Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

if you change the hostkey from RSA to ED25519 dropbear unexpectedly closes the connection #219

Closed
sparksofinsanity opened this issue Feb 12, 2023 · 5 comments
Closed

if you change the hostkey from RSA to ED25519 dropbear unexpectedly closes the connection #219

sparksofinsanity opened this issue Feb 12, 2023 · 5 comments
Labels
bug regression

Comments

@sparksofinsanity
Copy link

sparksofinsanity commented Feb 12, 2023
edited
Loading

Hi, if you change the format of the hostkey in dropbear from RSA to ED25519 and the client already has the RSA fingerprint stored in the ~/.ssh/known_hostst the dropbear server unexpectedly closes the connection.

root@DD-WRT:~# dropbearkey -t rsa -f ~/.ssh/ssh_host_rsa_key
Generating 2048 bit rsa key, this may take a while...
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCt461oMsbyXY53xDfvBUN2h46C42AxHaNiUcWYmb6vW55KJUM1KFRyI0kXQdjXwOp8f7GjEdVtpW9yZwBsA3B+qI2O5fiBUiFs26hl6mkyKFB+7ieXJ9NY5zbOfTcdVcmMQ2zNdkVdMdRqKY6O+AER7VFx4cyKnZraqqjRcmzSn+48MU3udIcbPCpUv7/KBS6Pd1DTdUQ36a7CGFURHo5+AG5tqylO5bbmMeCaY3v53niEtx1u+1Kz9pMD+DGR7xITyGEMqdW6nYI69qqwD0JGs1aMAVyCJhQ9DAZTCJ3UQ0RPTqe+yiDwMxRKTLRwZS4a6JafC4g5sU87r79JY7VH root@DD-WRT
Fingerprint: SHA256:97XiXZ/D8r9E6WiyeSbSA5ZD7CFAgW2cNwioa8cEdsc

root@DD-WRT:~# dropbear -b /tmp/loginprompt -r ~/.ssh/ssh_host_rsa_key -p 24 -s


:~$ ssh root@192.168.1.1 -p 24
The authenticity of host '[192.168.1.1]:24 ([192.168.1.1]:24)' can't be established.
RSA key fingerprint is SHA256:97XiXZ/D8r9E6WiyeSbSA5ZD7CFAgW2cNwioa8cEdsc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[192.168.1.1]:24' (RSA) to the list of known hosts.
DD-WRT v3.0-r51648 std (c) 2023 NewMedia-NET GmbH
Release: 02/10/23
Board: Netgear R7800
==========================================================
 
     ___  ___     _      _____  ______       ____  ___ 
    / _ \/ _ \___| | /| / / _ \/_  __/ _  __|_  / / _ \
   / // / // /___/ |/ |/ / , _/ / /   | |/ //_ <_/ // /
  /____/____/    |__/|__/_/|_| /_/    |___/____(_)___/ 
                                                     
                       DD-WRT v3.0
                   https://www.dd-wrt.com


==========================================================


BusyBox v1.36.0 (2023-02-10 21:22:39 +07) built-in shell (ash)

root@DD-WRT:~# exit


root@DD-WRT:~# dropbearkey -t ed25519 -f ~/.ssh/ssh_host_ed25519_key2
Generating 256 bit ed25519 key, this may take a while...
Public key portion is:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAV6T49pDyNPmMD7WES3vY+YddllvVhwlKAa2GM5wl8n root@DD-WRT
Fingerprint: SHA256:SFvwO0gDV0TQ2zNWXcf6qcYEKrJLs+ldmZiwS2zgIgc

root@DD-WRT:~# dropbear -b /tmp/loginprompt -r ~/.ssh/ssh_host_ed25519_key2 -p 24 -s

:~$ ssh root@192.168.1.1 -p 24 -v
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 24.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type 3
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
debug1: Remote protocol version 2.0, remote software version dropbear_2022.83
debug1: no match: dropbear_2022.83
debug1: Authenticating to 192.168.1.1:24 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 192.168.1.1 port 24

:~$ rm ~/.ssh/known_hosts
:~$ ssh root@192.168.1.1 -p 24 
The authenticity of host '[192.168.1.1]:24 ([192.168.1.1]:24)' can't be established.
ED25519 key fingerprint is SHA256:SFvwO0gDV0TQ2zNWXcf6qcYEKrJLs+ldmZiwS2zgIgc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[192.168.1.1]:24' (ED25519) to the list of known hosts.

root@DD-WRT:~# dropbear -V
Dropbear v2022.83

the same happens with version 2022.82 from entware and openwrt

root@OpenWrt:/etc/config# /usr/sbin/dropbear -r /etc/dropbear/dropbear_rsa_host_key -p 24

root@OpenWrt:/etc/config# exit


:~$ ssh root@192.168.1.1 -p 24
The authenticity of host '[192.168.1.1]:24 ([192.168.1.1]:24)' can't be established.
RSA key fingerprint is SHA256:N3YND9q1p7bo4fBF73ZUKRaUoN6MOGMZrjt33jwiXG0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[192.168.1.1]:24' (RSA) to the list of known hosts.


BusyBox v1.36.0 (2023-02-09 02:16:51 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r22036-1a145ccb0a
 -----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:~#

root@OpenWrt:~# /usr/sbin/dropbear -r /etc/dropbear/dropbear_ed25519_host_key -p 24

:~$ ssh root@192.168.1.1 -p 24
Connection closed by 192.168.1.1 port 24

expected behavior, here based on an openssh server

:~$ ssh root@192.168.1.110
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:+SFvwO0gDV0TQ2zNWXcf6qcYEKrJLs+ldmZiwS2zgIgc.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/user/.ssh/known_hosts:1
  remove with:
  ssh-keygen -f "/home/user/.ssh/known_hosts" -R "192.168.1.110"
ED25519 host key for 192.168.1.110 has changed and you have requested strict checking.
Host key verification failed.

this seems to be a bug in dropbear?

best regards
@mkj
Copy link
Owner

mkj commented Feb 12, 2023
edited
Loading

Is there any log message on the dropbear server side when it gets Connection closed? In /var/log/auth.log or /var/log/syslog or similar. Or run dropbear -F -E and it will log to stderr. Thanks

@sparksofinsanity
Copy link
Author

In the syslog of dd-wrt I only see the following

Feb 12 14:49:32 DD-WRT authpriv.info dropbear[11360]: Child connection from 192.168.1.100:57896

no error message..

root@DD-WRT:~# dropbear -b /tmp/loginprompt -r ~/.ssh/ssh_host_ed25519_key2 -p 24 -s -F -E
[11401] Feb 12 14:51:38 Not backgrounding
[11404] Feb 12 14:51:42 Child connection from 192.168.1.100:42050
Aiee, segfault! You should probably report this as a bug to the developer

@mkj mkj closed this as completed in a113381 Feb 12, 2023
@mkj
Copy link
Owner

mkj commented Feb 12, 2023

Thanks, that should be fixed in the next release.

@sparksofinsanity
Copy link
Author

sparksofinsanity commented Feb 12, 2023
edited
Loading

thank you very much!
I will test it

Edit: I can confirm that the fix works
https://svn.dd-wrt.com/changeset/51691

@habnabit
Copy link

this fixes an error that i'd been seeing too:

[26525] Feb 19 13:17:04 Exit before auth from <127.0.0.1:49626>: Failed assertion (rsa.c:164): `key != NULL'

nice timing on fixing it!
seemed to be related to twisted+conch/golang ssh clients sending the list of host keys they accepted eagerly upon connection before the server reported what host keys they offered. (openssh seems to wait for the server, and only sends back the host key types the server reports.) when ssh-rsa was in that list and dropbear only had a ed25519 host key, the server process barfed as above. when the client was told to only allow ssh-ed25519 host keys, kex would proceed as normal.

(posting this so others can find the bug by the log line i saw)

@Osndok Osndok mentioned this issue Feb 24, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug regression
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@habnabit @mkj @sparksofinsanity and others