Skip to content

Instantly share code, notes, and snippets.

@avoidik

avoidik/README.md

Created October 20, 2022 14:40
Show Gist options
  • Save avoidik/d360fa6febafb7b5ddbfbad89272ef1a to your computer and use it in GitHub Desktop.
Save avoidik/d360fa6febafb7b5ddbfbad89272ef1a to your computer and use it in GitHub Desktop.
Download ZIP
Build dropbear on Ubuntu from source
Raw
README.md

Install all required packages

sudo apt-get install build-essential zlib1g-dev libssl-dev libcrypt-dev libpam-dev libtomcrypt-dev libtommath-dev git

Clone the repo

git clone --depth 1 https://github.com/mkj/dropbear.git -b DROPBEAR_2022.82
cd dropbear

Adjust source package configuration

./configure

We can disable or enable features on this level

./configure \
    --enable-static \
    --prefix=/opt/dropbear \
    --disable-syslog \
    --disable-lastlog \
    --disable-utmp \
    --disable-utmpx \
    --disable-wtmp \
    --disable-wtmpx \
    --disable-zlib

Prepare local configuration

cat <<-'EOF' > localoptions.h
#define DSS_PRIV_FILENAME "/opt/dropbear/etc/dropbear_dss_host_key"
#define RSA_PRIV_FILENAME "/opt/dropbear/etc/dropbear_rsa_host_key"
#define ECDSA_PRIV_FILENAME "/opt/dropbear/etc/dropbear_ecdsa_host_key"
#define ED25519_PRIV_FILENAME "/opt/dropbear/etc/dropbear_ed25519_host_key"
#define DO_MOTD 0
EOF

You can find all available options inside the default_options.h file

Compile & install

make STATIC=1 MULTI=1
make strip STATIC=1 MULTI=1
make install STATIC=1 MULTI=1

This way we build MULTI or in other words all-in-one static binary. In fact the last step has created a bunch of symlinks, similar to busybox

ln -s /opt/dropbear/bin/dropbearmulti /opt/dropbear/sbin/dropbear
ln -s /opt/dropbear/bin/dropbearmulti /opt/dropbear/bin/dbclient
ln -s /opt/dropbear/bin/dropbearmulti /opt/dropbear/bin/dropbearkey
ln -s /opt/dropbear/bin/dropbearmulti /opt/dropbear/bin/dropbearconvert

We can reuse existing host-keys from openssh

mkdir -p /opt/dropbear/etc/
./dropbearmulti dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key /opt/dropbear/etc/dropbear_rsa_host_key
./dropbearmulti dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key /opt/dropbear/etc/dropbear_dss_host_key

Or generate new host-keys

mkdir -p /opt/dropbear/etc/
./dropbearmulti dropbearkey -t rsa -f /opt/dropbear/etc/dropbear_rsa_host_key
./dropbearmulti dropbearkey -t dss -f /opt/dropbear/etc/dropbear_dss_host_key

Or do not generate them at all, this way dropbear daemon will generate them at startup automatically

dropbear -R -p 2222 -W 65536 -F -K 5 -I 10 -B

With host-keys in place

dropbear \
  -d /opt/dropbear/etc/dropbear_dss_host_key \
  -r /opt/dropbear/etc/dropbear_rsa_host_key \
  -p 2222 -W 65536 -F -K 5 -I 10 -B

This way we run dropbear ssh daemon:

  • In the context of current user (multi-user is only possible with root privileges)
  • On port 2222 in foreground
  • With keep-alive of 5 seconds
  • With timeout after 10 seconds of inactivity
  • Blank passwords allowed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment