span> File transfer software for Windows

WinSCP is a file manager, SSH File Transfer Protocol (SFTP), File Transfer Protocol (FTP), WebDAV, Amazon S3, and secure copy protocol (SCP) client for Microsoft Windows. The WinSCP project has released its source code on GitHub under an open source license, while the program itself is distributed as proprietary freeware.

<span class="mw-page-title-main">Forward secrecy</span> Practice in cryptography

In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key-agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised, limiting damage. For HTTPS, the long-term secret is typically the private key of the server. Forward secrecy protects past sessions against future compromises of keys or passwords. By generating a unique session key for every session a user initiates, the compromise of a single session key will not affect any data other than that exchanged in the specific session protected by that particular key. This by itself is not sufficient for forward secrecy which additionally requires that a long-term secret compromise does not affect the security of past session keys.

An SSH client is a software program which uses the secure shell protocol to connect to a remote computer. This article compares a selection of notable clients.

In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security and designed for use with the Elliptic-curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software.

DNSCurve is a proposed secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein. It encrypts and authenticates DNS packets between resolvers and authoritative servers.

An SSH server is a software program which uses the Secure Shell protocol to accept connections from remote computers. SFTP/SCP file transfers and remote terminal connections are popular use cases for an SSH server.

ssh-keygen is a standard component of the Secure Shell (SSH) protocol suite found on Unix, Unix-like and Microsoft Windows computer systems used to establish secure shell sessions between remote computers over insecure networks, through the use of various cryptographic techniques. The ssh-keygen utility is used to generate, manage, and convert authentication keys.

<span class="mw-page-title-main">OpenSSH</span> Set of computer programs providing encrypted communication sessions

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

The Transport Layer Security (TLS) protocol provides the ability to secure communications across or inside networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature schemes without sacrificing security. It was developed by a team including Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. The reference implementation is public-domain software.

wolfSSH is a small, portable, embedded SSH library targeted for use by embedded systems developers. It is an open-source implementation of SSH written in the C language. It includes SSH client libraries and an SSH server implementation. It allows for password and public key authentication.

Bitvise is a proprietary secure remote access software developed for Windows and available as a client and server. The software is based on the Secure Shell (SSH) protocol, which provides a secure channel over an insecure network in a client-server architecture.

References

  1. https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2024.84.{{cite web}}: Missing or empty |title= (help)
  2. "VA Technical Reference Model v 24.4. Dropbear Secure Shell (SSH) Server". oit.va.gov. 2019-09-04. Retrieved 2024-06-27.
  3. "dropbear(8)". Ubuntu . Retrieved 2020-05-23.
  4. Matt Johnston. "Dropbear SSH" . Retrieved 2020-05-23. PTY handling code is taken from OpenSSH
  5. Liu, Dale (2011-04-18). Next Generation SSH2 Implementation: Securing Data in Motion. Syngress. ISBN   978-0-08-057000-6.
  6. Aufranc, Jean-Luc (October 6, 2011). "Dropbear: Lightweight SSH Server". CodingHW. Retrieved 2024-06-27.
  7. Matt Johnston (2004-06-01). "Makefile.in contains updated files required" . Retrieved 2020-05-23.
  8. "CHANGES". 14 November 2013. Retrieved 2020-05-23. ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to be generated) and ECDH for setting up encryption keys[...]
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.